feat: adds ssh mode switching; production, maintenance, status and fa… #6
Conversation
| chown -R ${SSH_USER_ID}:${SSH_USER_ID} ${D}${SSH_USER_HOME} | ||
|
|
||
| # Set up .profile to source /etc/profile | ||
| echo '. /etc/profile' > ${D}${SSH_USER_HOME}/.profile |
There was a problem hiding this comment.
I don't think we need to source profile
| # If not set, check the original environment | ||
| origenv = d.getVar("BB_ORIGENV", False) | ||
| if origenv: | ||
| ssh_key = origenv.getVar('SSH_USER_KEY') |
There was a problem hiding this comment.
can we use the already existing env var SEARCHER_SSH_KEY instead of introducing a new one?
|
I guess handling how the searcher user is being forwarded back into its container upon switching to maintenance mode isn't handled here, right? |
| SUMMARY = "Adds failsafe mode user and script" | ||
| DESCRIPTION = "Creates the failsafe mode user and sets up SSH access with the provided SSH key, limit's the user to execute the failsafe.sh wrapper script" | ||
|
|
||
| require ssh-mode-switch.inc | ||
|
|
||
| SSH_USER_ID = "1103" | ||
| RDEPENDS:${PN} += "curl" |
There was a problem hiding this comment.
do we need the failsafe to be also exposed and be callable by its own SSH USER?
I thought the fail safe triggers in case the production or maintenance scripts fail.
|
I see that you included a failsafe fallback but I believe it is already handled from the go-bob-firewall here. |
|
TODO: allow Igor to run this |
…ilsafe