From a688cf3f8fd48147745992d5e8d733a3b5ed28ae Mon Sep 17 00:00:00 2001
From: "Gerd v. Egidy" <gerd@egidy.de>
Date: Sat, 11 Mar 2023 18:32:07 +0100
Subject: [PATCH] always create an empty /root/.ssh/authorized_keys with
 correct permissions

Precreating the file and directory makes it easier for the user to add their key
since the correct permissions are already set.

This does not interfere with using the yaml config to set a key or using
the mechanisms described in https://systemd.io/CREDENTIALS/
---
 airootfs/etc/tmpfiles.d/ssh_authorized_keys.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 airootfs/etc/tmpfiles.d/ssh_authorized_keys.conf

diff --git a/airootfs/etc/tmpfiles.d/ssh_authorized_keys.conf b/airootfs/etc/tmpfiles.d/ssh_authorized_keys.conf
new file mode 100644
index 0000000..b7e29bf
--- /dev/null
+++ b/airootfs/etc/tmpfiles.d/ssh_authorized_keys.conf
@@ -0,0 +1,14 @@
+# create an empty /root/.ssh/authorized_keys file with correct permissions
+# this makes adding a key easier since the correct permissions are already set
+#
+# this builds upon /usr/lib/tmpfiles.d/provision.conf
+# and supports adding entries via https://systemd.io/CREDENTIALS/
+#
+# See tmpfiles.d(5) for details
+#
+
+# Provision SSH key for root
+d- /root :0700 root :root -
+d- /root/.ssh :0700 root :root -
+f /root/.ssh/authorized_keys :0600 root :root -
+w+^ /root/.ssh/authorized_keys :0600 root :root - ssh.authorized_keys.root