From f2f4f12c26001beff472cf8f5b81d1bb853bc081 Mon Sep 17 00:00:00 2001
From: Jean-Marie Verdun <jean-marie.verdun@hpe.com>
Date: Mon, 26 Oct 2020 11:17:06 -0700
Subject: meta-phosphor: bbclass to deploy test SSH keys

(From meta-phosphor rev: 75c8dc6f5fc565a92da9129291ea09319e8593a6)

Change-Id: I375e188abbf3115e00d3ace1ad201d9fc11214d9
Signed-off-by: Jean-Marie Verdun <jean-marie.verdun@hpe.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
---
 meta-phosphor/classes/obmc-phosphor-image.bbclass  |  2 +
 .../classes/phosphor-deploy-ssh-keys.bbclass       | 62 ++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass

(limited to 'meta-phosphor/classes')

diff --git a/meta-phosphor/classes/obmc-phosphor-image.bbclass b/meta-phosphor/classes/obmc-phosphor-image.bbclass
index d68fa37e31..b2d3b5ef36 100644
--- a/meta-phosphor/classes/obmc-phosphor-image.bbclass
+++ b/meta-phosphor/classes/obmc-phosphor-image.bbclass
@@ -32,6 +32,8 @@
 # - obmc-debug-collector              - OpenBMC debug collector
 
 inherit core-image
+inherit obmc-phosphor-utils
+inherit phosphor-deploy-ssh-keys
 
 FEATURE_PACKAGES_obmc-bmc-state-mgmt ?= "packagegroup-obmc-apps-bmc-state-mgmt"
 FEATURE_PACKAGES_obmc-bmcweb ?= "packagegroup-obmc-apps-bmcweb"
diff --git a/meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass b/meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass
new file mode 100644
index 0000000000..a85d2ac2d5
--- /dev/null
+++ b/meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass
@@ -0,0 +1,62 @@
+####
+# Copyright 2020 Hewlett Packard Enterprise Development LP.
+#
+#
+# Add a basic class to add a privileged user from an ssh
+# standpoint and a public key passed as an input parameter
+# from the local.conf file
+# Example:
+# INHERIT += "phosphor-deploy-ssh-keys"
+# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;"
+####
+
+inherit useradd_base
+
+IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"
+
+deploy_local_user () {
+        if [ "${SSH_KEYS}" != "" ]; then
+		group_settings="${SSH_KEYS}"
+		current_setting=`echo $group_settings | cut -d ';' -f1`
+		remaining=`echo $group_settings | cut -d ';' -f2-`
+		while test "x$current_setting" != "x"; do
+
+			username=`echo ${SSH_KEYS} | awk -F":" '{ print $1}'`
+			key_path=`echo ${SSH_KEYS} | awk -F":" '{ print $2}'`
+
+			if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then
+				perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"
+			fi
+
+			if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then
+				install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/
+			fi
+
+			if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then
+				install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
+			else
+				cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
+			fi
+
+			uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'`
+			guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'`
+
+			chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh
+			chmod 600  ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
+			chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh
+
+			is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true`
+
+			if [ -z "${is_group}" ]; then
+				perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"
+			fi
+
+			perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"
+
+			current_setting=`echo $remaining | cut -d ";" -f1`
+			remaining=`echo $remaining | cut -d ';' -f2-`
+		done
+	else
+		bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"
+	fi
+}
-- 
cgit v1.2.3