Add generic devuser element

The devuser element is useful for configuring a generic utility user for
the built images.

Change-Id: Ifd9dcf3ba88d7abc98b1e44a93f6d9a6b4e764dd

elements/devuser/README.rst

@@ -0,0 +1,40 @@
+=======
+devuser
+=======
+
+Creates a user that is useful for development / debugging. The following
+environment variables can be useful for configuration:
+
+Environment Variables
+---------------------
+
+DIB_DEV_USER_USERNAME
+  :Required: No
+  :Default: devuser
+  :Description: Username for the created user.
+
+DIB_DEV_USER_SHELL
+  :Required: No
+  :Default: System default (The useradd default is used)
+  :Description: Full path for the shell of the user. This is passed to useradd
+    using the -s parameter. Note that this does not install the (possibly)
+    required shell package.
+
+DIB_DEV_USER_PWDLESS_SUDO
+  :Required: No
+  :Default: No
+  :Description: Enable passwordless sudo for the user.
+
+DIB_DEV_USER_AUTHORIZED_KEYS
+  :Required: No
+  :Default: $HOME/.ssh/id_{rsa,dsa}.pub
+  :Description: Path to a file to copy into this users' .ssh/authorized_keys
+    If this is not specified then an attempt is made to use a the building
+    user's public key. To disable this behavior specify an invalid path for
+    this variable (such as /dev/null).
+
+DIB_DEV_USER_PASSWORD
+  :Required: No
+  :Default: Password is disabled
+  :Description: Set the default password for this user. This is a fairly
+    insecure method of setting the password and is not advised.

elements/devuser/environment.d/50-devuser

@@ -0,0 +1,5 @@
+export DIB_DEV_USER_USERNAME=${DIB_DEV_USER_USERNAME:-devuser}
+export DIB_DEV_USER_SHELL=${DIB_DEV_USER_SHELL:-}
+export DIB_DEV_USER_PWDLESS_SUDO=${DIB_DEV_USER_PWDLESS_SUDO:-}
+export DIB_DEV_USER_AUTHORIZED_KEYS=${DIB_DEV_USER_AUTHORIZED_KEYS:-}
+export DIB_DEV_USER_PASSWORD=${DIB_DEV_USER_PASSWORD:-}

elements/devuser/extra-data.d/50-devuser

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+if [ -n "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
+    if [ -f "$DIB_DEV_USER_AUTHORIZED_KEYS" ]; then
+        cat $DIB_DEV_USER_AUTHORIZED_KEYS >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
+    fi
+else
+    for fmt in "rsa dsa"; do
+        if [ -f "$HOME/.ssh/id_$fmt.pub" ]; then
+            cat $HOME/.ssh/id_$fmt.pub >> $TMP_HOOKS_PATH/devuser-ssh-authorized-keys
+            break
+        fi
+    done
+fi

elements/devuser/install.d/50-devuser

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+user_shell_args=
+if [ -n "${DIB_DEV_USER_SHELL}" ]; then
+    user_shell_args="-s ${DIB_DEV_USER_SHELL}"
+fi
+useradd -m ${DIB_DEV_USER_USERNAME} $user_shell_args
+set +x
+if [ -n "${DIB_DEV_USER_PASSWORD}" ]; then
+    echo "Setting password."
+    echo "${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_PASSWORD}" | chpasswd
+fi
+set -x
+
+if [ -n "${DIB_DEV_USER_PWDLESS_SUDO}" ]; then
+    cat > /etc/sudoers.d/${DIB_DEV_USER_USERNAME} << EOF
+${DIB_DEV_USER_USERNAME} ALL=(ALL) NOPASSWD:ALL
+EOF
+    chmod 0440 /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
+    visudo -c || rm /etc/sudoers.d/${DIB_DEV_USER_USERNAME}
+fi
+
+if [ -f /tmp/in_target.d/devuser-ssh-authorized-keys ]; then
+    mkdir -p /home/${DIB_DEV_USER_USERNAME}/.ssh
+    cp /tmp/in_target.d/devuser-ssh-authorized-keys /home/${DIB_DEV_USER_USERNAME}/.ssh/authorized_keys
+fi
+
+chown -R ${DIB_DEV_USER_USERNAME}:${DIB_DEV_USER_USERNAME} /home/${DIB_DEV_USER_USERNAME}