The gluon-authorized-keys is usually installed to use SSH keys to
authenticate a user against the device. To make this useful, it is also
required to disable passwordless SSH access to the device.
This new dependency is only required when the user doesn't have
gluon-setup-mode enabled already.
Fixes: #1777
Reported-by: yanosz <github@yanosz.net>
Fixes: a753fa79e3 ("gluon-authorized-keys: add keys from site.conf")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 2eb15bac0e)
In addition to significant internal differences in check_site_lib.lua (in
particular unifying error handling to a single place for the upcoming
multi-domain support), this changes the way fields are addressed in site
check scripts: rather than providing a string like 'next_node.ip6', the
path is passed as an array {'next_node', 'ip6'}.
Other changes in site check scripts:
* need_array and need_table now pass the full path to the sub fields to the
subcheck instead of the key and value
* Any check referring to a field inside a table implies that all higher
levels must be tables if they exist: a check for {'next_node', 'ip6'} adds
an implicit (optional) check for {'next_node'}, which allows to remove many
explicit checks for such tables
Moving the scripts to a common directory not only vastly simplifies the
zzz-gluon-upgrade script, but also allows to define an ordering of such
scripts across packages.
This package will run as invariant script after each upgrade and copy
all keys from site.conf's authorized_keys entry to
/etc/dropbear/authorized_keys.
Existing keys will be preserved.
The site.conf entry 'authorized_keys' is required (if this package is
selected) and must contain a list of strings, each representing a line
of the resulting file.