net-ssh: Use two-pass method to install an authorized key for root

ff66f763 · Paul Wolneykien · Anton Midyukov · 0feda29c · ff66f763 · ff66f763
Commit ff66f763 authored Nov 11, 2022 by Paul Wolneykien Committed by Anton Midyukov Jan 05, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

generate.mk features.in/net-ssh/generate.mk +3 -3

51-root-ssh-key features.in/net-ssh/rootfs/image-scripts.d/51-root-ssh-key +10 -0

No files found.
--- a/features.in/net-ssh/generate.mk
+++ b/features.in/net-ssh/generate.mk
@@ -3,11 +3,11 @@ ifneq (,$(BUILDDIR))
 include $(BUILDDIR)/distcfg.mk

 # prepare the provided public SSH key to be carried over into the image
-all: SSH_DIR = $(BUILDDIR)/files/root/.ssh
+all: TMPDIR = $(BUILDDIR)/files/tmp
 all:
 	@if [ -s "$(SSH_KEY)" ]; then \
-		mkdir -pm0700 "$(SSH_DIR)"; \
-		install -pm0600 "$(SSH_KEY)" "$(SSH_DIR)/authorized_keys"; \
+		mkdir -p "$(TMPDIR)"; \
+		cp -v "$(SSH_KEY)" "$(TMPDIR)/root_ssh_key.pub"; \
 	fi

 endif
--- a/features.in/net-ssh/rootfs/image-scripts.d/51-root-ssh-key
+++ b/features.in/net-ssh/rootfs/image-scripts.d/51-root-ssh-key
+#!/bin/sh -efu
+
+TMPDIR=/tmp
+SSH_DIR=/root/.ssh
+
+if [ -e "$TMPDIR/root_ssh_key.pub" ]; then
+    mkdir -pm0700 "$SSH_DIR"
+    install -v -pm0600 "$TMPDIR/root_ssh_key.pub" "$SSH_DIR/authorized_keys"
+    rm -fv "$TMPDIR/root_ssh_key.pub"
+fi