From 6b241702dd1538b613548573f96baebcfb41b642 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 20 Mar 2024 16:55:29 +0100 Subject: [PATCH] osconfig: install root ssh keys to /var/roothome The current location via tmpfiles.d to install the root ssh keys seems to be not working. There is an error that `/root/.ssh` does not exist from `systemd-tmpfiles-setup` and indeed the authorized_keys file is on in `/root/.ssh`. It seems like everything else in the firstboot in tmpfiles.d is refering to `/var/roothome` instead of `/root` and switching to this for the location of the ssh keys solves the issue. --- lib/src/install/osconfig.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/src/install/osconfig.rs b/lib/src/install/osconfig.rs index 3083c8ec4..77c9bf507 100644 --- a/lib/src/install/osconfig.rs +++ b/lib/src/install/osconfig.rs @@ -18,7 +18,8 @@ pub(crate) fn inject_root_ssh_authorized_keys( // While not documented right now, this one looks like it does not newline wrap let b64_encoded = ostree_ext::glib::base64_encode(contents.as_bytes()); // See the example in https://systemd.io/CREDENTIALS/ - let tmpfiles_content = format!("f~ /root/.ssh/authorized_keys 600 root root - {b64_encoded}\n"); + let tmpfiles_content = + format!("f~ /var/roothome/.ssh/authorized_keys 600 root root - {b64_encoded}\n"); crate::lsm::ensure_dir_labeled(root, ETC_TMPFILES, None, 0o755.into(), sepolicy)?; let tmpfiles_dir = root.open_dir(ETC_TMPFILES)?; @@ -45,7 +46,7 @@ fn test_inject_root_ssh() -> Result<()> { let content = root.read_to_string(format!("etc/tmpfiles.d/{ROOT_SSH_TMPFILE}"))?; assert_eq!( content, - "f~ /root/.ssh/authorized_keys 600 root root - c3NoLWVkMjU1MTkgQUJDREUgZXhhbXBsZUBkZW1vCg==\n" + "f~ /var/roothome/.ssh/authorized_keys 600 root root - c3NoLWVkMjU1MTkgQUJDREUgZXhhbXBsZUBkZW1vCg==\n" ); Ok(()) }