40197fa7f1
This patch is a follow up patch fixing some nits left by the review
25d3ee5471.
It does:
* Fix the README file to say that the password *must* be encrypted and
the option values *must* be quoted
* Adds Type=oneshot in the upstart service config file so that upstart
will not try to restart the service over and over.
* Enable setu, sete and setpipefail in the dynamic-login script
Change-Id: Iee5d75daef24469ccf47ca12de6ead37bf9d8d6f
35 lines
1.1 KiB
Bash
Executable File
35 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# dib-lint: disable=dibdebugtrace
|
|
# Copyright 2015 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
# Reads an encrypted root password from the kernel command line and set
|
|
# it to the root user
|
|
if [[ $(</proc/cmdline) =~ rootpwd=\"([^\"]+)\" ]]; then
|
|
echo "root:${BASH_REMATCH[1]}" | chpasswd -e
|
|
fi
|
|
|
|
# Reads a sshkey from the kernel command line and appends it to the root
|
|
# user authorized_keys
|
|
SSHDIR=/root/.ssh
|
|
if [[ $(</proc/cmdline) =~ sshkey=\"([^\"]+)\" ]]; then
|
|
mkdir -p $SSHDIR
|
|
chmod 700 $SSHDIR
|
|
echo "${BASH_REMATCH[1]}" > $SSHDIR/authorized_keys
|
|
chmod 600 $SSHDIR/authorized_keys
|
|
fi
|