dropbear: add a uci-defaults script for loading authorized keys

Write the ssh authorized key to /etc/dropbear/ssh_authorized_keys if present
inside boad.json.

Signed-off-by: John Crispin <john@phrozen.org>

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 3367fd7f74eb921c5c329413d0b91c14ba77680a..e9f3bd693c617cac5dc638ac4ac1b4db9a165243 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -227,6 +227,8 @@ define Package/dropbear/install
        $(INSTALL_DIR) $(1)/etc/dropbear
        $(INSTALL_DIR) $(1)/lib/preinit
        $(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
+       $(INSTALL_DIR) $(1)/etc/uci-defaults
+       $(INSTALL_DATA) ./files/dropbear.defaults $(1)/etc/uci-defaults/50-dropbear
        $(foreach f,$(filter /etc/dropbear/%,$(Package/dropbear/conffiles)),$(if $(wildcard $(TOPDIR)/files/$(f)),chmod 0600 $(TOPDIR)/files/$(f) || :; ))
 endef
 

diff --git a/package/network/services/dropbear/files/dropbear.defaults b/package/network/services/dropbear/files/dropbear.defaults
new file mode 100644 (file)
index 0000000..e679bee
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.defaults
@@ -0,0 +1,20 @@
+[ ! -s /etc/dropbear/authorized_keys ] || exit 0
+
+. /usr/share/libubox/jshn.sh
+
+json_init
+json_load "$(cat /etc/board.json)"
+json_select credentials
+       json_get_keys keys ssh_authorized_keys
+       [ -z "$keys" ] || {
+               touch /etc/dropbear/authorized_keys
+               uci set dropbear.@dropbear[-1].PasswordAuth='off'
+               uci set dropbear.@dropbear[-1].RootPasswordAuth='off'
+       }
+       json_select ssh_authorized_keys
+               for key in $keys; do
+                       json_get_var val "$key"
+                       echo "$val" >> /etc/dropbear/authorized_keys
+               done
+       json_select ..
+json_select ..