mod_image_for_test: add --{no,}standard_backdoor option.

The default is --standard_backdoor, which installs well-known ssh keys and sets a well-known root password. Passing --nostandard_backdoor will cause mod_image_for_test to use ssh keys from ~/.ssh/*.pub instead of the test keys and not set the root password. BUG=chromium-os:11744 TEST=Adhoc Build an image with --standard_backdoor. ssh -i ${SRC}/src/scripts/mod_for_test_scripts/ssh_keys/testing_rsa root@${DUT} ssh root@${DUT} with 'test0000' cat /root/.ssh/authorized_keys # check for the test key Build an image with --nostandard_backdoor. ssh -o PubkeyAuthentication=no root@${DUT} # this will fail ssh root@${DUT} # this should work cat /root/.ssh/authorized_keys # check for just your keys Change-Id: Ie92fbc9d3815f478698c8c94d938daca2b5cd53e Signed-off-by: Elly Jones <ellyjones@chromium.org> Reviewed-on: http://gerrit.chromium.org/gerrit/3449 Reviewed-by: David Rochberg <rochberg@chromium.org>
2026-05-04 11:51:14 +02:00 · 2011-06-30 11:08:28 -04:00 · 2011-06-30 11:08:28 -04:00 · 39ba1e5891
commit 39ba1e5891
parent e7ea070644
4 changed files with 19 additions and 2 deletions
--- a/enter_chroot.sh
+++ b/enter_chroot.sh
@ -242,6 +242,7 @@ function setup_env {
      if [ -n "${SSH_AUTH_SOCK}" -a -d "${HOME}/.ssh" ]; then
        mkdir -p "${TARGET_DIR}"
        cp -r "${HOME}/.ssh/known_hosts" "${TARGET_DIR}"
+        cp -r ${HOME}/.ssh/*.pub "${TARGET_DIR}"
        copy_ssh_config "${TARGET_DIR}"
        ASOCK="$(dirname "${SSH_AUTH_SOCK}")"
        ensure_mounted "${ASOCK}" "--bind" "${ASOCK}"
--- a/mod_for_test_scripts/300changePassword
+++ b/mod_for_test_scripts/300changePassword
@ -4,6 +4,10 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

+if [ "$BACKDOOR" -eq "0" ]; then
+  exit 0
+fi
+
 # reset root password to test0000 (4 zeroes).
 TEMP_SHADOWFILE=${ROOT_FS_DIR}/etc/newshadow
 CRYPTED_PASSWD="$(echo "test0000" | openssl passwd -1 -stdin)"
--- a/mod_for_test_scripts/350addTestAuthKeys
+++ b/mod_for_test_scripts/350addTestAuthKeys
@ -9,7 +9,12 @@

 echo "Copying public keys and changing PATH for ssh clients"

-KEYS_DIR=${GCLIENT_ROOT}/src/scripts/mod_for_test_scripts/ssh_keys
+if [ "$BACKDOOR" -eq 1 ]; then
+  KEYS_DIR=${GCLIENT_ROOT}/src/scripts/mod_for_test_scripts/ssh_keys
+else
+  KEYS_DIR=${GCLIENT_ROOT}/../.ssh
+fi
+
 mkdir -p ${ROOT_FS_DIR}/root/.ssh
 ROOT_AUTHKEYS=${ROOT_FS_DIR}/root/.ssh/authorized_keys
 cat ${KEYS_DIR}/*.pub >> ${ROOT_AUTHKEYS}
--- a/mod_image_for_test.sh
+++ b/mod_image_for_test.sh
@ -72,6 +72,8 @@ DEFINE_boolean force_copy $FLAGS_FALSE \
 # TODO(clchiou): Remove this flag after arm verified boot is stable
 DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \
  "Sign kernel partition for ARM images (temporary hack)."
+DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \
+  "Install standard backdoor credentials for testing"

 # Parse command line
 FLAGS "$@" || exit 1
@ -251,9 +253,14 @@ trap cleanup EXIT
 emerge_chromeos_test

 MOD_TEST_SCRIPT="$SCRIPTS_DIR/mod_for_test_scripts/test_setup.sh"
+BACKDOOR=0
+if [ $FLAGS_standard_backdoor -eq $FLAGS_TRUE ]; then
+  BACKDOOR=1
+fi
 # Run test setup script to modify the image
 sudo GCLIENT_ROOT="$GCLIENT_ROOT" ROOT_FS_DIR="$ROOT_FS_DIR" \
-    STATEFUL_DIR="$STATEFUL_DIR" ARCH="$ARCH" "$MOD_TEST_SCRIPT"
+    STATEFUL_DIR="$STATEFUL_DIR" ARCH="$ARCH" BACKDOOR="${BACKDOOR}" \
+    "$MOD_TEST_SCRIPT"

 if [ $FLAGS_factory -eq $FLAGS_TRUE ]; then
  sudo INSTALL_MASK="$INSTALL_MASK" $EMERGE_BOARD_CMD \