0feb838506
The devuser element is designed to add a single development user and manage their keys. Any local use of devuser by a developer thus silently conflicts with zuul-worker. Additionally, this is currently tacitly taking the public-key from ~/.ssh/id_rsa.pub -- i.e. the public key of the currently building user. Mixing permissions from the builder into the final-image makes sense for a development-user case, but not for deploying worker accounts. This simply creates the worker account by hand, which is easy enough. To maintain the status-quo we still source ~/.ssh/id_rsa.pub by default, but provide a documented flag to override this. Change-Id: Ic9c9e415c158ad1f057b8d2aa2776dbe2bbd1e47
30 lines
593 B
Bash
Executable File
30 lines
593 B
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
useradd -m zuul
|
|
|
|
cat > /etc/sudoers.d/zuul << EOF
|
|
zuul ALL=(ALL) NOPASSWD:ALL
|
|
EOF
|
|
|
|
chmod 0440 /etc/sudoers.d/zuul
|
|
visudo -c || die "Error setting zuul sudo!"
|
|
|
|
# this was copied from outside the chroot by extras.d
|
|
_pub_key=/tmp/in_target.d/zuul-user-ssh-public-key
|
|
if [ ! -f $_pub_key ]; then
|
|
die "Can not find Zuul public key!"
|
|
fi
|
|
|
|
mkdir /home/zuul/.ssh
|
|
chmod 700 /home/zuul/.ssh
|
|
cp $_pub_key /home/zuul/.ssh/authorized_keys
|
|
|
|
# cleanup everything to the right owner
|
|
chown -R zuul:zuul /home/zuul
|