aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2021-11-17 13:45:43 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2021-11-17 13:53:42 +0100
commit9fc64c47806fb1c643f7c90e848a17da45eaeca2 (patch)
treed4c3da3838d4f1f183806888758c5405ad7a543d
parent4faa60c049063814c6afd7d0f5d00ece03bc6b95 (diff)
downloadaports-9fc64c47806fb1c643f7c90e848a17da45eaeca2.tar.gz
aports-9fc64c47806fb1c643f7c90e848a17da45eaeca2.tar.bz2
aports-9fc64c47806fb1c643f7c90e848a17da45eaeca2.tar.xz
main/alpine-conf: backport SSH_KEY support for setup-sshd
This allows user to do things like: export SSH_KEY=https://github.com/ncopa.keys
-rw-r--r--main/alpine-conf/0001-setup-sshd-Ask-for-authorized-key-for-root.patch66
-rw-r--r--main/alpine-conf/0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch53
-rw-r--r--main/alpine-conf/APKBUILD6
3 files changed, 124 insertions, 1 deletions
diff --git a/main/alpine-conf/0001-setup-sshd-Ask-for-authorized-key-for-root.patch b/main/alpine-conf/0001-setup-sshd-Ask-for-authorized-key-for-root.patch
new file mode 100644
index 0000000000..1551e69e37
--- /dev/null
+++ b/main/alpine-conf/0001-setup-sshd-Ask-for-authorized-key-for-root.patch
@@ -0,0 +1,66 @@
+From 4c6ddb022367965dc7475e8bee762734c3262107 Mon Sep 17 00:00:00 2001
+From: Lukas Bestle <mail@lukasbestle.com>
+Date: Sat, 10 Jul 2021 21:36:26 +0200
+Subject: [PATCH 1/2] setup-sshd: Ask for authorized key for root
+
+Fixes #10459.
+---
+ setup-sshd.in | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+diff --git a/setup-sshd.in b/setup-sshd.in
+index 67cb8a0..caf8f1c 100644
+--- a/setup-sshd.in
++++ b/setup-sshd.in
+@@ -6,21 +6,23 @@ PREFIX=
+
+ usage() {
+ cat <<-__EOF__
+- usage: setup-sshd [-h] [-c choice of SSH daemon]
++ usage: setup-sshd [-h] [-c choice of SSH daemon] [-k authorized key]
+
+ Setup sshd daemon
+
+ options:
+ -h Show this help
+ -c Choice of SSH daemon: openssh dropbear none
++ -k Authorized key for root (HTTP(S)/FTP URL, the public key itself or 'none')
+ __EOF__
+ exit 1
+ }
+
+-while getopts "hc:" opt; do
++while getopts "hc:k:" opt; do
+ case $opt in
+ h) usage;;
+ c) sshdchoice="$OPTARG";;
++ k) authorized_key="$OPTARG";;
+ esac
+ done
+
+@@ -50,3 +52,22 @@ if [ -n "$svc" ]; then
+ rc-update add $svc default
+ rc-service $svc start
+ fi
++
++if [ -z "$authorized_key" ]; then
++ ask "Authorized SSH public key for root? (HTTP(S)/FTP URL or the public key itself)" none
++ authorized_key="$resp"
++fi
++
++if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then
++ # if the argument is an HTTP(S)/FTP URL, try to fetch the file contents
++ if [ -z "$(echo "$authorized_key" | sed -E 's~^(https?|ftp)://.+$~~')" ]; then
++ key_url="$authorized_key"
++ authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
++
++ echo "Received authorized SSH key from '$key_url':"
++ echo "$authorized_key"
++ fi
++
++ mkdir -p ${ROOT}/root/.ssh
++ echo "$authorized_key" >> ${ROOT}/root/.ssh/authorized_keys
++fi
+--
+2.34.0
+
diff --git a/main/alpine-conf/0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch b/main/alpine-conf/0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch
new file mode 100644
index 0000000000..2db026b869
--- /dev/null
+++ b/main/alpine-conf/0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch
@@ -0,0 +1,53 @@
+From ee3be974167b62f91c2e4b9f64f05fa91ebcba15 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 17 Nov 2021 12:45:44 +0100
+Subject: [PATCH 2/2] setup-sshd: use SSH_KEY instead of prompt user
+
+Do not ask user for ssh key, but support the use of SSH_KEY env var.
+---
+ setup-sshd.in | 20 +++++++-------------
+ 1 file changed, 7 insertions(+), 13 deletions(-)
+
+diff --git a/setup-sshd.in b/setup-sshd.in
+index caf8f1c..271ad79 100644
+--- a/setup-sshd.in
++++ b/setup-sshd.in
+@@ -18,6 +18,7 @@ usage() {
+ exit 1
+ }
+
++authorized_key="$SSH_KEY"
+ while getopts "hc:k:" opt; do
+ case $opt in
+ h) usage;;
+@@ -53,21 +54,14 @@ if [ -n "$svc" ]; then
+ rc-service $svc start
+ fi
+
+-if [ -z "$authorized_key" ]; then
+- ask "Authorized SSH public key for root? (HTTP(S)/FTP URL or the public key itself)" none
+- authorized_key="$resp"
+-fi
+-
+ if [ -n "$authorized_key" -a "$authorized_key" != "none" ]; then
+ # if the argument is an HTTP(S)/FTP URL, try to fetch the file contents
+- if [ -z "$(echo "$authorized_key" | sed -E 's~^(https?|ftp)://.+$~~')" ]; then
+- key_url="$authorized_key"
+- authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
+-
+- echo "Received authorized SSH key from '$key_url':"
+- echo "$authorized_key"
+- fi
+-
++ case "$authorized_key" in
++ http*://*|ftp://)
++ key_url="$authorized_key"
++ authorized_key="$(wget -qO- "$key_url")" || die "Could not fetch key from '$key_url'"
++ ;;
++ esac
+ mkdir -p ${ROOT}/root/.ssh
+ echo "$authorized_key" >> ${ROOT}/root/.ssh/authorized_keys
+ fi
+--
+2.34.0
+
diff --git a/main/alpine-conf/APKBUILD b/main/alpine-conf/APKBUILD
index 435aa2bf9d..4eeefbcd31 100644
--- a/main/alpine-conf/APKBUILD
+++ b/main/alpine-conf/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-conf
pkgver=3.13.0_rc2
-pkgrel=1
+pkgrel=2
pkgdesc="Alpine configuration management scripts"
url="https://git.alpinelinux.org/alpine-conf/about"
arch="all"
@@ -9,6 +9,8 @@ license="MIT"
depends="openrc>=0.24.1-r6 busybox>=1.26.1-r3"
source="https://gitlab.alpinelinux.org/alpine/alpine-conf/-/archive/$pkgver/alpine-conf-$pkgver.tar.gz
0001-setup-disk-enable-password-verification-in-luksForma.patch
+ 0001-setup-sshd-Ask-for-authorized-key-for-root.patch
+ 0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch
"
builddir="$srcdir"/$pkgname-$pkgver
@@ -28,4 +30,6 @@ package() {
sha512sums="
467078896f8452afb83e61b3838887f5f2e5a6725108ee4fc1ae7463ae7f452c1a2eef1071f47a6ecbfd1b773d8acf548fe1faf5927dbef294fbcfa1a3c251d7 alpine-conf-3.13.0_rc2.tar.gz
6a7a1528ee1e8868f3f4fe3aaac01569fd8cf47a10fcd2065bce2159e8945cd7627d0af31c99afff5efd9c9b433c09f3a212372dde204c6e6fd098694dfc8113 0001-setup-disk-enable-password-verification-in-luksForma.patch
+e3e358a988ee3b97874b46acc37d24d519b4165e97a8fdcd14e1b47ebe6b5b7057918f30ce503d5c8387ec0c75e596b6974cf4b5d9e151bbbbe2b0c5e22dfd9e 0001-setup-sshd-Ask-for-authorized-key-for-root.patch
+bec6ed65f325ee3abc3635454bd5dcfe2ec53745dfcbf61ef7fa38f432c2d1d4bd1dde8cd85c3290cf175952dd144bdc26bb6229d4a784b82c941dd168014d0a 0002-setup-sshd-use-SSH_KEY-instead-of-prompt-user.patch
"