From: Michael Prokop <mika@grml.org>
Date: Sat, 2 Mar 2019 09:29:47 +0000 (+0100)
Subject: Merge remote-tracking branch 'origin/pr/129'
X-Git-Tag: v0.88~3
X-Git-Url: https://git.grml.org/?p=grml-debootstrap.git;a=commitdiff_plain;h=6359370c21819973a396b6277bcf3f04b25aa565;hp=-c

Merge remote-tracking branch 'origin/pr/129'
---

6359370c21819973a396b6277bcf3f04b25aa565
diff --combined grml-debootstrap
index 016daec,5dbe1a7..a87dbab
--- a/grml-debootstrap
+++ b/grml-debootstrap
@@@ -155,6 -155,7 +155,7 @@@ Configuration options
        --hostname <name>    Hostname of Debian system.
        --nopassword         Do not prompt for the root password.
        --password <pwd>     Use specified password as password for user root.
+       --sshcopyid          Use locally available public keys to authorise root login on the target system.
        --bootappend <line>  Add specified appendline to kernel whilst booting.
        --chroot-scripts <d> Execute chroot scripts from specified directory.
        --pre-scripts <dir>  Execute scripts from specified directory (before chroot-scripts).
@@@ -346,7 -347,7 +347,7 @@@ f
  # }}}
  
  # cmdline handling {{{
- CMDLINE_OPTS=mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs
+ CMDLINE_OPTS=mirror:,iso:,release:,target:,mntpoint:,debopt:,defaultinterfaces,interactive,nodebootstrap,nointerfaces,nokernel,nopackages,filesystem:,config:,confdir:,packages:,chroot-scripts:,scripts:,post-scripts:,pre-scripts:,debconf:,vm,vmfile,vmsize:,keep_src_list,hostname:,password:,nopassword,grmlrepos,backportrepos,bootappend:,grub:,efi:,arch:,insecure,verbose,help,version,force,debug,contrib,non-free,remove-configs,sshcopyid
  
  _opt_temp=$(getopt --name grml-debootstrap -o +m:i:r:t:p:c:d:vhV --long \
    $CMDLINE_OPTS -- "$@")
@@@ -460,6 -461,9 +461,9 @@@ while :; d
    --nopassword)        # Skip password dialog
      _opt_nopassword=T
      ;;
+   --sshcopyid)         # Use locally available public keys to authorise root login on the target system
+     _opt_sshcopyid=T
+     ;;
    --grmlrepos)         # Enable Grml repository
      _opt_grmlrepos=T
      ;;
@@@ -560,6 -564,7 +564,7 @@@ don
  [ "$_opt_defaultinterfaces" ]   && USE_DEFAULT_INTERFACES="true"
  [ "$_opt_nointerfaces" ]        && NOINTERFACES="true"
  [ "$_opt_nokernel" ]            && NOKERNEL="true"
+ [ "$_opt_sshcopyid" ]           && SSHCOPYID="true"
  [ "$_opt_bootappend" ]          && BOOT_APPEND=$_opt_bootappend
  [ "$_opt_grub" ]                && GRUB=$_opt_grub
  [ "$_opt_efi" ]                 && EFI=$_opt_efi
@@@ -1723,16 -1728,6 +1728,16 @@@ allow-hotplug eth
  iface eth0 inet dhcp
  "
  
 +  # add dhcp setting for Predictable Network Interface Names
 +  if [ -x /bin/udevadm ]; then
 +    for interface in $(udevadm info -e | sed -n -e 's/E: ID_NET_NAME_PATH=\([^$*]\)/\1/p'); do
 +      DEFAULT_INTERFACES="${DEFAULT_INTERFACES}
 +allow-hotplug ${interface}
 +iface ${interface} inet dhcp
 +"
 +    done
 +  fi
 +
    if [ -n "$NOINTERFACES" ] ; then
      einfo "Not installing /etc/network/interfaces as requested via --nointerfaces option" ; eend 0
    elif [ -n "$USE_DEFAULT_INTERFACES" ] ; then
@@@ -1758,6 -1753,20 +1763,20 @@@
       cp /etc/network/interfaces.examples "$MNTPOINT/etc/network/interfaces.examples"
    fi
  
+   if [ -n "${SSHCOPYID}" ] ; then
+     ssh-add -L > /dev/null 2>&1 ; RC=$?
+     if [ $RC -eq 0 ] ; then
+       einfo "Use locally available public keys to authorise root login on the target system as requested via --sshcopyid option."
+       mkdir "${MNTPOINT}"/root/.ssh
+       chmod 0700 "${MNTPOINT}"/root/.ssh
+       ssh-add -L > "${MNTPOINT}"/root/.ssh/authorized_keys
+       eend 0
+     else
+       ewarn "Could not open a connection to your authentication agent or the agent has no identites."
+       eend $?
+     fi
+   fi
+ 
    if [ -d /run/udev ] ; then
      einfo "Setting up bind-mount /run/udev"
      mkdir -p "${MNTPOINT}"/run/udev
diff --combined grml-debootstrap.8.txt
index 9c6d2d6,205e788..9c455b3
--- a/grml-debootstrap.8.txt
+++ b/grml-debootstrap.8.txt
@@@ -85,11 -85,8 +85,11 @@@ Options and environment variable
  
  *--defaultinterfaces*::
  
 -   Install a default /etc/network/interfaces file (enabling DHCP for eth0)
 +   Install a default /etc/network/interfaces file (enabling DHCP for all local
 +   Ethernet, WLAN and WWAN interfaces using predictable network interface names
 +   and using eth0 as tradtition interface name for backward compatibility)
     instead of taking over config from host system.
 +   This option is automatically enabled when using --vm or --vmfile.
  
  *--efi* _device_::
  
@@@ -158,6 -155,7 +158,6 @@@
  *--nointerfaces*::
  
      Do not copy /etc/network/interfaces from host system to the target.
 -    This option is automatically enabled when using --vm or --vmfile.
  
  *--nokernel*::
  
@@@ -226,6 -224,13 +226,13 @@@
      Delete grml-debootstrap configuration files (/etc/debootstrap/*) from installed
      system. Useful for reproducible builds or if you don't want to leak information.
  
+ *--sshcopyid*::
+ 
+     Use locally available public keys to authorise root login on the target system.
+     Similar to ssh-copy-id(1) (without the -i option) it checks if `ssh-add -L`
+     provides any output, and if so those keys are appended to
+     _/root/.ssh/authorized_keys_ (creating the file and directory (with mode 0700)).
+ 
  *-t*, *--target* _target_::
  
      Target partition (/dev/...) or directory (anything else without /dev at the
@@@ -241,7 -246,6 +248,7 @@@
      partitioned.
      This allows deployment of a Virtual Machine. The options needs to be
      combined with the --target option.
 +    This option automatically enables the --defaultinterfaces option.
      Usage example: --vm --target /dev/mapper/your-vm-disk
  
  *--vmfile*::
@@@ -250,7 -254,6 +257,7 @@@
      partition/block device or directory. This allows deployment of a Virtual
      Machine. The options needs to be combined with the --target option
      ('qemu-img create -f raw ...' is executed on the specified target).
 +    This option automatically enables the --defaultinterfaces option.
      Usage example: --vmfile --target /mnt/sda1/qemu.img
  
  *--vmsize* _size_::
@@@ -268,13 -271,6 +275,13 @@@ WARNING: the command line parsing of gr
  the provided arguments for the command line options. Please be careful and check
  docs and /etc/debootstrap/config for further information.
  
 +Networking
 +----------
 +
 +By default (that is, if none of the options *--nointerfaces*,
 +*--defaultinterfaces*, *--vmfile* or *--vm* are given) /etc/network/interfaces
 +will be copied from the host to the target system.
 +
  Usage examples
  ---------------