diff --git a/layers/meta-opentrons/recipes-core/dropbear/dropbear_%.bbappend b/layers/meta-opentrons/recipes-core/dropbear/dropbear_%.bbappend index 206aa04a..a878e1c2 100644 --- a/layers/meta-opentrons/recipes-core/dropbear/dropbear_%.bbappend +++ b/layers/meta-opentrons/recipes-core/dropbear/dropbear_%.bbappend @@ -1,7 +1,16 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" + +SRC_URI += "file://opentrons-dropbear.default" + do_install_append() { # create a symlink to store rsa host keys in read-write /var/lib/dropbear dir. install -d ${D}/var/lib/dropbear rm -rf ${D}/${sysconfdir}/dropbear ln -sf /var/lib/dropbear ${D}/${sysconfdir}/dropbear + # install dropbear config if release + if [[ "${OT_BUILD_TYPE}" =~ "release" ]]; then + bbnote "Installing custom dropbear config for release build." + install -m 0644 ${WORKDIR}/opentrons-dropbear.default ${D}${sysconfdir}/default/dropbear + fi } diff --git a/layers/meta-opentrons/recipes-core/dropbear/files/opentrons-dropbear.default b/layers/meta-opentrons/recipes-core/dropbear/files/opentrons-dropbear.default new file mode 100644 index 00000000..1509ffc2 --- /dev/null +++ b/layers/meta-opentrons/recipes-core/dropbear/files/opentrons-dropbear.default @@ -0,0 +1,4 @@ +# Disable SSH password logins. We only use public key authentication. +# This prevents a confusing password prompt from showing up when someone +# tries to log in with a missing or wrong key. +DROPBEAR_EXTRA_ARGS="-s" diff --git a/layers/meta-opentrons/recipes-images/images/opentrons-ot3-image.bb b/layers/meta-opentrons/recipes-images/images/opentrons-ot3-image.bb index 936aa24a..1265d60e 100644 --- a/layers/meta-opentrons/recipes-images/images/opentrons-ot3-image.bb +++ b/layers/meta-opentrons/recipes-images/images/opentrons-ot3-image.bb @@ -52,7 +52,7 @@ IMAGE_INSTALL += " \ opentrons-jupyter-notebook opentrons-usb-bridge \ opentrons-system-server opentrons-mcu-firmware \ opentrons-user-environment opentrons-module-firmware \ - opentrons-systemd-units \ + opentrons-systemd-units opentrons-ssh-keys \ " # We do NOT want the toradex libusbgx packages that autoconfigure the OTG USB diff --git a/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/files/opentrons-flex.pub b/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/files/opentrons-flex.pub new file mode 100644 index 00000000..93f3f773 --- /dev/null +++ b/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/files/opentrons-flex.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmd34g9YqwQ7oMOJjPJezLIAOsov9vtr/dWqrwsVPLX1MkM0zFJg1Ou9NE9p30VaDnE92Hx0N9ndr8mznoImx/l8lkm9Z2QW+uO1eSKoQVwlz/1Dc+MJq8gy41GWYlKLr7p2b0TicAPcvGGYsFOmEUszOr5M78kOa2SHcHryd5Ol0T1bZQJ9p66JM8yY0upclrZouJEI5ozq/fHcihuR/WVo/dq81lM3lImfnfTe48exV42CGMndfTM0LFwRSRN1ANNr+Wto1a+X4lRnlk/RFzxB8a49UxNqQTCpdy/49wilQV7FJu9oHsaJI1dcKV9DE657gOrzM7tBaJXL6yh8Jn + diff --git a/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/opentrons-ssh-keys.bb b/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/opentrons-ssh-keys.bb new file mode 100644 index 00000000..0e4053e3 --- /dev/null +++ b/layers/meta-opentrons/recipes-robot/opentrons-ssh-keys/opentrons-ssh-keys.bb @@ -0,0 +1,12 @@ +DESCRIPTION = "Install authorized SSH keys to the image" +LICENSE="Apache-2.0" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10" + +SRC_URI = "file://opentrons-flex.pub" + +do_install () { + install -m 700 -d ${D}/home/root/.ssh + install -m 644 ${WORKDIR}/opentrons-flex.pub ${D}/home/root/.ssh/authorized_keys +} + +FILES_${PN} += "/home/root/.ssh/authorized_keys" diff --git a/linux-toradex_5.4-2.3.x.patch b/linux-toradex_5.4-2.3.x.patch deleted file mode 100644 index 975b5446..00000000 --- a/linux-toradex_5.4-2.3.x.patch +++ /dev/null @@ -1,8 +0,0 @@ -10c10 -< git://git.toradex.com/linux-toradex.git;protocol=https;branch=${SRCBRANCH};name=machine \ ---- -> git://git.toradex.com/linux-toradex.git;protocol=http;branch=${SRCBRANCH};name=machine \ -25c25 -< SRCREV_machine = "64dbf17bb33e10d844b01fd7294104cd4f1b8c5b" ---- -> SRCREV_machine = "2dd6306225361e47a9ef40f6a81a5487920a09ab"