install: add --no-sshd argument (MR 2030)

Allow to disable the sshd service in the target OS, and note at the end
of the installation whether sshd is enabled or not.
This commit is contained in:
Oliver Smith 2021-02-13 12:00:43 +01:00 committed by Martijn Braam
parent 94544b8435
commit 5b01a18cba
No known key found for this signature in database
GPG Key ID: C4280ACB000B060F
2 changed files with 44 additions and 0 deletions

View File

@ -323,6 +323,43 @@ def setup_hostname(args):
pmb.chroot.root(args, ["sed", "-i", "-e", regex, "/etc/hosts"], suffix)
def disable_sshd(args):
if not args.no_sshd:
return
# check=False: rc-update doesn't exit with 0 if already disabled
suffix = f"rootfs_{args.device}"
pmb.chroot.root(args, ["rc-update", "del", "sshd", "default"], suffix,
check=False)
# Verify that it's gone
sshd_files = pmb.helpers.run.root(
args, ["find", "-name", "sshd"], output_return=True,
working_dir=f"{args.work}/chroot_{suffix}/etc/runlevels")
if sshd_files:
raise RuntimeError(f"Failed to disable sshd service: {sshd_files}")
def print_sshd_info(args):
logging.info("*** SSH DAEMON INFORMATION ***")
if not args.ondev_no_rootfs:
if args.no_sshd:
logging.info("SSH daemon is disabled (--no-sshd).")
else:
logging.info("SSH daemon is enabled (disable with --no-sshd).")
logging.info(f"Login as '{args.user}' with the password given"
" during installation.")
if args.on_device_installer:
# We don't disable sshd in the installer OS. If the device is reachable
# on the network by default (e.g. Raspberry Pi), one can lock down the
# installer OS down by disabling the debug user (see wiki page).
logging.info("SSH daemon is enabled in the installer OS, to allow"
" debugging the installer image.")
logging.info("More info: https://postmarketos.org/ondev-debug")
def embed_firmware(args, suffix):
"""
This method will embed firmware, located at /usr/share, that are specified
@ -725,6 +762,8 @@ def create_device_rootfs(args, step, steps):
# Set the hostname as the device name
setup_hostname(args)
disable_sshd(args)
def install(args):
# Sanity checks
@ -767,3 +806,4 @@ def install(args):
install_system_image(args, 0, f"rootfs_{args.device}", step, steps,
split=args.split, sdcard=args.sdcard)
print_flash_info(args)
print_sshd_info(args)

View File

@ -50,6 +50,10 @@ def arguments_install(subparser):
ret = subparser.add_parser("install", help="set up device specific"
" chroot and install to SD card or image file")
# Other arguments (that don't fit categories below)
ret.add_argument("--no-sshd", action="store_true",
help="do not enable the SSH daemon by default")
# Image type
group_desc = ret.add_argument_group(
"optional image type",