Re: deploy GPG keys into images


Thanks for the tip Rudolf!

I found out that gpg has a --homedir flag to do the obvious. Since gpg builds a database, I cannot simply copy the key.

Knowing that now, I can just create the gpg database via a standard recipe using the native utility package and install the files.


On Tue, May 19, 2020 at 7:01 PM Rudolf J Streif <rudolf.streif@...> wrote:

Hi Damien,

On 5/19/20 7:05 AM, Damien LEFEVRE wrote:

I've put GnuPG in my image, and I'd like to deploy a set to public and private keys into the system images.

How can I do that from recipes?

You do this with a shell function that is added to ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys:

# Image post-processing to configure sshd

# Setup ssh key login for these users
SSH_USERS ??= ""

configure_sshd() {
   # disallow password authentication
   if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then
      echo "PasswordAuthentication no" >> ${IMAGE_ROOTFS}/etc/ssh/sshd_config

   # keys will be stored tmp/deploy/keys
   mkdir -p ${DEPLOY_DIR}/keys

   # create the keys for the users
   for user in ${SSH_USERS}; do
      if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then
      /usr/bin/ssh-keygen -t rsa -N '' \
         -f ${DEPLOY_DIR}/keys/${user}-sshkey

      # add public key to authorized_keys for the user
      mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh
      cat ${DEPLOY_DIR}/keys/${user} \
          >> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys

I have this script as an include file that I included into my image recipes.



Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3386 x700

Join to automatically receive all group messages.