refactor: remove init-ssh

jc-lab · Aug 15, 2021 · b5c17b6 · b5c17b6
1 parent 3a2c0a4
commit b5c17b6
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 25 deletions.
diff --git a/example/example.yml b/example/example.yml
@@ -26,17 +26,11 @@ onboot:
   # NEEDED FOR FORMAT or MOUNT
   - name: format
     image: jclab/securekit-disk:latest
-    command: ["/opt/securekit/sbin/disk-init", "/dev/sda", "--name", "storage", "--mbr", "--mount", "/var/storage", "--mount-meta", "/var/boot"]
+    command: ["/opt/securekit/sbin/disk-init", "/dev/sda", "--name", "storage", "--mbr", "--mount", "/var/storage", "--mount-meta", "/var/boot", "--mkdir", "/var/storage/ssh", "--mkdir", "/var/storage/test:777"]
     binds:
       - /dev:/dev
       - /var:/var
       - /fs_protector_key.public.asc:/fs_protector_key.public.asc:ro
-  # NEEDED FOR KEY BACKUP
-  - name: init-sshd
-    image: jclab/securekit-sshd:latest
-    command: ["/usr/bin/init-ssh.sh", "/var/storage"]
-    binds:
-      - /var/storage:/var/storage
   # ========== REQUIRED FOR SECUREKIT END ==========
 onshutdown:
   # ========== REQUIRED FOR SECUREKIT ==========
@@ -59,7 +53,7 @@ services:
     image: jclab/securekit-sshd:latest
     binds:
       - /etc/resolv.conf:/etc/resolv.conf:ro
-      - /var/storage/etc/ssh:/etc/ssh:ro
+      - /var/storage/ssh:/etc/ssh
       - /home/manager/.ssh/authorized_keys:/home/manager/.ssh/authorized_keys
       - /var/log:/home/manager/log:ro
       - /var/boot:/home/manager/boot:ro

diff --git a/pkg/securekit-disk/opt/securekit/sbin/disk-init b/pkg/securekit-disk/opt/securekit/sbin/disk-init
@@ -12,6 +12,8 @@ partition_style="o"
 storage_mount_dir=""
 meta_mount_dir=""
 
+mkdir_list=()
+
 while [ $# -gt 0 ]; do
     case "$1" in
         --name)
@@ -36,6 +38,10 @@ while [ $# -gt 0 ]; do
             shift
             meta_mount_dir="$1"
             ;;
+        --mkdir)
+            shift
+            mkdir_list+=("$1")
+            ;;
       *)
             >&2 info "invalid argument: $*"
             exit 1
@@ -218,4 +224,17 @@ fi
 
 sync
 
+for item in "${mkdir_list[@]}"; do
+    [ -n "$item" ] || continue
+    opts="-p"
+    path="$(echo $item | cut -d':' -f1 -s)"
+    perm=""
+    [ -z "$path" ] && path="$item" || perm=$(echo "$item" | cut -d':' -f2 -s)
+    [ -z "$perm" ] || opts="$opts -m $perm"
+    echo mkdir $opts "$path" > /dev/kmsg
+    mkdir $opts "$path"
+done
+
+sync
+
 exit 0
diff --git a/pkg/securekit-sshd/etc/ssh/sshd_config.in → pkg/securekit-sshd/etc/sshd_config.in b/pkg/securekit-sshd/etc/ssh/sshd_config.in → pkg/securekit-sshd/etc/sshd_config.in
diff --git a/pkg/securekit-sshd/usr/bin/init-ssh.sh b/pkg/securekit-sshd/usr/bin/init-ssh.sh
diff --git a/pkg/securekit-sshd/usr/bin/ssh.sh b/pkg/securekit-sshd/usr/bin/ssh.sh
@@ -3,7 +3,7 @@
 KEYS=$(find /etc/ssh -name 'ssh_host_*_key')
 [ -z "$KEYS" ] && ssh-keygen -A >/dev/null
 
-cat /etc/ssh/sshd_config.in > /tmp/sshd_config
+cat /etc/sshd_config.in > /tmp/sshd_config
 [ "x${ONLY_SFTP:-yes}" = "xno" ] || cat >> /tmp/sshd_config << EOF
 
 AllowTcpForwarding no