diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-07 14:58:11 +0100 | 
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2022-01-07 16:52:12 +0100 | 
| commit | 41dc989676347f8d100a5393e68a648d67d682ea (patch) | |
| tree | bbd7ca5c325a51346bf30170d27a74a3cd64e389 /sbin/itzks-update-disklserver-squashfs-images | |
| parent | a84d6ec0f50578b767ea123e223259d35dc117f2 (diff) | |
| download | itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.tar.gz itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.tar.bz2 itzks-systems-41dc989676347f8d100a5393e68a648d67d682ea.zip | |
sbin/itzks-update-disklserver-squashfs-images: Deploy SSH key file(s) and authorized_keys file into DLW chroot.
Diffstat (limited to 'sbin/itzks-update-disklserver-squashfs-images')
| -rwxr-xr-x | sbin/itzks-update-disklserver-squashfs-images | 25 | 
1 files changed, 25 insertions, 0 deletions
| diff --git a/sbin/itzks-update-disklserver-squashfs-images b/sbin/itzks-update-disklserver-squashfs-images index cfe229c..73c1ae7 100755 --- a/sbin/itzks-update-disklserver-squashfs-images +++ b/sbin/itzks-update-disklserver-squashfs-images @@ -63,6 +63,31 @@ for chroot in ${ltsp_chroots}; do  		continue  	fi +	# several chroot preparations (also helpful when directly booting the nfsroot)... + +	# These preparations run with every script execution (i.e. daily via CRON) to make sure the +	# NFS chroot is updated. + +	# Copy an appropriate SSH secret key for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/id_<crypto>. +	# Currently we prefer disklserver:/root/.ssh/id_<crypto>.DLW and fall back to the host's private key file +	# (i.e. disklserver:/root/.ssh/id_<crypto>). +	for priv_key_file in id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk d_rsa; do + +		if [ -e "/root/.ssh/${priv_key_file}.DLW" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then +			cp "/root/.ssh/${priv_key_file}.DLW" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" +		elif [ -e "/root/.ssh/${priv_key_file}" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then +			cp "/root/.ssh/${priv_key_file}" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" +		fi + +	done + +	# Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys) +	# Use host's authorized_keys file for granting DLW access via SSH as root without password +	if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then +		cp "/root/.ssh/authorized_keys" "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" +	fi + +	# Create the SquashFS image (if an update is required)  	if [ -e "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created" ]; then  		echo "chroot ${LTSP_OPT}/${chroot}'s squashfs image is up-to-date. Skipping..."  	else | 
