meta-phosphor/classes/phosphor-deploy-ssh-keys.bbclass

####
# Copyright 2020 Hewlett Packard Enterprise Development LP.
# Copyright 2021 Intel Corporation
#
# Add a basic class to add a privileged user from an ssh
# standpoint and a public key passed as an input parameter
# from the local.conf file
# Example:
# INHERIT += "phosphor-deploy-ssh-keys"
#
# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub"
# or
# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub"
####

inherit useradd_base

IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"

deploy_local_user () {
    if [ "${SSH_KEYS}" == "" ]; then
        bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"
        return
    fi

    ssh_keys="${SSH_KEYS}"
    while [ "${ssh_keys}" != "" ]; do
        current_key=`echo "$ssh_keys" | cut -d ';' -f1`
        ssh_keys=`echo "$ssh_keys" | cut -s -d ';' -f2-`

        username=`echo "$current_key" | awk -F":" '{ print $1}'`
        key_path=`echo "$current_key" | awk -F":" '{ print $2}'`

        if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then
            perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"
        fi

        if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then
            install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/
        fi

        if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then
            install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        else
            cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        fi

        uid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $3}'`
        guid=`cat ${IMAGE_ROOTFS}/etc/passwd | grep "${username}:" | awk -F ":" '{print $4}'`

        chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh
        chmod 600  ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys
        chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh

        is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group || true`

        if [ -z "${is_group}" ]; then
            perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"
        fi

        perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"
    done
}
Initial commit 2026-04-23 17:07:55 +08:00			`####`
			`# Copyright 2020 Hewlett Packard Enterprise Development LP.`
			`# Copyright 2021 Intel Corporation`
			`#`
			`# Add a basic class to add a privileged user from an ssh`
			`# standpoint and a public key passed as an input parameter`
			`# from the local.conf file`
			`# Example:`
			`# INHERIT += "phosphor-deploy-ssh-keys"`
			`#`
			`# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub"`
			`# or`
			`# SSH_KEYS = "vejmarie:/home/openbmc/openbmc/meta-hpe/keys/test.pub;root:/path/to/id_rsa.pub"`
			`####`

			`inherit useradd_base`

			`IMAGE_PREPROCESS_COMMAND += "deploy_local_user;"`

			`deploy_local_user () {`
			`if [ "${SSH_KEYS}" == "" ]; then`
			`bbwarn "Trying to deploy SSH keys but input variable is empty (SSH_KEYS)"`
			`return`
			`fi`

			`ssh_keys="${SSH_KEYS}"`
			`while [ "${ssh_keys}" != "" ]; do`
			current_key=`echo "$ssh_keys" \| cut -d ';' -f1`
			ssh_keys=`echo "$ssh_keys" \| cut -s -d ';' -f2-`

			username=`echo "$current_key" \| awk -F":" '{ print $1}'`
			key_path=`echo "$current_key" \| awk -F":" '{ print $2}'`

			`if [ ! -d ${IMAGE_ROOTFS}/home/${username} ]; then`
			`perform_useradd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -p '' ${username}"`
			`fi`

			`if [ ! -d ${IMAGE_ROOTFS}/home/${username}.ssh/ ]; then`
			`install -d ${IMAGE_ROOTFS}/home/${username}/.ssh/`
			`fi`

			`if [ ! -f ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys ]; then`
			`install -m 0600 ${key_path} ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys`
			`else`
			`cat ${key_path} >> ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys`
			`fi`

			uid=`cat ${IMAGE_ROOTFS}/etc/passwd \| grep "${username}:" \| awk -F ":" '{print $3}'`
			guid=`cat ${IMAGE_ROOTFS}/etc/passwd \| grep "${username}:" \| awk -F ":" '{print $4}'`

			`chown -R ${uid}:${guid} ${IMAGE_ROOTFS}/home/${username}/.ssh`
			`chmod 600 ${IMAGE_ROOTFS}/home/${username}/.ssh/authorized_keys`
			`chmod 700 ${IMAGE_ROOTFS}/home/${username}/.ssh`

			is_group=`grep "priv-admin" ${IMAGE_ROOTFS}/etc/group \|\| true`

			`if [ -z "${is_group}" ]; then`
			`perform_groupadd "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} priv-admin"`
			`fi`

			`perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} -a -G priv-admin ${username}"`
			`done`
			`}`