Re: deploy GPG keys into images


Rudolf J Streif
 

Hi Damien,

On 5/19/20 7:05 AM, Damien LEFEVRE wrote:
Hi,

I've put GnuPG in my image, and I'd like to deploy a set to public and private keys into the system images.

How can I do that from recipes?

You do this with a shell function that is added to ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys:

# Image post-processing to configure sshd

# Setup ssh key login for these users
SSH_USERS ??= ""
SSH_DISALLOW_PWAUTH ??= "1"

configure_sshd() {
   # disallow password authentication
   if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then
      echo "PasswordAuthentication no" >> ${IMAGE_ROOTFS}/etc/ssh/sshd_config
   fi

   # keys will be stored tmp/deploy/keys
   mkdir -p ${DEPLOY_DIR}/keys

   # create the keys for the users
   for user in ${SSH_USERS}; do
      if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then
      /usr/bin/ssh-keygen -t rsa -N '' \
         -f ${DEPLOY_DIR}/keys/${user}-sshkey
      fi

      # add public key to authorized_keys for the user
      mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh
      cat ${DEPLOY_DIR}/keys/${user}-sshkey.pub \
          >> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys
   done
}
ROOTFS_POSTPROCESS_COMMAND += "configure_sshd;"

I have this script as an include file that I included into my image recipes.

:rjs


Thanks,
-Damien


    
-- 
-----
Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3386 x700

Join yocto@lists.yoctoproject.org to automatically receive all group messages.