Re: deploy GPG keys into images

Home Messages Hashtags Subgroups

#49451

Re: deploy GPG keys into images

Damien LEFEVRE #49451 Thanks for the tip Rudolf! I found out that gpg has a --homedir flag to do the obvious. Since gpg builds a database, I cannot simply copy the key. Knowing that now, I can just create the gpg database via a standard recipe using the native utility package and install the files. -Damien toggle quoted message Show quoted text On Tue, May 19, 2020 at 7:01 PM Rudolf J Streif <rudolf.streif@...> wrote: Hi Damien, On 5/19/20 7:05 AM, Damien LEFEVRE wrote: Hi, I've put GnuPG in my image, and I'd like to deploy a set to public and private keys into the system images. How can I do that from recipes? You do this with a shell function that is added to ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys: `# Image post-processing to configure sshd# Setup ssh key login for these usersSSH_USERS ??= ""SSH_DISALLOW_PWAUTH ??= "1"configure_sshd() {` `# disallow password authentication` `if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then` `echo "PasswordAuthentication no" >> ${IMAGE_ROOTFS}/etc/ssh/sshd_config` `fi` `# keys will be stored tmp/deploy/keys` `mkdir -p ${DEPLOY_DIR}/keys` `# create the keys for the users` `for user in ${SSH_USERS}; do` `if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then` `/usr/bin/ssh-keygen -t rsa -N '' \` `-f ${DEPLOY_DIR}/keys/${user}-sshkey` `fi` `# add public key to authorized_keys for the user` `mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh` `cat ${DEPLOY_DIR}/keys/${user}-sshkey.pub \` `>> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys` `done}ROOTFS_POSTPROCESS_COMMAND += "configure_sshd;"` I have this script as an include file that I included into my image recipes. :rjs Thanks, -Damien -- ----- Rudolf J Streif CEO/CTO ibeeto +1.855.442.3386 x700
More All Messages By This Member

View All 3 Messages In Topic

#49451

Join yocto@lists.yoctoproject.org to automatically receive all group messages.

Home Hashtags Subgroups Terms