Crostini install flow to generate cros sshkeys and insert pub key into container |
|||||||||||
Issue descriptionWhen crostini container is created, ssh keys should be generated and public key added to container authorized_keys file. These keys must also be made available to FilesApp to use as client ssh keys when connecting to container.
,
Apr 13 2018
,
Apr 17 2018
I don't believe that cros currently ships sshkeygen. I expect we need to add that to standard cros image.
,
Apr 17 2018
FilesApp requires generated cros private key (id_rsa), and also public key of crostini server (id_rsa.pub) which will be added to the cros known_hosts file.
,
Apr 18 2018
,
Apr 18 2018
,
Apr 20 2018
,
Apr 23 2018
,
Apr 27 2018
,
May 4 2018
,
May 9 2018
,
May 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/system_api/+/5780e54d840fd952550ca34f7e5b7d0bb802f7cf commit 5780e54d840fd952550ca34f7e5b7d0bb802f7cf Author: Jeffrey Kardatzke <jkardatzke@google.com> Date: Thu May 10 22:09:48 2018 Add GetContainerSshKeys call to vm_concierge This adds a call for getting the ssh keys for a container and the host that are used for doing an SFTP mount of the container's filesystem. BUG= chromium:832508 TEST=Builds Change-Id: I373460ccf640b346e44097e93105be6e8521dd5f Reviewed-on: https://chromium-review.googlesource.com/1053246 Commit-Ready: Jeffrey Kardatzke <jkardatzke@google.com> Tested-by: Jeffrey Kardatzke <jkardatzke@google.com> Reviewed-by: Dan Erat <derat@chromium.org> Reviewed-by: Joel Hockey <joelhockey@chromium.org> [modify] https://crrev.com/5780e54d840fd952550ca34f7e5b7d0bb802f7cf/dbus/vm_concierge/service.proto [modify] https://crrev.com/5780e54d840fd952550ca34f7e5b7d0bb802f7cf/dbus/vm_concierge/dbus-constants.h
,
May 12 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/23aa291f40a7563d0b241062f97994ff926bfed9 commit 23aa291f40a7563d0b241062f97994ff926bfed9 Author: Jeffrey Kardatzke <jkardatzke@google.com> Date: Sat May 12 06:22:15 2018 vm_tools: Add SSH keys to vm_concierge This adds SSH key generation, retrieval and passing to the container for the purpose of SFTP mounting the container's filesystem in the Chrome OS Files app. There is one keypair for the host and then one keypair per container. Container keys are deleted if their corresponding VM is deleted. BUG= chromium:832508 TEST=Verified keys are generated and passed into run_container script Change-Id: I8818bf6c64294d83750bdcfb4ef84e028ec0dd2d Reviewed-on: https://chromium-review.googlesource.com/1053296 Commit-Ready: Jeffrey Kardatzke <jkardatzke@google.com> Tested-by: Jeffrey Kardatzke <jkardatzke@google.com> Reviewed-by: Stephen Barber <smbarber@chromium.org> [modify] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/host.gypi [modify] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/concierge/service.cc [modify] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/concierge/client.cc [add] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/concierge/ssh_keys.h [modify] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/concierge/service.h [add] https://crrev.com/23aa291f40a7563d0b241062f97994ff926bfed9/vm_tools/concierge/ssh_keys.cc
,
May 15 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4edc9ebb32e8d46201baf11797b7d06f3687ee2e commit 4edc9ebb32e8d46201baf11797b7d06f3687ee2e Author: Joel Hockey <joelhockey@chromium.org> Date: Tue May 15 00:54:24 2018 Add GetContainerSshKeys call to CrostiniManager Exposes concierge call to FilesApp running in browser. Bug: 832508 Change-Id: Ic4fdbc417b10399ba47f597ce47a1a57c2e13098 Reviewed-on: https://chromium-review.googlesource.com/1056770 Commit-Queue: Joel Hockey <joelhockey@chromium.org> Reviewed-by: Nicholas Verne <nverne@chromium.org> Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#558561} [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chrome/browser/chromeos/crostini/crostini_manager.cc [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chrome/browser/chromeos/crostini/crostini_manager.h [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chromeos/dbus/concierge_client.cc [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chromeos/dbus/concierge_client.h [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chromeos/dbus/fake_concierge_client.cc [modify] https://crrev.com/4edc9ebb32e8d46201baf11797b7d06f3687ee2e/chromeos/dbus/fake_concierge_client.h
,
May 16 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c613fec7bf46edabb6fdbaf5972159f6bb51a32c commit c613fec7bf46edabb6fdbaf5972159f6bb51a32c Author: Jeffrey Kardatzke <jkardatzke@google.com> Date: Wed May 16 18:34:28 2018 Pass cryptohome_id into the StartContainer call Bug: 832508 Test: Verified key generation by concierge from Chrome call Change-Id: Ie031d59ab95da3f5394c9621413a5a48066619a5 Reviewed-on: https://chromium-review.googlesource.com/1053273 Reviewed-by: Nicholas Verne <nverne@chromium.org> Reviewed-by: Joel Hockey <joelhockey@chromium.org> Commit-Queue: Jeffrey Kardatzke <jkardatzke@google.com> Cr-Commit-Position: refs/heads/master@{#559202} [modify] https://crrev.com/c613fec7bf46edabb6fdbaf5972159f6bb51a32c/chrome/browser/chromeos/crostini/crostini_manager.cc [modify] https://crrev.com/c613fec7bf46edabb6fdbaf5972159f6bb51a32c/chrome/browser/chromeos/crostini/crostini_manager.h [modify] https://crrev.com/c613fec7bf46edabb6fdbaf5972159f6bb51a32c/chrome/browser/chromeos/crostini/crostini_manager_unittest.cc
,
May 17 2018
|
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by slangley@chromium.org
, Apr 13 2018Labels: CrOSFilesFeature-Crostini