From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7197811629045579776 X-Received: by 2002:a63:7e4e:0:b0:477:a33f:4858 with SMTP id o14-20020a637e4e000000b00477a33f4858mr1644992pgn.76.1675871116554; Wed, 08 Feb 2023 07:45:16 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:90b:11c6:b0:219:84d6:9802 with SMTP id gv6-20020a17090b11c600b0021984d69802ls2802001pjb.3.-pod-canary-gmail; Wed, 08 Feb 2023 07:45:15 -0800 (PST) X-Google-Smtp-Source: AK7set/4cJTsZvyYsqzLZvrIpj/ab+0VVI4THOm2cu7mPUGYlK6iHmBT+NE475e+3TZCDLyDJUQg X-Received: by 2002:a17:903:24f:b0:198:a08a:e52b with SMTP id j15-20020a170903024f00b00198a08ae52bmr9125207plh.13.1675871115593; Wed, 08 Feb 2023 07:45:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675871115; cv=none; d=google.com; s=arc-20160816; b=NsTIaVb1cv0PIV/iRcT+fEBJybx5BW/SymBHgRDWLD9b4zsRuqL+SV0iIc7HsLE/rW Ey7MbAE8fKi/WaNsEieM5mSOiDGasXzzMTQBk+KQ0ZnRmj6cfrSP0GbIJHXZHmVD4CqU y3BJeZNOcDaV56iDjgbmpnqvMa2gS60HKOystqC+BVbPflXQOfAJOh0kk7kCyVhteZrd T6Aw5wvzdWI77Vaqj/NqKTjcD5s+P0Pezxw8oNMnHuE3CSnVKseblKbCiCn7XVQOb9fW VFGWNRrqzqMhT8zOYtRg3S3o8Q3Y6tkXXa3d9SlQdjyS5talmA1SpreSAT983f0OonZA MMag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from; bh=+0LtGieRr9RiqmOW5megiU5ONNcYSzFXIkcPspl0N0U=; b=HdOdWC9TWEhsQrKGiDSumUUiObFh+0Z0EPQXYwEOLjmYBPUasY6cysOT50NbH7Dnn2 UeIJlgF8xkKE5hw0jCDag2gd2eCfVdXWsVpp3xCOQIe5awuX9fvDjez/A7VIcVoFzctZ sX98sjPH3HSEabM3EAxOI+Pcyk4Wqjci+ouf4w8DhR7APouN/vudOX9PALzmU/Pe4NlU KatfsjxmJXYZW6HAts3bxvrwqI61Se99uSS5hhEDEyrABmzhHzZxCs/yXY3ui8knnWOf wDuO/f9JYnANjuXvjRMOPhbZxmO1yoRvJKmucmkaJ9BkIsp/wqtByf2xn8N5bi8zMnnA WL/g== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id p4-20020a170902ebc400b00199482e6f8dsi152865plg.3.2023.02.08.07.45.14 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 08 Feb 2023 07:45:15 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from baighyz.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 318FjB4u015298 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 8 Feb 2023 16:45:13 +0100 From: Uladzimir Bely To: isar-users@googlegroups.com Subject: [PATCH v2 3/9] meta-isar: Add a recipe that configures ci user Date: Wed, 8 Feb 2023 16:45:05 +0100 Message-Id: <20230208154511.1884-4-ubely@ilbers.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20230208154511.1884-1-ubely@ilbers.de> References: <20230208154511.1884-1-ubely@ilbers.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: PDm9ja9O7MMT This creates `ci` user on a target and configures it for non-interactive access to the image via SSH. Non-interactive access is provided by placing testsuite's public part of ssh key to `authorized_keys`. This allows non-interactive SSH access to the machine with executing custom commands on the guest VM. Also, NetworkManager is installed to the image to make ethernet on target auto configured and thus port forwarding from host to qemu machine would work. Signed-off-by: Uladzimir Bely --- .../isar-ci-ssh-setup/files/postinst | 18 +++++++++++++++ .../isar-ci-ssh-setup_0.1.bb | 22 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst create mode 100644 meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb diff --git a/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst b/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst new file mode 100644 index 00000000..37d1bcb0 --- /dev/null +++ b/meta-isar/recipes-ci/isar-ci-ssh-setup/files/postinst @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +if ! getent group ci >/dev/null; then + groupadd --system ci +fi + +if ! getent passwd ci >/dev/null; then + useradd --system --gid ci --create-home \ + --home-dir /var/lib/isar-ci --no-user-group \ + --comment "Isar CI user" \ + ci +fi + +# since the homedir was part of the package, useradd did not include skel +cp -RTn /etc/skel ~ci +chown -R ci:ci ~ci diff --git a/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb b/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb new file mode 100644 index 00000000..74fecf92 --- /dev/null +++ b/meta-isar/recipes-ci/isar-ci-ssh-setup/isar-ci-ssh-setup_0.1.bb @@ -0,0 +1,22 @@ +# This software is a part of ISAR. + +DESCRIPTION = "Setup user with non-interactive SSH access" +MAINTAINER = "Uladzimir Bely " + +SRC_URI = " \ + file://postinst \ +" + +DEPENDS += "sshd-regen-keys" +DEBIAN_DEPENDS = "adduser, apt (>= 0.4.2), network-manager, sshd-regen-keys" + +inherit dpkg-raw + +do_install() { + # Install authorized SSH keys + install -v -d ${D}/var/lib/isar-ci/.ssh/ + install -v -m 644 ${TESTSUITEDIR}/keys/ssh/id_rsa.pub ${D}/var/lib/isar-ci/.ssh/authorized_keys + + # Manage all interfaces (including ethernet) by NetworkManager + install -D -m 644 /dev/null ${D}/etc/NetworkManager/conf.d/10-globally-managed-devices.conf +} -- 2.20.1