dropbear: add a uci-defaults script for loading authorized keys

Write the ssh authorized key to /etc/dropbear/ssh_authorized_keys if present
inside boad.json.

Signed-off-by: John Crispin <john@phrozen.org>

2 files changed, 22 insertions, 0 deletions

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 3367fd7f74..e9f3bd693c 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -227,6 +227,8 @@ define Package/dropbear/install
 	$(INSTALL_DIR) $(1)/etc/dropbear
 	$(INSTALL_DIR) $(1)/lib/preinit
 	$(INSTALL_DATA) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/dropbear.defaults $(1)/etc/uci-defaults/50-dropbear
 	$(foreach f,$(filter /etc/dropbear/%,$(Package/dropbear/conffiles)),$(if $(wildcard $(TOPDIR)/files/$(f)),chmod 0600 $(TOPDIR)/files/$(f) || :; ))
 endef
 
diff --git a/package/network/services/dropbear/files/dropbear.defaults b/package/network/services/dropbear/files/dropbear.defaults
new file mode 100644
index 0000000000..e679bee5db
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.defaults
@@ -0,0 +1,20 @@
+[ ! -s /etc/dropbear/authorized_keys ] || exit 0
+
+. /usr/share/libubox/jshn.sh
+
+json_init
+json_load "$(cat /etc/board.json)"
+json_select credentials
+	json_get_keys keys ssh_authorized_keys
+	[ -z "$keys" ] || {
+		touch /etc/dropbear/authorized_keys
+		uci set dropbear.@dropbear[-1].PasswordAuth='off'
+		uci set dropbear.@dropbear[-1].RootPasswordAuth='off'
+	}
+	json_select ssh_authorized_keys
+		for key in $keys; do
+	                json_get_var val "$key"
+	                echo "$val" >> /etc/dropbear/authorized_keys
+		done
+	json_select ..
+json_select ..