From 41dc989676347f8d100a5393e68a648d67d682ea Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 7 Jan 2022 14:58:11 +0100
Subject: sbin/itzks-update-disklserver-squashfs-images: Deploy SSH key file(s)
 and authorized_keys file into DLW chroot.

---
 sbin/itzks-update-disklserver-squashfs-images | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'sbin')

diff --git a/sbin/itzks-update-disklserver-squashfs-images b/sbin/itzks-update-disklserver-squashfs-images
index cfe229c..73c1ae7 100755
--- a/sbin/itzks-update-disklserver-squashfs-images
+++ b/sbin/itzks-update-disklserver-squashfs-images
@@ -63,6 +63,31 @@ for chroot in ${ltsp_chroots}; do
 		continue
 	fi
 
+	# several chroot preparations (also helpful when directly booting the nfsroot)...
+
+	# These preparations run with every script execution (i.e. daily via CRON) to make sure the
+	# NFS chroot is updated.
+
+	# Copy an appropriate SSH secret key for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/id_<crypto>.
+	# Currently we prefer disklserver:/root/.ssh/id_<crypto>.DLW and fall back to the host's private key file
+	# (i.e. disklserver:/root/.ssh/id_<crypto>).
+	for priv_key_file in id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk d_rsa; do
+
+		if [ -e "/root/.ssh/${priv_key_file}.DLW" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
+			cp "/root/.ssh/${priv_key_file}.DLW" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
+		elif [ -e "/root/.ssh/${priv_key_file}" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
+			cp "/root/.ssh/${priv_key_file}" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
+		fi
+
+	done
+
+	# Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys)
+	# Use host's authorized_keys file for granting DLW access via SSH as root without password
+	if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then
+		cp "/root/.ssh/authorized_keys" "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys"
+	fi
+
+	# Create the SquashFS image (if an update is required)
 	if [ -e "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created" ]; then
 		echo "chroot ${LTSP_OPT}/${chroot}'s squashfs image is up-to-date. Skipping..."
 	else
-- 
cgit v1.2.3