console_conf: identity: allow use of prepared host keys fingerprints
In strict snap confinement, sshd config or host keys are not accessible. If strict confinement is detected, instead allow reuse of the host keys fingerprints already prepared by invoking process. Prepared fingerprints are stored in: /run/console-conf/host-fingerprints.txt Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
This commit is contained in:
parent
5a1a2b0faa
commit
e6aa7e1dcc
|
@ -19,6 +19,7 @@ import os
|
|||
import pwd
|
||||
import shlex
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
from console_conf.ui.views import IdentityView, LoginView
|
||||
from subiquitycore.snapd import SnapdConnection
|
||||
|
@ -116,10 +117,21 @@ def write_login_details(fp, username, ips):
|
|||
)
|
||||
else:
|
||||
first_ip = ips[0]
|
||||
key_info = None
|
||||
if os.getenv("SNAP_CONFINEMENT", "classic") == "strict":
|
||||
# if we run in confinement, we have no direct accesss to host
|
||||
# keys info use prepared finger prints if exist
|
||||
host_fingerprints_path = "/run/console-conf/host-fingerprints.txt"
|
||||
host_fingerprints = Path(host_fingerprints_path)
|
||||
if host_fingerprints.is_file():
|
||||
fingerprints = open(host_fingerprints_path, "r")
|
||||
key_info = fingerprints.read()
|
||||
else:
|
||||
key_info = host_key_info()
|
||||
fp.write(
|
||||
login_details_tmpl.format(
|
||||
sshcommands=sshcommands,
|
||||
host_key_info=host_key_info(),
|
||||
host_key_info=key_info,
|
||||
tty_name=tty_name,
|
||||
first_ip=first_ip,
|
||||
version=version,
|
||||
|
|
Loading…
Reference in New Issue