aboutsummaryrefslogtreecommitdiff
path: root/contrib/cirrus
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2021-10-29 11:06:21 -0400
committerChris Evich <cevich@redhat.com>2021-11-01 12:05:05 -0400
commit9c34bd52fd0559c7845bfded3a349b776526d3c2 (patch)
tree7db0b3339da2cde53abed289444723f5a332f7e1 /contrib/cirrus
parent3bc449371c97486620fd368deb906c68cdaf220d (diff)
downloadpodman-9c34bd52fd0559c7845bfded3a349b776526d3c2.tar.gz
podman-9c34bd52fd0559c7845bfded3a349b776526d3c2.tar.bz2
podman-9c34bd52fd0559c7845bfded3a349b776526d3c2.zip
Cirrus: Authorize rootless user self-ssh
Future testing needs dictate rootless (in addition to root) users are able to ssh to localhost. Add ssh-key generation commands for the rootless user, and authorize their public key. Minor: Also remove update of `/etc/sub{uid,gid}` files, since this is now done automatically by `{user,group}add` commands. Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'contrib/cirrus')
-rw-r--r--contrib/cirrus/lib.sh25
1 files changed, 14 insertions, 11 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 9a7bfba8f..9b7c613f5 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -143,6 +143,8 @@ setup_rootless() {
local rootless_uid
local rootless_gid
local env_var_val
+ local akfilepath
+ local sshcmd
# Only do this once; established by setup_environment.sh
# shellcheck disable=SC2154
@@ -169,24 +171,25 @@ setup_rootless() {
ssh-keygen -P "" -f "$HOME/.ssh/id_rsa"
msg "Allowing ssh key for $ROOTLESS_USER"
+ akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys"
(umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh")
chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \
- "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys"
+ "$HOME/.ssh/id_rsa.pub" "$akfilepath"
# Makes debugging easier
- cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys"
-
- msg "Configuring subuid and subgid"
- grep -q "${ROOTLESS_USER}" /etc/subuid || \
- echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \
- tee -a /etc/subuid >> /etc/subgid
+ cat /root/.ssh/authorized_keys >> "$akfilepath"
msg "Ensure the ssh daemon is up and running within 5 minutes"
systemctl start sshd
- lilto ssh $ROOTLESS_USER@localhost \
- -o UserKnownHostsFile=/dev/null \
- -o StrictHostKeyChecking=no \
- -o CheckHostIP=no true
+ sshcmd="ssh $ROOTLESS_USER@localhost
+ -o UserKnownHostsFile=/dev/null
+ -o StrictHostKeyChecking=no
+ -o CheckHostIP=no"
+ lilto $sshcmd true # retry until sshd is up
+
+ msg "Configuring rootless user self-access to ssh to localhost"
+ $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa"
+ cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath"
}
install_test_configs() {