From 06d0e05dbb279db1a318f535909321eb30e7928f Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 20 Apr 2020 09:39:36 -0400
Subject: [PATCH] Set rootfs to have ssh ready

Get the CA and user key into the
right places to use in the target system.
---
 misc/confluent-prepivot.sh.rh8 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/misc/confluent-prepivot.sh.rh8 b/misc/confluent-prepivot.sh.rh8
index f879bbd0..bb125d16 100644
--- a/misc/confluent-prepivot.sh.rh8
+++ b/misc/confluent-prepivot.sh.rh8
@@ -9,7 +9,11 @@ sed -i 's/install::/install:*:/' /sysroot/etc/shadow
 sed -i 's/root::/root:*:/' /sysroot/etc/shadow
 mkdir -p /sysroot/root/.ssh
 chmod 700 /sysroot/root/.ssh
-cp /ssh/authorized_keys /sysroot/root/.ssh
+cat /ssh/*.rootpubkey > /sysroot/root/.ssh/authorized_keys
 chmod 600 /sysroot/root/.ssh/authorized_keys
+mkdir -p /sysroot/etc/ssh/
+for i in /ssh/*.ca; do
+    echo '@cert-authority *' $(cat $i) >> /sysroot/etc/ssh/ssh_known_hosts
+done
 cp /etc/confluent.apikey /sysroot/etc/
 cp /tmp/confluent.deploycfg /tmp/confluent.info /sysroot/etc/
\ No newline at end of file