diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-11-01 22:23:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-01 22:23:32 +0100 |
| commit | 3147ff829b3d43c4bb3a32e09e2e3fae13ccd6f4 (patch) | |
| tree | 84d7ce31996dc062842058a0724d5b34f63dc993 | |
| parent | 85bad0cc7c68b71ab7ddb6ed09b862145c6c6d0e (diff) | |
| parent | 9c34bd52fd0559c7845bfded3a349b776526d3c2 (diff) | |
| download | podman-3147ff829b3d43c4bb3a32e09e2e3fae13ccd6f4.tar.gz podman-3147ff829b3d43c4bb3a32e09e2e3fae13ccd6f4.tar.bz2 podman-3147ff829b3d43c4bb3a32e09e2e3fae13ccd6f4.zip | |
Merge pull request #12139 from cevich/add_rootless_sshkey
Cirrus: Authorize rootless user self-ssh
| -rw-r--r-- | contrib/cirrus/lib.sh | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 9a7bfba8f..9b7c613f5 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -143,6 +143,8 @@ setup_rootless() { local rootless_uid local rootless_gid local env_var_val + local akfilepath + local sshcmd # Only do this once; established by setup_environment.sh # shellcheck disable=SC2154 @@ -169,24 +171,25 @@ setup_rootless() { ssh-keygen -P "" -f "$HOME/.ssh/id_rsa" msg "Allowing ssh key for $ROOTLESS_USER" + akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys" (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh") chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \ - "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys" + "$HOME/.ssh/id_rsa.pub" "$akfilepath" # Makes debugging easier - cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys" - - msg "Configuring subuid and subgid" - grep -q "${ROOTLESS_USER}" /etc/subuid || \ - echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \ - tee -a /etc/subuid >> /etc/subgid + cat /root/.ssh/authorized_keys >> "$akfilepath" msg "Ensure the ssh daemon is up and running within 5 minutes" systemctl start sshd - lilto ssh $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/dev/null \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no true + sshcmd="ssh $ROOTLESS_USER@localhost + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o CheckHostIP=no" + lilto $sshcmd true # retry until sshd is up + + msg "Configuring rootless user self-access to ssh to localhost" + $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa" + cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath" } install_test_configs() { |