Home Explore Help
Sign In
mmgen
/
mmgen-geek-tools
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

armbian_rootenc_setup: support user/host specific `authorized_keys` configs

The MMGen Project 1 month ago
parent
a299f6e606
commit
2d420a20af
1 changed files with 12 additions and 15 deletions
Split View Show Diff Stats
  1. 12 15
      scripts/armbian_rootenc_setup.sh

+ 12 - 15
scripts/armbian_rootenc_setup.sh
View File 

@@ -382,14 +382,11 @@ _get_user_vars() {
 
 
 	if [ "$IP_ADDRESS" == 'none' ]; then
 
 		UNLOCKING_USERHOST=
 
-	elif [ -e 'authorized_keys' -a "$USE_LOCAL_AUTHORIZED_KEYS" ]; then
 
-		UNLOCKING_USERHOST=
 
 	else
 
 		_get_user_var 'UNLOCKING_USERHOST' 'USER@HOST' '' \
 
 			"Enter the user@host of the machine you'll be unlocking from:" \
 
 			'\S+@\S+' \
 
-			'malformed USER@HOST' \
 
-			'_test_unlocking_host_available'
 
+			'malformed USER@HOST'
 
 	fi
 
 
 	_get_user_var 'SERIAL_CONSOLE' 'serial console unlocking' '' \
 
@@ -437,15 +434,13 @@ _test_sdcard_mounted() {
 
 }
 
 
 get_authorized_keys() {
 
-	if [ -f 'authorized_keys' ]; then
 
-		rm -rf /tmp/armbian_rootenc_build-authorized_keys_file
 
-		mv 'authorized_keys' /tmp/armbian_rootenc_build-authorized_keys_file
 
-		mkdir 'authorized_keys'
 
-		mv /tmp/armbian_rootenc_build-authorized_keys_file 'authorized_keys'
 
-	fi
 
-	[ -e 'authorized_keys' -a "$USE_LOCAL_AUTHORIZED_KEYS" ] || {
 
-		mkdir -p 'authorized_keys'
 
-		rsync "$UNLOCKING_USERHOST:.ssh/id_*.pub" 'authorized_keys'
 
+	[ -f 'authorized_keys' ] && rm -rf 'authorized_keys' # remove legacy file if present
 
+	authorized_keys_dir="authorized_keys-$UNLOCKING_USERHOST"
 
+	[ -e $authorized_keys_dir -a "$USE_LOCAL_AUTHORIZED_KEYS" ] || {
 
+		_test_unlocking_host_available
 
+		mkdir -p $authorized_keys_dir
 
+		rsync "$UNLOCKING_USERHOST:.ssh/id_*.pub" $authorized_keys_dir
 
+		NEW_AUTHORIZED_KEYS='y'
 
 	}
 
 }
 
 
@@ -580,7 +575,6 @@ _clean() {
 
 	umount_target
 
 	update_config_vars_file
 
 	_close_device_maps 'mounted_on_target'
 
-	[ -e 'authorized_keys' -a -z "$USE_LOCAL_AUTHORIZED_KEYS" ] && shred -u 'authorized_keys'
 
 	remove_build_dir
 
 	[ "$build_success" ] && _print_success_msg
 
 	true
 
@@ -662,6 +656,9 @@ _update_state_from_config_vars() {
 
 	local saved_states cfgvar_changed
 
 	saved_states="$(_print_states)"
 
 	cfgvar_changed=
 
+
 
+	[ "$NEW_AUTHORIZED_KEYS" ] && cfgvar_changed+=' NEW_AUTHORIZED_KEYS' target_configured='n'
 
+
 
 	[ $cARMBIAN_IMAGE != $ARMBIAN_IMAGE ]    && cfgvar_changed+=' ARMBIAN_IMAGE' card_partitioned='n'
 
 	[ $cBOOTPART_LABEL != $BOOTPART_LABEL ]  && cfgvar_changed+=' BOOTPART_LABEL' bootpart_label_created='n'
 
 	[ $cROOTFS_NAME != $ROOTFS_NAME ]        && cfgvar_changed+=' ROOTFS_NAME' target_configured='n'
 
@@ -1180,7 +1177,7 @@ edit_initramfs_modules() {
 
 copy_authorized_keys() {
 
 	local dest="$TARGET_ROOT$dropbear_dir"
 
 	mkdir -p $dest
 
-	/bin/cat authorized_keys/* > "$dest/authorized_keys"
 
+	/bin/cat $authorized_keys_dir/* > "$dest/authorized_keys"
 
 	chmod 644 "$dest/authorized_keys"
 
 	_display_file "$dest/authorized_keys"
 
 }