Re: [yocto] deploy GPG keys into images

Fri, 22 May 2020 01:47:46 -0700 

Thanks for the tip Rudolf!

I found out that gpg has a --homedir flag to do the obvious. Since gpg
builds a database, I cannot simply copy the key.

Knowing that now, I can just create the gpg database via a standard recipe
using the native utility package and install the files.

-Damien

On Tue, May 19, 2020 at 7:01 PM Rudolf J Streif <rudolf.str...@ibeeto.com>
wrote:

> Hi Damien,
> On 5/19/20 7:05 AM, Damien LEFEVRE wrote:
>
> Hi,
>
> I've put GnuPG in my image, and I'd like to deploy a set to public and
> private keys into the system images.
>
> How can I do that from recipes?
>
> You do this with a shell function that is added to
> ROOTFS_POSTPROCESS_COMMAND. Here is a script that I use to create SSH keys:
>
> # Image post-processing to configure sshd
>
> # Setup ssh key login for these users
> SSH_USERS ??= ""
> SSH_DISALLOW_PWAUTH ??= "1"
>
> configure_sshd() {
>    # disallow password authentication
>    if [ "${SSH_DIALLOW_PWAUTH}" == "1" ]; then
>       echo "PasswordAuthentication no" >>
> ${IMAGE_ROOTFS}/etc/ssh/sshd_config
>    fi
>
>    # keys will be stored tmp/deploy/keys
>    mkdir -p ${DEPLOY_DIR}/keys
>
>    # create the keys for the users
>    for user in ${SSH_USERS}; do
>       if [ ! -f ${DEPLOY_DIR}/keys/${user}-sshkey ]; then
>       /usr/bin/ssh-keygen -t rsa -N '' \
>          -f ${DEPLOY_DIR}/keys/${user}-sshkey
>       fi
>
>       # add public key to authorized_keys for the user
>       mkdir -p ${IMAGE_ROOTFS}/home/${user}/.ssh
>       cat ${DEPLOY_DIR}/keys/${user}-sshkey.pub \
>           >> ${IMAGE_ROOTFS}/home/${user}/.ssh/authorized_keys
>    done
> }
> ROOTFS_POSTPROCESS_COMMAND += "configure_sshd;"
>
> I have this script as an include file that I included into my image
> recipes.
>
> :rjs
>
>
> Thanks,
> -Damien
>
> 
>
> --
> -----
> Rudolf J Streif
> CEO/CTO ibeeto
> +1.855.442.3386 x700
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#49451): https://lists.yoctoproject.org/g/yocto/message/49451
Mute This Topic: https://lists.yoctoproject.org/mt/74325514/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to