From f19234419dbf28682e2da23aebeb8f52a5f6dad2 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 19 Sep 2024 13:15:10 -0400 Subject: [PATCH] Implement non-root ssh for SUSE diskless --- .../profiles/default/scripts/imageboot.sh | 1 + imgutil/imgutil | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/confluent_osdeploy/suse15-diskless/profiles/default/scripts/imageboot.sh b/confluent_osdeploy/suse15-diskless/profiles/default/scripts/imageboot.sh index 91e62ebb..1fb4e6a2 100644 --- a/confluent_osdeploy/suse15-diskless/profiles/default/scripts/imageboot.sh +++ b/confluent_osdeploy/suse15-diskless/profiles/default/scripts/imageboot.sh @@ -140,4 +140,5 @@ mv /lib/modules/$(uname -r) /lib/modules/$(uname -r)-ramfs ln -s /sysroot/lib/modules/$(uname -r) /lib/modules/ mv /lib/firmware /lib/firmware-ramfs ln -s /sysroot/lib/firmware /lib/firmware +chroot /sysroot chkstat --system --set --noheader > /dev/null exec /opt/confluent/bin/start_root diff --git a/imgutil/imgutil b/imgutil/imgutil index c5446069..276ff601 100644 --- a/imgutil/imgutil +++ b/imgutil/imgutil @@ -612,6 +612,22 @@ class SuseHandler(OsHandler): else: subprocess.check_call(['zypper', '-n', '-R', self.targpath, 'install'] + self.zyppargs) os.symlink('/usr/lib/systemd/system/sshd.service', os.path.join(self.targpath, 'etc/systemd/system/multi-user.target.wants/sshd.service')) + with open(os.path.join(self.targpath, 'etc/permissions.local'), 'a') as permout: + permout.write( + '/usr/lib/ssh/ssh-keysign root:ssh_keys 2711\n' + '/etc/ssh/ssh_host_dsa_key root:ssh_keys 640\n' + '/etc/ssh/ssh_host_ecdsa_key root:ssh_keys 640\n' + '/etc/ssh/ssh_host_ed25519_key root:ssh_keys 640\n' + '/etc/ssh/ssh_host_rsa_key root:ssh_keys 640\n' + ) + args.cmd = ['groupadd', 'ssh_keys'] + run_constrainedx(fancy_chroot, (args, + self.targpath)) + args.cmd = ['chkstat', '--system', '--set'], + run_constrainedx(fancy_chroot, (args, + self.targpath)) + + if os.path.exists(os.path.join(self.targpath, 'sbin/mkinitrd')): args.cmd = ['mkinitrd'] else: