osconfig: install root ssh keys to /var/roothome

The current location via tmpfiles.d to install the root ssh keys seems to be not working. There is an error that `/root/.ssh` does not exist from `systemd-tmpfiles-setup` and indeed the authorized_keys file is on in `/root/.ssh`. It seems like everything else in the firstboot in tmpfiles.d is refering to `/var/roothome` instead of `/root` and switching to this for the location of the ssh keys solves the issue.
containers · Mar 20, 2024 · 6b24170 · 6b24170
1 parent 4222b38
commit 6b24170
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/lib/src/install/osconfig.rs b/lib/src/install/osconfig.rs
@@ -18,7 +18,8 @@ pub(crate) fn inject_root_ssh_authorized_keys(
     // While not documented right now, this one looks like it does not newline wrap
     let b64_encoded = ostree_ext::glib::base64_encode(contents.as_bytes());
     // See the example in https://systemd.io/CREDENTIALS/
-    let tmpfiles_content = format!("f~ /root/.ssh/authorized_keys 600 root root - {b64_encoded}\n");
+    let tmpfiles_content =
+        format!("f~ /var/roothome/.ssh/authorized_keys 600 root root - {b64_encoded}\n");
 
     crate::lsm::ensure_dir_labeled(root, ETC_TMPFILES, None, 0o755.into(), sepolicy)?;
     let tmpfiles_dir = root.open_dir(ETC_TMPFILES)?;
@@ -45,7 +46,7 @@ fn test_inject_root_ssh() -> Result<()> {
     let content = root.read_to_string(format!("etc/tmpfiles.d/{ROOT_SSH_TMPFILE}"))?;
     assert_eq!(
         content,
-        "f~ /root/.ssh/authorized_keys 600 root root - c3NoLWVkMjU1MTkgQUJDREUgZXhhbXBsZUBkZW1vCg==\n"
+        "f~ /var/roothome/.ssh/authorized_keys 600 root root - c3NoLWVkMjU1MTkgQUJDREUgZXhhbXBsZUBkZW1vCg==\n"
     );
     Ok(())
 }