Commit 744af82e authored by Claude's avatar Claude 🌴

Improve SSH configuration

parent 6c28aa00
Pipeline #8157 passed with stage
in 9 seconds
......@@ -14,11 +14,16 @@ declare -gra _PREPARE_RASPBIAN_CONFIG_VARS_=(
'RASPBIAN_PI_GROUP_ID:INTEGER'
'RASPBIAN_PI_USER_ID:INTEGER'
'SSH_AUTHORIZED_KEYS:STRING'
'SSH_CONFIGURE:BOOLEAN'
'SSH_ENABLE:BOOLEAN'
)
function prepare_raspbian_get_config_file {
echo "${_PREPARE_RASPBIAN_CONFIG_FILE_}"
}
function prepare_raspbian_show_list {
local entry=
for entry in "${_PREPARE_RASPBIAN_CONFIG_VARS_[@]}" ; do
cut -d ':' -f1 <<<"${entry}"
done
......@@ -45,8 +50,8 @@ function prepare_raspbian_show_list_json {
function prepare_raspbian_get_type {
local -r var_name="$1"
local entry=
local entry=
for entry in "${_PREPARE_RASPBIAN_CONFIG_VARS_[@]}" ; do
if [ "${entry:0:${#var_name} + 1}" = "${var_name}:" ] ; then
cut -d ':' -f2 <<<"${entry}"
......@@ -57,13 +62,13 @@ function prepare_raspbian_get_type {
function prepare_raspbian_show_list_all {
ensure_raspbian_config_ready
jq -S '.' "${_PREPARE_RASPBIAN_CONFIG_FILE_}" || exit 1
jq -S '.' "$( prepare_raspbian_get_config_file )" || return $?
}
function prepare_raspbian_config_is_var_name_valide {
local -r var_name="$1"
local var=
local var=
while read -r var ; do
if [ "${var_name}" = "${var}" ] ; then
return 0
......@@ -86,13 +91,16 @@ function prepare_raspbian_config_check_var_name {
function ensure_raspbian_config_ready {
if [ ! -d "${__PREPARE_RASPBIAN_CONFIG_DIR__}" ] ; then
mkdir -vp "${__PREPARE_RASPBIAN_CONFIG_DIR__}"
mkdir -vp "${__PREPARE_RASPBIAN_CONFIG_DIR__}" || true
fi
exit_if_directory_not_exists "${__PREPARE_RASPBIAN_CONFIG_DIR__}"
touch "${_PREPARE_RASPBIAN_CONFIG_FILE_}"
exit_if_file_not_exists "${_PREPARE_RASPBIAN_CONFIG_FILE_}"
local config_file=
config_file="$( prepare_raspbian_get_config_file )" || return $?
touch "${config_file}" || true
exit_if_file_not_exists "${config_file}"
}
function prepare_raspbian_initialise_if_needed {
......@@ -102,17 +110,18 @@ function prepare_raspbian_initialise_if_needed {
ensure_raspbian_config_ready
if ! is_variable_define_and_not_empty_safe "${var_name}" ; then
local value=
local json_config_for_var=
json_config_for_var="$(
jq ".[\"${var_name}\"]" "$( prepare_raspbian_get_config_file )"
)" || return $?
json_config_for_var="$( jq ".[\"${var_name}\"]" <"${_PREPARE_RASPBIAN_CONFIG_FILE_}" )" || exit 1
local value=
if [ "${json_config_for_var}" != 'null' ] ; then
value="$( jq -r '.value' <<<"${json_config_for_var}" )" || exit 1
value="$( jq -r '.value' <<<"${json_config_for_var}" )" || return $?
if [ "${value}" = 'null' ] ; then
local link=
link="$( jq -r '.link' <<<"${json_config_for_var}" )" || exit 1
link="$( jq -r '.link' <<<"${json_config_for_var}" )" || return $?
if [ "${link}" != 'null' ] ; then
if [ -f "${link}" ] ; then
......@@ -149,21 +158,21 @@ function _prepare_raspbian_config_json_set_ {
local -r var_name="$1"
local -r var_name_type="$2"
local -r var_value="$3"
local config=
ensure_raspbian_config_ready
local config=
config="$(
jq -S ". | del(.[\"${var_name}\"] | .value) | del(.[\"${var_name}\"] | .link )" \
"${_PREPARE_RASPBIAN_CONFIG_FILE_}"
)" || exit 1
"$( prepare_raspbian_get_config_file )"
)" || return $?
if [ -n "${var_value}" ] ; then
local var_value_json=
if [ "${var_name_type}" != 'link' ] ; then
local var_value_expected_type=
var_value_expected_type="$( prepare_raspbian_get_type "${var_name}" )" || exit 1
var_value_expected_type="$( prepare_raspbian_get_type "${var_name}" )" || return $?
case "${var_value_expected_type}" in
'BOOLEAN'|'INTEGER')
......@@ -181,12 +190,12 @@ function _prepare_raspbian_config_json_set_ {
config="$(
jq -S ". |
(.[\"${var_name}\"] | .${var_name_type} ) |= ${var_value_json}" <<<"${config}"
)" || exit 1
)" || return $?
echo "${config}" >"${_PREPARE_RASPBIAN_CONFIG_FILE_}" || exit 1
echo "${config}" >"$( prepare_raspbian_get_config_file )" || return $?
echoinfo "'${var_name}'.'${var_name_type}' is set : '${var_value}'" >&2
else
echo "${config}" >"${_PREPARE_RASPBIAN_CONFIG_FILE_}" || exit 1
echo "${config}" >"$( prepare_raspbian_get_config_file )" || return $?
echoinfo "'${var_name}' is removed." >&2
fi
}
......@@ -195,7 +204,7 @@ function _prepare_raspbian_config_set_value_ {
local -r var_name="$1"
local -r var_value="$2"
_prepare_raspbian_config_json_set_ "${var_name}" 'value' "${var_value}"
_prepare_raspbian_config_json_set_ "${var_name}" 'value' "${var_value}" || return $?
}
function prepare_raspbian_check_and_set_value_string {
......@@ -237,7 +246,7 @@ function _prepare_raspbian_config_set_link_ {
ensure_raspbian_config_ready
_prepare_raspbian_config_json_set_ "${var_name}" 'link' "${var_link}"
_prepare_raspbian_config_json_set_ "${var_name}" 'link' "${var_link}" || return $?
}
function prepare_raspbian_check_and_set_value_link {
......@@ -245,7 +254,7 @@ function prepare_raspbian_check_and_set_value_link {
local -r var_link="$2"
if prepare_raspbian_config_check_var_name "${var_name}" ; then
_prepare_raspbian_config_set_link_ "${var_name}" "${var_link}"
_prepare_raspbian_config_set_link_ "${var_name}" "${var_link}" || return $?
else
return 1
fi
......@@ -256,10 +265,10 @@ function prepare_raspbian_check_and_set_value {
local -r var_name="$2"
local -r var_value="$3"
prepare_raspbian_config_check_var_name "${var_name}" || exit 1
prepare_raspbian_config_check_var_name "${var_name}" || return $?
local var_value_expected_type=
var_value_expected_type="$( prepare_raspbian_get_type "${var_name}" )" || exit 1
var_value_expected_type="$( prepare_raspbian_get_type "${var_name}" )" || return $?
if [ -z "${var_value_expected_type}" ] ; then
echofatal "Don't know how to handle '${var_name}'."
......@@ -315,7 +324,7 @@ function prepare_raspbian_check_and_get_value {
if is_variable_define_and_not_empty_safe "${var_name}" ; then
local -r value="${!var_name}"
jq "{ \"${var_name}\" : \"${value}\" }" <<<'{}' || exit 1
jq "{ \"${var_name}\" : \"${value}\" }" <<<'{}' || return $?
return 0
else
echo "${var_name} not define." >&2
......
......@@ -21,18 +21,17 @@ usr/bin/raspi-config
'
function customize_sd {
local boot_partition_home=
local rootfs_partition_home=
# Ensure boot partition is has expected
boot_partition_home="$( get_partition_home_by_label_with_timeout 'boot' )" || exit 1
local boot_partition_home=
boot_partition_home="$( get_partition_home_by_label_with_timeout 'boot' )" || return $?
echoinfo "boot_partition_home=${boot_partition_home}"
# Ensure rootfs partition is has expected
rootfs_partition_home="$( get_partition_home_by_label_with_timeout 'rootfs' )" || exit 1
local rootfs_partition_home=
rootfs_partition_home="$( get_partition_home_by_label_with_timeout 'rootfs' )" || return $?
echoinfo "rootfs_partition_home=${rootfs_partition_home}"
verify_sd_content "${boot_partition_home}" "${rootfs_partition_home}"
verify_sd_content "${boot_partition_home}" "${rootfs_partition_home}" || return $?
# shellcheck disable=SC2154
if [ "${param_dry_run}" = 'false' ] ; then
......@@ -50,13 +49,13 @@ function customize_sd {
if [ -f "${ssh_file}" ] ; then
echoinfo "Umounting '${boot_partition_home}'"
if [ "${param_dry_run}" = 'false' ] ; then
sudo umount "${boot_partition_home}" || exit 1
sudo umount "${boot_partition_home}" || return $?
echookay "${boot_partition_home} umounted."
fi
echoinfo "Umounting '${rootfs_partition_home}'"
if [ "${param_dry_run}" = 'false' ] ; then
sudo umount "${rootfs_partition_home}" || exit 1
sudo umount "${rootfs_partition_home}" || return $?
echookay "${rootfs_partition_home} umounted."
fi
else
......@@ -72,14 +71,20 @@ function customize_enable_ssh {
exit 1
fi
echoinfo 'Enable SSH.'
prepare_raspbian_initialise_if_needed SSH_ENABLE ''
local -r ssh_file="${boot_partition_home}/ssh"
if [ "${SSH_ENABLE:-}" = 'true' ] ; then
echoinfo 'Enable SSH.'
if [ -f "${ssh_file}" ] ; then
echoinfo "File '${ssh_file}' already exists."
local -r ssh_file="${boot_partition_home}/ssh"
if [ -f "${ssh_file}" ] ; then
echoinfo "File '${ssh_file}' already exists."
else
touch "${ssh_file}" || return $?
fi
else
touch "${ssh_file}"
echoinfo 'Skip SSH enable'
fi
}
......@@ -135,7 +140,7 @@ function customize_pi_user {
fi
# Create bcm workspace directory (TODO: should be optional)
if [ "${BCM_WORKSPACE}" != 'false' ] ; then
if [ "${BCM_WORKSPACE:-}" != 'false' ] ; then
local -r bcm_workspace_location="${home_pi}/.bcm-workspace"
if [ -d "${bcm_workspace_location}" ] ; then
......@@ -143,50 +148,56 @@ function customize_pi_user {
else
sudo mkdir -v "${bcm_workspace_location}"
# Set user right to 'pi' user and 'pi' group
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${bcm_workspace_location}" || exit 1
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${bcm_workspace_location}" || return $?
fi
else
echookay "Skip bcm-workspace. BCM_WORKSPACE: ${BCM_WORKSPACE}"
echookay "Skip bcm-workspace. BCM_WORKSPACE='${BCM_WORKSPACE:-}'"
fi
# Configure ssh (TODO: should be optional)
local -r ssh_folder="${home_pi}/.ssh"
# Configure ssh
prepare_raspbian_initialise_if_needed SSH_CONFIGURE ''
if [ -d "${ssh_folder}" ] ; then
echoinfo "Folder '${ssh_folder}' already exists."
else
sudo mkdir -v "${ssh_folder}"
# Set user right to 'pi' user and 'pi' group
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${ssh_folder}" || exit 1
sudo chmod 700 "${ssh_folder}" || exit 1
fi
if [ "${SSH_CONFIGURE:-}" = 'true' ] ; then
local -r ssh_folder="${home_pi}/.ssh"
prepare_raspbian_initialise_if_needed SSH_AUTHORIZED_KEYS ''
if [ -d "${ssh_folder}" ] ; then
echoinfo "Folder '${ssh_folder}' already exists."
else
sudo mkdir -v "${ssh_folder}"
# Set user right to 'pi' user and 'pi' group
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${ssh_folder}" || return $?
sudo chmod 700 "${ssh_folder}" || return $?
fi
if ! is_variable_define_and_not_empty_safe 'SSH_AUTHORIZED_KEYS' ; then
echowarn 'SSH_AUTHORIZED_KEYS not define (or empty) - you can fix this in file define by RASPBIAN_SSH_CONFIG'
prepare_raspbian_initialise_if_needed SSH_AUTHORIZED_KEYS ''
if is_variable_define_and_not_empty_safe 'RASPBIAN_SSH_CONFIG' ; then
echoerror "Check content of '${RASPBIAN_SSH_CONFIG}'"
fi
else
if sudo [ -f "${ssh_folder}/authorized_keys" ] ; then
echowarn "File '${ssh_folder}/authorized_keys' already exists (nothing will be changed)."
if ! is_variable_define_and_not_empty_safe 'SSH_AUTHORIZED_KEYS' ; then
echowarn 'SSH_AUTHORIZED_KEYS not define (or empty) - you can fix this in file define by RASPBIAN_SSH_CONFIG'
if is_variable_define_and_not_empty_safe 'RASPBIAN_SSH_CONFIG' ; then
echoerror "Check content of '${RASPBIAN_SSH_CONFIG}'"
fi
else
cat <<EOF | sudo tee "${ssh_folder}/authorized_keys"
if sudo [ -f "${ssh_folder}/authorized_keys" ] ; then
echowarn "File '${ssh_folder}/authorized_keys' already exists (nothing will be changed)."
else
cat <<EOF | sudo tee "${ssh_folder}/authorized_keys"
${SSH_AUTHORIZED_KEYS}
EOF
# Set user right to 'pi' user and 'pi' group
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${ssh_folder}/authorized_keys" || exit 1
echoinfo "File '${ssh_folder}/authorized_keys' created."
# Set user right to 'pi' user and 'pi' group
sudo chown "${RASPBIAN_PI_USER_ID}:${RASPBIAN_PI_GROUP_ID}" "${ssh_folder}/authorized_keys" || return $?
echoinfo "File '${ssh_folder}/authorized_keys' created."
fi
fi
else
echookay "Skip ~/.ssh configuration : SSH_CONFIGURE='${SSH_CONFIGURE:-}'"
fi
}
function get_partition_home_by_label_with_timeout {
local -r label="$1"
local partition_home=
local partition_home=
for count in $(seq 10 -1 1) ; do
if partition_home="$( get_partition_home_by_label "${label}" )" ; then
echo "${partition_home}"
......@@ -202,11 +213,11 @@ function get_partition_home_by_label_with_timeout {
function get_partition_home_by_label {
local -r label="$1"
local partition_home=
local partition_home=
partition_home="$(
mount --show-labels | grep "\\[${label}\\]" | cut -d ' ' -f3
)"
)" || return $?
if [ -z "${partition_home}" ] ; then
return 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment