Re: [yocto] deploy GPG keys into images
Thanks for the tip Rudolf! I found out that gpg has a --homedir flag to do the obvious. Since gpg builds a database, I cannot simply copy the key. Knowing that now, I can just create the gpg database via a standard recipe using the native utility package and install the files. -Damien On Tue, May 19, 2020 at 7:01 PM Rudolf J Streif wrote: > Hi Damien, > On 5/19/20 7:05 AM, Damien LEFEVRE wrote: > > Hi, > > I've put GnuPG in my image, and I'd like to deploy a set to public and > private keys into the system images. > > How can I do that from recipes? > > You do this with a shell function that is added to > ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys: > > # Image post-processing to configure sshd > > # Setup ssh key login for these users > SSH_USERS ??= "" > SSH_DISALLOW_PWAUTH ??= "1" > > configure_sshd() { ># disallow password authentication >if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then > echo "PasswordAuthentication no" >> > ${IMAGE_ROOTFS}/etc/ssh/sshd_config >fi > ># keys will be stored tmp/deploy/keys >mkdir -p ${DEPLOY_DIR}/keys > ># create the keys for the users >for user in ${SSH_USERS}; do > if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then > /usr/bin/ssh-keygen -t rsa -N '' \ > -f ${DEPLOY_DIR}/keys/${user}-sshkey > fi > > # add public key to authorized_keys for the user > mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh > cat ${DEPLOY_DIR}/keys/${user}-sshkey.pub \ > >> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys >done > } > ROOTFS_POSTPROCESS_COMMAND += "configure_sshd;" > > I have this script as an include file that I included into my image > recipes. > > :rjs > > > Thanks, > -Damien > > > > -- > - > Rudolf J Streif > CEO/CTO ibeeto > +1.855.442.3386 x700 > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#49451): https://lists.yoctoproject.org/g/yocto/message/49451 Mute This Topic: https://lists.yoctoproject.org/mt/74325514/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] deploy GPG keys into images
Hi Damien, On 5/19/20 7:05 AM, Damien LEFEVRE wrote: > Hi, > > I've put GnuPG in my image, and I'd like to deploy a set to public and > private keys into the system images. > > How can I do that from recipes? > You do this with a shell function that is added to ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys: # Image post-processing to configure sshd # Setup ssh key login for these users SSH_USERS ??= "" SSH_DISALLOW_PWAUTH ??= "1" configure_sshd() { # disallow password authentication if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then echo "PasswordAuthentication no" >> ${IMAGE_ROOTFS}/etc/ssh/sshd_config fi # keys will be stored tmp/deploy/keys mkdir -p ${DEPLOY_DIR}/keys # create the keys for the users for user in ${SSH_USERS}; do if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then /usr/bin/ssh-keygen -t rsa -N '' \ -f ${DEPLOY_DIR}/keys/${user}-sshkey fi # add public key to authorized_keys for the user mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh cat ${DEPLOY_DIR}/keys/${user}-sshkey.pub \ >> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys done } ROOTFS_POSTPROCESS_COMMAND += "configure_sshd;" I have this script as an include file that I included into my image recipes. :rjs > Thanks, > -Damien > > -- - Rudolf J Streif CEO/CTO ibeeto +1.855.442.3386 x700 signature.asc Description: OpenPGP digital signature -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#49444): https://lists.yoctoproject.org/g/yocto/message/49444 Mute This Topic: https://lists.yoctoproject.org/mt/74325514/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] deploy GPG keys into images
Hi, I've put GnuPG in my image, and I'd like to deploy a set to public and private keys into the system images. How can I do that from recipes? Thanks, -Damien -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#49442): https://lists.yoctoproject.org/g/yocto/message/49442 Mute This Topic: https://lists.yoctoproject.org/mt/74325514/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-