summaryrefslogtreecommitdiff
path: root/meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass
blob: 29073f0eb2a7e6e7ad12ba8d2b7d0d27bccb855a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

####
# Copyright 2020 Hewlett Packard Enterprise Development LP.
# Copyright 2021 Intel Corporation
#
# Add a basic class to add a privileged user from an ssh
# standpoint and a public key passed as an input parameter
# from the local.conf file
# Example:
# INHERIT += "phosphor-deploy-ssh-keys"
#
# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub"
# or
# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub"
####

inherit useradd_base

IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"

deploy_local_user () {
    if [ "${SSH_KEYS}" == "" ]; then
        bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"
        return
    fi

    ssh_keys="${SSH_KEYS}"
    while [ "${ssh_keys}" != "" ]; do
        current_key=`echo "$ssh_keys" | cut -d ';' -f1`
        ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-`

        username=`echo "$current_key" | awk -F":" '{ print $1}'`
        key_path=`echo "$current_key" | awk -F":" '{ print $2}'`

        if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then
            perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"
        fi

        if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then
            install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/
        fi

        if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then
            install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        else
            cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        fi

        uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'`
        guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'`

        chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh
        chmod 600  ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh

        is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true`

        if [ -z "${is_group}" ]; then
            perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"
        fi

        perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"
    done
}
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-05 10:04:14 +0300