From 5aec592bda6468d616f6fa6a6c1fa2d9e6c6895a Mon Sep 17 00:00:00 2001
From: Marco Vanotti <mvanotti@google.com>
Date: Wed, 10 Jul 2019 15:53:04 -0700
Subject: pkg/build: Add ssh keys for fuchsia

This change modifies the way fuchsia is built to add the ssh keys to the
zbi image after building it. Previously that was done via the
"extra_ssh_keys" argument to the build system, but that was removed
recently.
---
 pkg/build/fuchsia.go | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'pkg')

diff --git a/pkg/build/fuchsia.go b/pkg/build/fuchsia.go
index b8a7a8556..8553fbf99 100644
--- a/pkg/build/fuchsia.go
+++ b/pkg/build/fuchsia.go
@@ -22,21 +22,29 @@ func (fu fuchsia) build(targetArch, vmType, kernelDir, outputDir, compiler, user
 	}
 	arch := sysTarget.KernelHeaderArch
 	product := fmt.Sprintf("%s.%s", "core", arch)
-	if _, err := osutil.RunCmd(time.Hour, kernelDir, "scripts/fx", "set", product,
-		"--args", `extra_authorized_keys_file="//.ssh/authorized_keys"`,
-		"--with-base", "//bundles:tools",
-		"--build-dir", "out/"+arch); err != nil {
+	if _, err := osutil.RunCmd(time.Hour, kernelDir, "scripts/fx", "--dir", "out/"+arch,
+		"set", product, "--with-base", "//bundles:tools"); err != nil {
 		return err
 	}
 	if _, err := osutil.RunCmd(time.Hour, kernelDir, "scripts/fx", "clean-build"); err != nil {
 		return err
 	}
+
+	// Fuchsia images no longer include ssh keys. Manually append the ssh public key to the zbi.
+	sshZBI := filepath.Join(kernelDir, "out", arch, "fuchsia-ssh.zbi")
+	kernelZBI := filepath.Join(kernelDir, "out", arch, "fuchsia.zbi")
+	authorizedKeys := fmt.Sprintf("data/ssh/authorized_keys=%s", filepath.Join(kernelDir, ".ssh", "authorized_keys"))
+	if _, err := osutil.RunCmd(time.Minute, kernelDir, "out/"+arch+".zircon/tools/zbi",
+		"-o", sshZBI, kernelZBI, "--entry", authorizedKeys); err != nil {
+		return err
+	}
+
 	for src, dst := range map[string]string{
 		"out/" + arch + "/obj/build/images/fvm.blk": "image",
 		".ssh/pkey": "key",
 		"out/" + arch + ".zircon/kernel-" + arch + "-gcc/obj/kernel/zircon.elf": "obj/zircon.elf",
 		"out/" + arch + ".zircon/multiboot.bin":                                 "kernel",
-		"out/" + arch + "/fuchsia.zbi":                                          "initrd",
+		"out/" + arch + "/fuchsia-ssh.zbi":                                      "initrd",
 	} {
 		fullSrc := filepath.Join(kernelDir, filepath.FromSlash(src))
 		fullDst := filepath.Join(outputDir, filepath.FromSlash(dst))
-- 
cgit mrf-deployment