From dcda7da666176de81eb948c9f2c9c9768b5c2ada Mon Sep 17 00:00:00 2001
From: pvizeli <pvizeli@syshack.ch>
Date: Tue, 21 Mar 2017 10:22:39 +0100
Subject: [PATCH] Support ssh keys

---
 .../update-resin-supervisor                   |  8 +++---
 .../recipes-core/dropbear/dropbear_%.bbappend | 27 +++++++++++++++++--
 .../files/sync-authorized-keys.service        |  9 +++++++
 .../dropbear/files/sync-authorized-keys.sh    |  9 +++++++
 .../resin-mounts/resin-mounts.bbappend        | 17 ++++++++++++
 .../resin-mounts/home-root-.ssh.mount         | 14 ++++++++++
 .../resin-vars/resin-vars/resin-vars          |  5 +++-
 .../resinhup/resinhup/run-resinhup.sh         | 22 ++++-----------
 version_beta.json                             |  4 +++
 9 files changed, 91 insertions(+), 24 deletions(-)
 create mode 100644 meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.service
 create mode 100644 meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.sh
 create mode 100644 meta-hassio/recipes-support/resin-mounts/resin-mounts.bbappend
 create mode 100644 meta-hassio/recipes-support/resin-mounts/resin-mounts/home-root-.ssh.mount
 create mode 100644 version_beta.json

diff --git a/meta-hassio/recipes-containers/docker-disk/docker-resin-supervisor-disk/update-resin-supervisor b/meta-hassio/recipes-containers/docker-disk/docker-resin-supervisor-disk/update-resin-supervisor
index 2039151db..955c8a953 100644
--- a/meta-hassio/recipes-containers/docker-disk/docker-resin-supervisor-disk/update-resin-supervisor
+++ b/meta-hassio/recipes-containers/docker-disk/docker-resin-supervisor-disk/update-resin-supervisor
@@ -55,7 +55,7 @@ source /usr/sbin/resin-vars
 # A temporary file used until next reboot
 UPDATECONF=/tmp/update-supervisor.conf
 
-if [ -z "$API_ENDPOINT" -o -z "$CONFIG_PATH" ]; then
+if [ -z "$ENDPOINT" -o -z "$CONFIG_PATH" ]; then
     echo "Environment variables API_ENDPOINT and CONFIG_PATH must be set."
     exit 1
 fi
@@ -69,11 +69,11 @@ function error_handler {
 
 trap 'error_handler $LINENO' ERR
 
-if request=$(curl -X PUT $API_ENDPOINT/supervisor | jq -e -r '.image,.tag')
-    read image_name, tag <<<$request
+if tag=$(curl $ENDPOINT | jq -e -r '.supervisor_tag')
+    image_name=$SUPERVISOR_IMAGE
 
     # Check that we didn't somehow get an empty tag version.
-    if [ -z "$tag" ]; then
+    if [ -z $tag ] || [ -z $image_name ]; then
         error_handler $LINENO "no tag received"
     fi
 fi
diff --git a/meta-hassio/recipes-core/dropbear/dropbear_%.bbappend b/meta-hassio/recipes-core/dropbear/dropbear_%.bbappend
index b06449d84..c0115917c 100644
--- a/meta-hassio/recipes-core/dropbear/dropbear_%.bbappend
+++ b/meta-hassio/recipes-core/dropbear/dropbear_%.bbappend
@@ -1,5 +1,28 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI += " \
+    file://sync-authorized-keys.sh \
+    file://sync-authorized-keys.service \
+    "
+
+SYSTEMD_SERVICE_${PN} += "sync-authorized-keys.service"
+
+FILES_${PN} += " \
+     ${systemd_unitdir} \
+     ${bindir} \
+     "
 
 do_install_append() {
-    install -d ${D}${sysconfdir}/default
-    sed -i '/DROPBEAR_EXTRA_ARGS="-g"/d' ${D}/etc/default/dropbear
+    install -d ${D}${bindir}
+    install -m 0755 ${WORKDIR}/sync-authorized-keys.sh ${D}${bindir}
+
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_unitdir}/system
+        install -c -m 0644 ${WORKDIR}/sync-authorized-keys.service ${D}${systemd_unitdir}/system
+
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+            -e 's,@SBINDIR@,${sbindir},g' \
+            -e 's,@BINDIR@,${bindir},g' \
+            ${D}${systemd_unitdir}/system/*.service
+    fi
 }
diff --git a/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.service b/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.service
new file mode 100644
index 000000000..0a978b70a
--- /dev/null
+++ b/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=SSH authorized_keys state bind mount
+Requires=home-root-.ssh.mount mnt-boot.mount
+After=home-root-.ssh.mount mnt-boot.mount
+Before=etc-dropbear.mount dropbearkey.service
+
+[Service]
+Type=simple
+ExecStart=@BASE_BINDIR@/bash @BINDIR@/sync-authorized-keys.sh
diff --git a/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.sh b/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.sh
new file mode 100644
index 000000000..5a28814d2
--- /dev/null
+++ b/meta-hassio/recipes-core/dropbear/files/sync-authorized-keys.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+BOOT_SSH_KEY = /mnt/boot/authorized_keys
+HOME_SSH_KEY = /home/root/.ssh/authorized_keys
+
+if [ -f BOOT_SSH_KEY ]; then
+    mv BOOT_SSH_KEY HOME_SSH_KEY
+    chmod 0650 HOME_SSH_KEY
+fi
diff --git a/meta-hassio/recipes-support/resin-mounts/resin-mounts.bbappend b/meta-hassio/recipes-support/resin-mounts/resin-mounts.bbappend
new file mode 100644
index 000000000..330261bae
--- /dev/null
+++ b/meta-hassio/recipes-support/resin-mounts/resin-mounts.bbappend
@@ -0,0 +1,17 @@
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI = " \
+    file://home-root-.ssh.mount \
+    "
+
+SYSTEMD_SERVICE_${PN} = " \
+    home-root-.ssh.mount \
+    "
+
+do_install () {
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_unitdir}/system
+        install -c -m 0644 ${WORKDIR}/home-root-.ssh.mount ${D}${systemd_unitdir}/system
+    fi
+}
diff --git a/meta-hassio/recipes-support/resin-mounts/resin-mounts/home-root-.ssh.mount b/meta-hassio/recipes-support/resin-mounts/resin-mounts/home-root-.ssh.mount
new file mode 100644
index 000000000..49c36afb1
--- /dev/null
+++ b/meta-hassio/recipes-support/resin-mounts/resin-mounts/home-root-.ssh.mount
@@ -0,0 +1,14 @@
+[Unit]
+Description=SSH authorized_keys state bind mount
+Requires=mnt-conf.mount resin-conf-reset.service
+After=mnt-conf.mount resin-conf-reset.service
+Before=etc-dropbear.mount dropbearkey.service
+
+[Mount]
+What=/mnt/conf/root-overlay/home/root/.ssh
+Where=/home/root/.ssh
+Type=none
+Options=bind
+
+[Install]
+WantedBy=resin-bind.target
diff --git a/meta-hassio/recipes-support/resin-vars/resin-vars/resin-vars b/meta-hassio/recipes-support/resin-vars/resin-vars/resin-vars
index 3858755e6..eae6a2303 100644
--- a/meta-hassio/recipes-support/resin-vars/resin-vars/resin-vars
+++ b/meta-hassio/recipes-support/resin-vars/resin-vars/resin-vars
@@ -49,12 +49,15 @@ source /etc/resin-supervisor/supervisor.conf
 # runtime value
 if [ -f $CONFIG_PATH ]
 then
-    API_ENDPOINT=$(jq --raw-output ".apiEndpoint // empty" $CONFIG_PATH)
+    ENDPOINT=$(jq --raw-output ".apiEndpoint // empty" $CONFIG_PATH)
     CONFIG_HOSTNAME=$(jq --raw-output ".hostname // empty" $CONFIG_PATH)
     PERSISTENT_LOGGING=$(jq --raw-output ".persistentLogging // empty" $CONFIG_PATH)
     if [ -z "$PERSISTENT_LOGGING" ]; then
         PERSISTENT_LOGGING=false
     fi
+    if [ -z "$ENDPOINT" ]; then
+        ENDPOINT="https://raw.githubusercontent.com/pvizeli/hassio/master/version.json"
+    fi
 else
     echo "[WARNING] $0 : '$CONFIG_PATH' not found."
 fi
diff --git a/meta-hassio/recipes-support/resinhup/resinhup/run-resinhup.sh b/meta-hassio/recipes-support/resinhup/resinhup/run-resinhup.sh
index 407ec55f9..2d501716b 100644
--- a/meta-hassio/recipes-support/resinhup/resinhup/run-resinhup.sh
+++ b/meta-hassio/recipes-support/resinhup/resinhup/run-resinhup.sh
@@ -227,7 +227,7 @@ runPreHacks
 
 # Detect arch
 source /etc/resin-supervisor/supervisor.conf
-arch=`echo "$SUPERVISOR_IMAGE" | sed -n "s/.*\/\([a-zA-Z0-9]*\)-.*/\1/p"`
+arch=$MACHINE
 if [ -z "$arch" ]; then
     log ERROR "Can't detect arch from /etc/resin-supervisor/supervisor.conf ."
 else
@@ -261,22 +261,10 @@ if [ ! -z "$UPDATER_SUPERVISOR_TAG" ]; then
     log "Update to supervisor $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG..."
 
     log "Updating supervisor..."
-    if [[ $(readlink /sbin/init) == *"sysvinit"* ]]; then
-        # Supervisor update on sysvinit based OS
-        docker pull "$UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG"
-        if [ $? -ne 0 ]; then
-            tryup
-            log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
-
-        fi
-        docker tag -f "$SUPERVISOR_IMAGE:$SUPERVISOR_TAG" "$SUPERVISOR_IMAGE:latest"
-    else
-        # Supervisor update on systemd based OS
-        /usr/bin/update-resin-supervisor --supervisor-image $UPDATER_SUPERVISOR_IMAGE --supervisor-tag $UPDATER_SUPERVISOR_TAG
-        if [ $? -ne 0 ]; then
-            tryup
-            log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
-        fi
+    /usr/bin/update-resin-supervisor --supervisor-image $UPDATER_SUPERVISOR_IMAGE --supervisor-tag $UPDATER_SUPERVISOR_TAG
+    if [ $? -ne 0 ]; then
+        tryup
+        log ERROR "Could not update supervisor to $UPDATER_SUPERVISOR_IMAGE:$UPDATER_SUPERVISOR_TAG ."
     fi
 else
     log "Supervisor update not requested through arguments ."
diff --git a/version_beta.json b/version_beta.json
new file mode 100644
index 000000000..24083acd1
--- /dev/null
+++ b/version_beta.json
@@ -0,0 +1,4 @@
+{
+    "supervisor_tag": "20170316",
+    "homeassistant_tag": "0.40.1",
+}