Enable auto-unlock of keychain

jackjia-ibm · Aug 23, 2018 · 07ef4e1 · 07ef4e1
1 parent 6d9689a
commit 07ef4e1
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 126 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/Dockerfile b/Dockerfile
@@ -5,13 +5,33 @@ FROM ahumanfromca/jenkins-npm-agent
 # Installs the libsecret library required by keytar
 RUN apt-get update && apt-get install -y gnome-keyring libsecret-1-dev
 
-# Copy the PAM configuration to allow unlocking of the gnome keyring
-RUN rm /etc/pam.d/login
-COPY login /etc/pam.d/login
-
-# Add to the .bashrc configuration with additional options for auto launching a dbus-session
-COPY .bashrc /home/jenkins/.bashrc_temp
-RUN cat /home/jenkins/.bashrc_temp>>/home/jenkins/.bashrc
-RUN rm /home/jenkins/.bashrc_temp
+ARG tempLocation=/tmp/jenkins-npm-keytar
+RUN mkdir ${tempLocation}
+
+# Copy the PAM configuration options to allow auto unlocking of the gnome keyring
+COPY pam.config ${tempLocation}/pam.config
+
+# Enable unlocking for ssh
+RUN cat ${tempLocation}/pam.config>>/etc/pam.d/sshd
+
+# Enable unlocking for regular login
+RUN cat ${tempLocation}/pam.config>>/etc/pam.d/login
+
+# Copy the profile script that needs to run to allow autostart of the dbus session without a display
+COPY dbus_start ${tempLocation}/dbus_start
+
+# Enable dbus for ssh and most other native shells
+ARG profileLoc=/etc/profile.d/dbus_start.sh
+RUN touch ${profileLoc} \
+    && echo '#!/bin/sh'>>${profileLoc} \
+    && cat ${tempLocation}/dbus_start>>${profileLoc}
+
+# Enable for all bash profiles
+ARG globalBashrc=/etc/bash.bashrc
+RUN touch ${globalBashrc} \
+    && cat ${tempLocation}/dbus_start>>${globalBashrc}
+
+# Cleanup any temp files we have created
+RUN rm -rdf ${tempLocation}
 
 CMD ["/usr/sbin/sshd", "-D"]
diff --git a/.bashrc → dbus_start b/.bashrc → dbus_start
@@ -1,10 +1,14 @@
 
 ###################################################
 # KEYTAR SPECIFICS                                #
+###################################################
 # Needed so that the D-Bus message service can    #
 # be used for the entire session so that we can   #
 # unlock the gnome keyring used by keytar         #
 ###################################################
 if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
   eval `dbus-launch --sh-syntax`
-fi
+fi
+###################################################
+# END KEYTAR SPECIFICS                            #
+###################################################
diff --git a/login b/login
diff --git a/pam.config b/pam.config
@@ -0,0 +1,13 @@
+
+###################################################
+# KEYTAR SPECIFICS                                #
+###################################################
+# Needed so that the D-Bus message service can    #
+# be used for the entire session so that we can   #
+# unlock the gnome keyring used by keytar         #
+###################################################
+auth     optional  pam_gnome_keyring.so
+session  optional  pam_gnome_keyring.so auto_start
+###################################################
+# END KEYTAR SPECIFICS                            #
+###################################################
diff --git a/run.sh b/run.sh
@@ -19,5 +19,13 @@ elif [ "$1" = "clean" ] ; then
    echo "clean up container"
 else
    echo "running in daemon mode"
-   docker run --name $CONTAINER_NAME -d -p 4873:4873 $IMAGE_NAME
+   docker run --name $CONTAINER_NAME -d -p 4873:4873 --privileged $IMAGE_NAME
+
+   echo "Container IP:"
+   IP=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $CONTAINER_NAME)
+   echo $IP
+
+   echo ""
+   echo "Cleaning SSH Keychain:"
+   ssh-keygen -f ~/.ssh/known_hosts -R $IP
 fi