mirror of
https://github.com/home-assistant/supervisor.git
synced 2025-07-10 02:36:29 +00:00
Support ssh keys
This commit is contained in:
parent
64aecc6bae
commit
dcda7da666
@ -55,7 +55,7 @@ source /usr/sbin/resin-vars
|
||||
# A temporary file used until next reboot
|
||||
UPDATECONF=/tmp/update-supervisor.conf
|
||||
|
||||
if [ -z "$API_ENDPOINT" -o -z "$CONFIG_PATH" ]; then
|
||||
if [ -z "$ENDPOINT" -o -z "$CONFIG_PATH" ]; then
|
||||
echo "Environment variables API_ENDPOINT and CONFIG_PATH must be set."
|
||||
exit 1
|
||||
fi
|
||||
@ -69,11 +69,11 @@ function error_handler {
|
||||
|
||||
trap 'error_handler $LINENO' ERR
|
||||
|
||||
if request=$(curl -X PUT $API_ENDPOINT/supervisor | jq -e -r '.image,.tag')
|
||||
read image_name, tag <<<$request
|
||||
if tag=$(curl $ENDPOINT | jq -e -r '.supervisor_tag')
|
||||
image_name=$SUPERVISOR_IMAGE
|
||||
|
||||
# Check that we didn't somehow get an empty tag version.
|
||||
if [ -z "$tag" ]; then
|
||||
if [ -z $tag ] || [ -z $image_name ]; then
|
||||
error_handler $LINENO "no tag received"
|
||||
fi
|
||||
fi
|
||||
|
@ -1,5 +1,28 @@
|
||||
FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
|
||||
|
||||
SRC_URI += " \
|
||||
file://sync-authorized-keys.sh \
|
||||
file://sync-authorized-keys.service \
|
||||
"
|
||||
|
||||
SYSTEMD_SERVICE_${PN} += "sync-authorized-keys.service"
|
||||
|
||||
FILES_${PN} += " \
|
||||
${systemd_unitdir} \
|
||||
${bindir} \
|
||||
"
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${sysconfdir}/default
|
||||
sed -i '/DROPBEAR_EXTRA_ARGS="-g"/d' ${D}/etc/default/dropbear
|
||||
install -d ${D}${bindir}
|
||||
install -m 0755 ${WORKDIR}/sync-authorized-keys.sh ${D}${bindir}
|
||||
|
||||
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
|
||||
install -d ${D}${systemd_unitdir}/system
|
||||
install -c -m 0644 ${WORKDIR}/sync-authorized-keys.service ${D}${systemd_unitdir}/system
|
||||
|
||||
sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
|
||||
-e 's,@SBINDIR@,${sbindir},g' \
|
||||
-e 's,@BINDIR@,${bindir},g' \
|
||||
${D}${systemd_unitdir}/system/*.service
|
||||
fi
|
||||
}
|
||||
|
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=SSH authorized_keys state bind mount
|
||||
Requires=home-root-.ssh.mount mnt-boot.mount
|
||||
After=home-root-.ssh.mount mnt-boot.mount
|
||||
Before=etc-dropbear.mount dropbearkey.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=@BASE_BINDIR@/bash @BINDIR@/sync-authorized-keys.sh
|
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
BOOT_SSH_KEY = /mnt/boot/authorized_keys
|
||||
HOME_SSH_KEY = /home/root/.ssh/authorized_keys
|
||||
|
||||
if [ -f BOOT_SSH_KEY ]; then
|
||||
mv BOOT_SSH_KEY HOME_SSH_KEY
|
||||
chmod 0650 HOME_SSH_KEY
|
||||
fi
|
@ -0,0 +1,17 @@
|
||||
|
||||
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
|
||||
|
||||
SRC_URI = " \
|
||||
file://home-root-.ssh.mount \
|
||||
"
|
||||
|
||||
SYSTEMD_SERVICE_${PN} = " \
|
||||
home-root-.ssh.mount \
|
||||
"
|
||||
|
||||
do_install () {
|
||||
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
|
||||
install -d ${D}${systemd_unitdir}/system
|
||||
install -c -m 0644 ${WORKDIR}/home-root-.ssh.mount ${D}${systemd_unitdir}/system
|
||||
fi
|
||||
}
|
@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=SSH authorized_keys state bind mount
|
||||
Requires=mnt-conf.mount resin-conf-reset.service
|
||||
After=mnt-conf.mount resin-conf-reset.service
|
||||
Before=etc-dropbear.mount dropbearkey.service
|
||||
|
||||
[Mount]
|
||||
What=/mnt/conf/root-overlay/home/root/.ssh
|
||||
Where=/home/root/.ssh
|
||||
Type=none
|
||||
Options=bind
|
||||
|
||||
[Install]
|
||||
WantedBy=resin-bind.target
|
@ -49,12 +49,15 @@ source /etc/resin-supervisor/supervisor.conf
|
||||
# runtime value
|
||||
if [ -f $CONFIG_PATH ]
|
||||
then
|
||||
API_ENDPOINT=$(jq --raw-output ".apiEndpoint // empty" $CONFIG_PATH)
|
||||
ENDPOINT=$(jq --raw-output ".apiEndpoint // empty" $CONFIG_PATH)
|
||||
CONFIG_HOSTNAME=$(jq --raw-output ".hostname // empty" $CONFIG_PATH)
|
||||
PERSISTENT_LOGGING=$(jq --raw-output ".persistentLogging // empty" $CONFIG_PATH)
|
||||
if [ -z "$PERSISTENT_LOGGING" ]; then
|
||||
PERSISTENT_LOGGING=false
|
||||
fi
|
||||
if [ -z "$ENDPOINT" ]; then
|
||||
ENDPOINT="https://raw.githubusercontent.com/pvizeli/hassio/master/version.json"
|
||||
fi
|
||||
else
|
||||
echo "[WARNING] $0 : '$CONFIG_PATH' not found."
|
||||
fi
|
||||
|
@ -227,7 +227,7 @@ runPreHacks
|
||||
|
||||
# Detect arch
|
||||
source /etc/resin-supervisor/supervisor.conf
|
||||
arch=`echo "$SUPERVISOR_IMAGE" | sed -n "s/.*\/\([a-zA-Z0-9]*\)-.*/\1/p"`
|
||||
arch=$MACHINE
|
||||
if [ -z "$arch" ]; then
|
||||
log ERROR "Can't detect arch from /etc/resin-supervisor/supervisor.conf ."
|
||||
else
|
||||
@ -261,22 +261,10 @@ if [ ! -z "$UPDATER_SUPERVISOR_TAG" ]; then
|
||||
log "Update to supervisor $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG..."
|
||||
|
||||
log "Updating supervisor..."
|
||||
if [[ $(readlink /sbin/init) == *"sysvinit"* ]]; then
|
||||
# Supervisor update on sysvinit based OS
|
||||
docker pull "$UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG"
|
||||
if [ $? -ne 0 ]; then
|
||||
tryup
|
||||
log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
|
||||
|
||||
fi
|
||||
docker tag -f "$SUPERVISOR_IMAGE:$SUPERVISOR_TAG" "$SUPERVISOR_IMAGE:latest"
|
||||
else
|
||||
# Supervisor update on systemd based OS
|
||||
/usr/bin/update-resin-supervisor --supervisor-image $UPDATER_SUPERVISOR_IMAGE --supervisor-tag $UPDATER_SUPERVISOR_TAG
|
||||
if [ $? -ne 0 ]; then
|
||||
tryup
|
||||
log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
|
||||
fi
|
||||
/usr/bin/update-resin-supervisor --supervisor-image $UPDATER_SUPERVISOR_IMAGE --supervisor-tag $UPDATER_SUPERVISOR_TAG
|
||||
if [ $? -ne 0 ]; then
|
||||
tryup
|
||||
log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
|
||||
fi
|
||||
else
|
||||
log "Supervisor update not requested through arguments ."
|
||||
|
4
version_beta.json
Normal file
4
version_beta.json
Normal file
@ -0,0 +1,4 @@
|
||||
{
|
||||
"supervisor_tag": "20170316",
|
||||
"homeassistant_tag": "0.40.1",
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user