From b99cc2520a60a06f58f98cff11b13fe48113099e Mon Sep 17 00:00:00 2001
From: nearxos <nearxos@localhost>
Date: Fri, 20 Feb 2026 12:28:54 +0200
Subject: [PATCH] Enhance network boot setup script and documentation: automate
 fetching of Raspberry Pi 4 boot files from GitHub, update TFTP root handling,
 and improve user instructions for setup. Remove manual steps for file
 retrieval and clarify echo messages in the setup script.

---
 .../docs/NETWORK-BOOT-LXC.md                  | 19 ++++----
 .../scripts/populate-tftpboot-from-git.sh     | 47 +++++++++++++++++++
 .../scripts/setup-network-boot-on-lxc.sh      | 26 +++++++---
 3 files changed, 77 insertions(+), 15 deletions(-)
 create mode 100755 chromium-setup/emmc-provisioning/scripts/populate-tftpboot-from-git.sh

diff --git a/chromium-setup/emmc-provisioning/docs/NETWORK-BOOT-LXC.md b/chromium-setup/emmc-provisioning/docs/NETWORK-BOOT-LXC.md
index 7b038fd..e7b78a8 100644
--- a/chromium-setup/emmc-provisioning/docs/NETWORK-BOOT-LXC.md
+++ b/chromium-setup/emmc-provisioning/docs/NETWORK-BOOT-LXC.md
@@ -42,9 +42,9 @@ The script will:
 
 - Install **dnsmasq** (DHCP + TFTP).
 - Configure dnsmasq to listen only on **eth1**, with a DHCP range and TFTP root.
-- Create `/srv/tftpboot` and optionally fetch Raspberry Pi boot files (or tell you how).
+- Create `/srv/tftpboot` and **fetch Raspberry Pi 4 boot files from GitHub** (raspberrypi/firmware, `boot/` folder) if not already present.
 - Enable **IPv4 forwarding** and **NAT** (nftables) so clients on eth1 use eth0 for internet.
-- Enable and start the **dnsmasq** and **nftables** (or apply rules) services.
+- Enable and start the **dnsmasq** service.
 
 ## Proxmox: adding eth1 to the LXC
 
@@ -74,16 +74,17 @@ Your current LXC already has eth0 (10.130.60.141) and eth1 (10.20.50.1); the set
 
 ## TFTP boot files (Raspberry Pi 4 / CM4)
 
-The TFTP root (e.g. `/srv/tftpboot`) must contain the Raspberry Pi firmware boot files, for example:
+The setup script **automatically downloads** the official Raspberry Pi firmware `boot/` folder from GitHub (https://github.com/raspberrypi/firmware) into `/srv/tftpboot` when `start4cd.elf` is missing. No manual copy is needed.
 
-- `start4.elf`, `fixup4.dat` (or `start4cd.elf`, `fixup4cd.dat`)
-- `config.txt`, `cmdline.txt`
-- `kernel8.img` (64-bit) or `kernel7l.img` (32-bit)
+To refresh or populate TFTP without re-running the full setup:
 
-You can:
+```bash
+./chromium-setup/emmc-provisioning/scripts/populate-tftpboot-from-git.sh root@<LXC-IP>
+```
 
-- Run the script’s step that downloads the boot files from the official Raspberry Pi firmware repo, or
-- Copy them from a Raspberry Pi OS `/boot/firmware` (or `/boot`) into `/srv/tftpboot` on the LXC.
+(Remove `/srv/tftpboot/start4cd.elf` on the LXC first if you want a full re-fetch.)
+
+The TFTP root contains e.g. `start4cd.elf`, `fixup4cd.dat`, `config.txt`, `cmdline.txt`, `kernel8.img`, and other boot files. For a custom kernel or initramfs (e.g. for provisioning), add or replace files in `/srv/tftpboot` and adjust `config.txt` / `cmdline.txt` as needed.
 
 ## Summary
 
diff --git a/chromium-setup/emmc-provisioning/scripts/populate-tftpboot-from-git.sh b/chromium-setup/emmc-provisioning/scripts/populate-tftpboot-from-git.sh
new file mode 100755
index 0000000..f77bfd7
--- /dev/null
+++ b/chromium-setup/emmc-provisioning/scripts/populate-tftpboot-from-git.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+# Populate /srv/tftpboot with Raspberry Pi 4 / CM4 boot files from the official firmware repo.
+# Run inside the LXC (as root), or from your machine: ./populate-tftpboot-from-git.sh root@10.130.60.141
+# Requires: curl or wget, tar; the LXC must have internet (eth0).
+
+set -e
+TARGET="${1:-}"
+FIRMWARE_URL="https://github.com/raspberrypi/firmware/archive/refs/heads/master.tar.gz"
+TFTP_ROOT="${TFTP_ROOT:-/srv/tftpboot}"
+
+do_populate() {
+  echo "Populating $TFTP_ROOT from Raspberry Pi firmware (GitHub) ..."
+  mkdir -p "$TFTP_ROOT"
+  if [[ -f "$TFTP_ROOT/start4cd.elf" ]]; then
+    echo "start4cd.elf already present; skipping download (remove it to re-fetch)."
+    return 0
+  fi
+  if ! command -v curl >/dev/null 2>&1 && ! command -v wget >/dev/null 2>&1; then
+    echo "Installing curl ..."
+    apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq curl
+  fi
+  local tmpdir
+  tmpdir=$(mktemp -d)
+  trap "rm -rf $tmpdir" EXIT
+  if command -v curl >/dev/null 2>&1; then
+    curl -sL "$FIRMWARE_URL" -o "$tmpdir/firmware.tar.gz"
+  else
+    wget -q -O "$tmpdir/firmware.tar.gz" "$FIRMWARE_URL"
+  fi
+  tar xzf "$tmpdir/firmware.tar.gz" -C "$tmpdir"
+  if [[ ! -d "$tmpdir/firmware-master/boot" ]]; then
+    echo "Error: boot folder not found in archive"
+    exit 1
+  fi
+  cp -a "$tmpdir/firmware-master/boot/." "$TFTP_ROOT/"
+  echo "Copied boot files to $TFTP_ROOT ($(ls "$TFTP_ROOT" | wc -l) items)."
+  ls -la "$TFTP_ROOT"/start4*.elf "$TFTP_ROOT"/fixup4*.dat "$TFTP_ROOT"/config.txt 2>/dev/null || true
+}
+
+if [[ -n "$TARGET" ]]; then
+  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+  scp "$SCRIPT_DIR/populate-tftpboot-from-git.sh" "$TARGET:/tmp/populate-tftpboot.sh"
+  ssh "$TARGET" "bash /tmp/populate-tftpboot.sh"
+  exit 0
+fi
+
+do_populate
diff --git a/chromium-setup/emmc-provisioning/scripts/setup-network-boot-on-lxc.sh b/chromium-setup/emmc-provisioning/scripts/setup-network-boot-on-lxc.sh
index 2beee2d..bfdea87 100755
--- a/chromium-setup/emmc-provisioning/scripts/setup-network-boot-on-lxc.sh
+++ b/chromium-setup/emmc-provisioning/scripts/setup-network-boot-on-lxc.sh
@@ -14,7 +14,7 @@ if [[ -n "$TARGET" ]]; then
   rsync -a "$REPO_DIR/lxc/" "$TARGET:/tmp/cm4-network-boot-lxc/" --exclude='.git'
   scp "$SCRIPT_DIR/setup-network-boot-on-lxc.sh" "$TARGET:/tmp/cm4-network-boot-lxc/setup.sh"
   ssh "$TARGET" "bash /tmp/cm4-network-boot-lxc/setup.sh"
-  echo "Done. Next: ensure /srv/tftpboot has RPi boot files (see docs/NETWORK-BOOT-LXC.md)."
+  echo "Done."
   exit 0
 fi
 
@@ -42,12 +42,26 @@ log-queries
 port=0
 DNSMASQ
 
-# 3) TFTP root and minimal placeholder so TFTP serves something
+# 3) TFTP root: fetch Raspberry Pi 4 boot files from GitHub if missing
 mkdir -p /srv/tftpboot
 if [[ ! -f /srv/tftpboot/start4cd.elf ]]; then
-  echo "TFTP root /srv/tftpboot is empty. You need Raspberry Pi 4 boot files (start4cd.elf, fixup4cd.dat, config.txt, cmdline.txt, kernel8.img)."
-  echo "Download from: https://github.com/raspberrypi/firmware/ (branch master, boot/ folder) and copy into /srv/tftpboot"
-  echo "Or from a Pi: scp -r pi@<pi>:/boot/firmware/* root@<lxc>:/srv/tftpboot/"
+  echo "Fetching Raspberry Pi firmware boot files from GitHub ..."
+  if ! command -v curl >/dev/null 2>&1 && ! command -v wget >/dev/null 2>&1; then
+    apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq curl
+  fi
+  tmpdir=$(mktemp -d)
+  trap "rm -rf $tmpdir" EXIT
+  if command -v curl >/dev/null 2>&1; then
+    curl -sL "https://github.com/raspberrypi/firmware/archive/refs/heads/master.tar.gz" -o "$tmpdir/firmware.tar.gz"
+  else
+    wget -q -O "$tmpdir/firmware.tar.gz" "https://github.com/raspberrypi/firmware/archive/refs/heads/master.tar.gz"
+  fi
+  tar xzf "$tmpdir/firmware.tar.gz" -C "$tmpdir"
+  cp -a "$tmpdir/firmware-master/boot/." /srv/tftpboot/
+  rm -rf "$tmpdir"
+  echo "Copied RPi boot files to /srv/tftpboot"
+else
+  echo "TFTP root already has boot files (start4cd.elf present), skipping fetch."
 fi
 
 # 4) IP forwarding (LAN clients use WAN)
@@ -87,4 +101,4 @@ systemctl restart dnsmasq
 echo "Network boot setup done."
 echo "  - DHCP + TFTP on eth1 (10.20.50.1), range 10.20.50.100-200"
 echo "  - NAT: 10.20.50.0/24 -> eth0 (internet)"
-echo "  - Put RPi 4 boot files in /srv/tftpboot (see above or docs/NETWORK-BOOT-LXC.md)"
+echo "  - TFTP root: /srv/tftpboot (RPi boot files from GitHub)"