diff options
Diffstat (limited to 'contrib/cirrus/lib.sh')
| -rw-r--r-- | contrib/cirrus/lib.sh | 51 |
1 files changed, 33 insertions, 18 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 9a7bfba8f..cff8f4b3f 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -143,6 +143,8 @@ setup_rootless() { local rootless_uid local rootless_gid local env_var_val + local akfilepath + local sshcmd # Only do this once; established by setup_environment.sh # shellcheck disable=SC2154 @@ -164,29 +166,42 @@ setup_rootless() { useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" - msg "creating ssh key pair for $USER" - [[ -r "$HOME/.ssh/id_rsa" ]] || \ - ssh-keygen -P "" -f "$HOME/.ssh/id_rsa" + mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh" - msg "Allowing ssh key for $ROOTLESS_USER" - (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh") - chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" - install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \ - "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys" - # Makes debugging easier - cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys" + msg "Creating ssh key pairs" + [[ -r "$HOME/.ssh/id_rsa" ]] || \ + ssh-keygen -t rsa -P "" -f "$HOME/.ssh/id_rsa" + ssh-keygen -t ed25519 -P "" -f "/home/$ROOTLESS_USER/.ssh/id_ed25519" + ssh-keygen -t rsa -P "" -f "/home/$ROOTLESS_USER/.ssh/id_rsa" - msg "Configuring subuid and subgid" - grep -q "${ROOTLESS_USER}" /etc/subuid || \ - echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \ - tee -a /etc/subuid >> /etc/subgid + msg "Setup authorized_keys" + cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys + cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys msg "Ensure the ssh daemon is up and running within 5 minutes" systemctl start sshd - lilto ssh $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/dev/null \ - -o StrictHostKeyChecking=no \ - -o CheckHostIP=no true + lilto systemctl is-active sshd + + msg "Configure ssh file permissions" + chmod -R 700 "$HOME/.ssh" + chmod -R 700 "/home/$ROOTLESS_USER/.ssh" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + + msg " setup known_hosts for $USER" + ssh -q root@localhost \ + -o UserKnownHostsFile=/root/.ssh/known_hosts \ + -o UpdateHostKeys=yes \ + -o StrictHostKeyChecking=no \ + -o CheckHostIP=no \ + true + + msg " setup known_hosts for $ROOTLESS_USER" + su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \ + -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \ + -o UpdateHostKeys=yes \ + -o StrictHostKeyChecking=no \ + -o CheckHostIP=no \ + true" } install_test_configs() { |