Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / refs/heads/master / . / meta-phosphor / classes / phosphor-deploy-ssh-keys.bbclass
blob: 29073f0eb2a7e6e7ad12ba8d2b7d0d27bccb855a [file] [log] [blame]
Jean-Marie Verdunf2f4f122020-10-26 11:17:06 -0700[diff] [blame]1####
2# Copyright 2020 Hewlett Packard Enterprise Development LP.
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]3# Copyright 2021 Intel Corporation
Jean-Marie Verdunf2f4f122020-10-26 11:17:06 -0700[diff] [blame]4#
5# Add a basic class to add a privileged user from an ssh
6# standpoint and a public key passed as an input parameter
7# from the local.conf file
8# Example:
9# INHERIT += "phosphor-deploy-ssh-keys"
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]10#
11# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub"
12# or
13# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub"
Jean-Marie Verdunf2f4f122020-10-26 11:17:06 -0700[diff] [blame]14####
15
16inherit useradd_base
17
18IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"
19
20deploy_local_user () {
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]21 if [ "${SSH_KEYS}" == "" ]; then
22 bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"
23 return
24 fi
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]25
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]26 ssh_keys="${SSH_KEYS}"
27 while [ "${ssh_keys}" != "" ]; do
28 current_key=`echo "$ssh_keys" | cut -d ';' -f1`
29 ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-`
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]30
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]31 username=`echo "$current_key" | awk -F":" '{ print $1}'`
32 key_path=`echo "$current_key" | awk -F":" '{ print $2}'`
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]33
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]34 if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then
35 perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"
36 fi
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]37
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]38 if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then
39 install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/
40 fi
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]41
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]42 if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then
43 install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
44 else
45 cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
46 fi
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]47
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]48 uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'`
49 guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'`
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]50
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]51 chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh
52 chmod 600 ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
53 chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]54
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]55 is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true`
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]56
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]57 if [ -z "${is_group}" ]; then
58 perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"
59 fi
Jonathan Doman570ebbb2021-10-18 14:38:45 -0700[diff] [blame]60
Patrick Williamsaf48f632023-03-20 10:13:55 -0500[diff] [blame]61 perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"
62 done
Jean-Marie Verdunf2f4f122020-10-26 11:17:06 -0700[diff] [blame]63}