From 39ba1e5891bec24d9c79e555d978bc0c37d4b9d9 Mon Sep 17 00:00:00 2001 From: Elly Jones Date: Thu, 30 Jun 2011 11:08:28 -0400 Subject: [PATCH] mod_image_for_test: add --{no,}standard_backdoor option. The default is --standard_backdoor, which installs well-known ssh keys and sets a well-known root password. Passing --nostandard_backdoor will cause mod_image_for_test to use ssh keys from ~/.ssh/*.pub instead of the test keys and not set the root password. BUG=chromium-os:11744 TEST=Adhoc Build an image with --standard_backdoor. ssh -i ${SRC}/src/scripts/mod_for_test_scripts/ssh_keys/testing_rsa root@${DUT} ssh root@${DUT} with 'test0000' cat /root/.ssh/authorized_keys # check for the test key Build an image with --nostandard_backdoor. ssh -o PubkeyAuthentication=no root@${DUT} # this will fail ssh root@${DUT} # this should work cat /root/.ssh/authorized_keys # check for just your keys Change-Id: Ie92fbc9d3815f478698c8c94d938daca2b5cd53e Signed-off-by: Elly Jones Reviewed-on: http://gerrit.chromium.org/gerrit/3449 Reviewed-by: David Rochberg --- enter_chroot.sh | 1 + mod_for_test_scripts/300changePassword | 4 ++++ mod_for_test_scripts/350addTestAuthKeys | 7 ++++++- mod_image_for_test.sh | 9 ++++++++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/enter_chroot.sh b/enter_chroot.sh index 6e167b5e75..89f9a387d5 100755 --- a/enter_chroot.sh +++ b/enter_chroot.sh @@ -242,6 +242,7 @@ function setup_env { if [ -n "${SSH_AUTH_SOCK}" -a -d "${HOME}/.ssh" ]; then mkdir -p "${TARGET_DIR}" cp -r "${HOME}/.ssh/known_hosts" "${TARGET_DIR}" + cp -r ${HOME}/.ssh/*.pub "${TARGET_DIR}" copy_ssh_config "${TARGET_DIR}" ASOCK="$(dirname "${SSH_AUTH_SOCK}")" ensure_mounted "${ASOCK}" "--bind" "${ASOCK}" diff --git a/mod_for_test_scripts/300changePassword b/mod_for_test_scripts/300changePassword index 34a50dfe2e..4d21212603 100755 --- a/mod_for_test_scripts/300changePassword +++ b/mod_for_test_scripts/300changePassword @@ -4,6 +4,10 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. +if [ "$BACKDOOR" -eq "0" ]; then + exit 0 +fi + # reset root password to test0000 (4 zeroes). TEMP_SHADOWFILE=${ROOT_FS_DIR}/etc/newshadow CRYPTED_PASSWD="$(echo "test0000" | openssl passwd -1 -stdin)" diff --git a/mod_for_test_scripts/350addTestAuthKeys b/mod_for_test_scripts/350addTestAuthKeys index 07da2e26cb..07e93b643d 100755 --- a/mod_for_test_scripts/350addTestAuthKeys +++ b/mod_for_test_scripts/350addTestAuthKeys @@ -9,7 +9,12 @@ echo "Copying public keys and changing PATH for ssh clients" -KEYS_DIR=${GCLIENT_ROOT}/src/scripts/mod_for_test_scripts/ssh_keys +if [ "$BACKDOOR" -eq 1 ]; then + KEYS_DIR=${GCLIENT_ROOT}/src/scripts/mod_for_test_scripts/ssh_keys +else + KEYS_DIR=${GCLIENT_ROOT}/../.ssh +fi + mkdir -p ${ROOT_FS_DIR}/root/.ssh ROOT_AUTHKEYS=${ROOT_FS_DIR}/root/.ssh/authorized_keys cat ${KEYS_DIR}/*.pub >> ${ROOT_AUTHKEYS} diff --git a/mod_image_for_test.sh b/mod_image_for_test.sh index 1140683c92..65898d8d1b 100755 --- a/mod_image_for_test.sh +++ b/mod_image_for_test.sh @@ -72,6 +72,8 @@ DEFINE_boolean force_copy $FLAGS_FALSE \ # TODO(clchiou): Remove this flag after arm verified boot is stable DEFINE_boolean crosbug12352_arm_kernel_signing ${FLAGS_TRUE} \ "Sign kernel partition for ARM images (temporary hack)." +DEFINE_boolean standard_backdoor ${FLAGS_TRUE} \ + "Install standard backdoor credentials for testing" # Parse command line FLAGS "$@" || exit 1 @@ -251,9 +253,14 @@ trap cleanup EXIT emerge_chromeos_test MOD_TEST_SCRIPT="$SCRIPTS_DIR/mod_for_test_scripts/test_setup.sh" +BACKDOOR=0 +if [ $FLAGS_standard_backdoor -eq $FLAGS_TRUE ]; then + BACKDOOR=1 +fi # Run test setup script to modify the image sudo GCLIENT_ROOT="$GCLIENT_ROOT" ROOT_FS_DIR="$ROOT_FS_DIR" \ - STATEFUL_DIR="$STATEFUL_DIR" ARCH="$ARCH" "$MOD_TEST_SCRIPT" + STATEFUL_DIR="$STATEFUL_DIR" ARCH="$ARCH" BACKDOOR="${BACKDOOR}" \ + "$MOD_TEST_SCRIPT" if [ $FLAGS_factory -eq $FLAGS_TRUE ]; then sudo INSTALL_MASK="$INSTALL_MASK" $EMERGE_BOARD_CMD \