From 318cb29a0a6a985feabd7ddf69c13d567827443b Mon Sep 17 00:00:00 2001 From: Nils Schneider Date: Wed, 10 Sep 2014 18:43:26 +0200 Subject: [PATCH] gluon-authorized-keys: add keys from site.conf This package will run as invariant script after each upgrade and copy all keys from site.conf's authorized_keys entry to /etc/dropbear/authorized_keys. Existing keys will be preserved. The site.conf entry 'authorized_keys' is required (if this package is selected) and must contain a list of strings, each representing a line of the resulting file. --- gluon/gluon-authorized-keys/Makefile | 36 +++++++++++++++++++ gluon/gluon-authorized-keys/check_site.lua | 1 + .../invariant/010-authorized-keys | 22 ++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 gluon/gluon-authorized-keys/Makefile create mode 100644 gluon/gluon-authorized-keys/check_site.lua create mode 100755 gluon/gluon-authorized-keys/files/lib/gluon/upgrade/authorized-keys/invariant/010-authorized-keys diff --git a/gluon/gluon-authorized-keys/Makefile b/gluon/gluon-authorized-keys/Makefile new file mode 100644 index 0000000..6ef90da --- /dev/null +++ b/gluon/gluon-authorized-keys/Makefile @@ -0,0 +1,36 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-authorized-keys +PKG_VERSION:=2 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(GLUONDIR)/include/package.mk + +define Package/gluon-authorized-keys + SECTION:=gluon + CATEGORY:=Gluon + TITLE:=Fill /etc/dropbear/authorized_keys from site.conf + DEPENDS:=+gluon-core +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/gluon-authorized-keys/install + $(CP) ./files/* $(1)/ +endef + +define Package/gluon-authorized-keys/postinst +#!/bin/sh +$(call GluonCheckSite,check_site.lua) +endef + +$(eval $(call BuildPackage,gluon-authorized-keys)) diff --git a/gluon/gluon-authorized-keys/check_site.lua b/gluon/gluon-authorized-keys/check_site.lua new file mode 100644 index 0000000..d1acfab --- /dev/null +++ b/gluon/gluon-authorized-keys/check_site.lua @@ -0,0 +1 @@ +need_string_array 'authorized_keys' diff --git a/gluon/gluon-authorized-keys/files/lib/gluon/upgrade/authorized-keys/invariant/010-authorized-keys b/gluon/gluon-authorized-keys/files/lib/gluon/upgrade/authorized-keys/invariant/010-authorized-keys new file mode 100755 index 0000000..643fa07 --- /dev/null +++ b/gluon/gluon-authorized-keys/files/lib/gluon/upgrade/authorized-keys/invariant/010-authorized-keys @@ -0,0 +1,22 @@ +#!/usr/bin/lua + +local site = require 'gluon.site_config' +local file = '/etc/dropbear/authorized_keys' + +local keys = {} + +function load_keys() + for line in io.lines(file) do + keys[line] = true + end +end + +pcall(load_keys) + +local f = io.open(file, 'a') +for _, key in ipairs(site.authorized_keys) do + if not keys[key] then + f:write(key .. '\n') + end +end +f:close()