Brian Hanson
5e7911e599
Keys now install to /root/.ssh/ (for root git operations) instead of /data/ssh/.ssh/. Runs every boot via on_start.sh so keys are available even without a full provision cycle. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
36 lines
1.4 KiB
Bash
Executable File
36 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Install logo
|
|
bash /data/openpilot/system/clearpilot/startup_logo/set_logo.sh
|
|
|
|
# SSH — always, unconditionally, first thing
|
|
cat /data/openpilot/system/clearpilot/dev/GithubSshKeys > /data/params/d/GithubSshKeys
|
|
echo -n 1 > /data/params/d/SshEnabled
|
|
sudo systemctl enable ssh 2>/dev/null
|
|
sudo systemctl start ssh
|
|
|
|
# Decrypt and install SSH identity keys for root (git auth)
|
|
serial=$(sed 's/.*androidboot.serialno=\([^ ]*\).*/\1/' /proc/cmdline)
|
|
ssh_dir="/root/.ssh"
|
|
if [[ $serial == 3889765b ]] && [[ ! -f "$ssh_dir/id_ed25519" || ! -f "$ssh_dir/id_ed25519.pub" ]]; then
|
|
echo "Decrypting SSH identity keys for root (serial=$serial)..."
|
|
tmpdir=$(mktemp -d)
|
|
bash /data/openpilot/system/clearpilot/tools/decrypt /data/openpilot/system/clearpilot/dev/id_ed25519.cpt "$tmpdir/id_ed25519"
|
|
bash /data/openpilot/system/clearpilot/tools/decrypt /data/openpilot/system/clearpilot/dev/id_ed25519.pub.cpt "$tmpdir/id_ed25519.pub"
|
|
sudo mkdir -p "$ssh_dir"
|
|
sudo cp "$tmpdir/id_ed25519" "$tmpdir/id_ed25519.pub" "$ssh_dir/"
|
|
rm -rf "$tmpdir"
|
|
sudo chmod 700 "$ssh_dir"
|
|
sudo chmod 600 "$ssh_dir/id_ed25519"
|
|
sudo chmod 644 "$ssh_dir/id_ed25519.pub"
|
|
echo "SSH identity keys installed to $ssh_dir"
|
|
fi
|
|
|
|
# Always ensure WiFi radio is on
|
|
nmcli radio wifi on 2>/dev/null
|
|
|
|
# Provision (packages, git pull, build) if no quick_boot flag
|
|
if [ ! -f /data/quick_boot ]; then
|
|
sudo bash /data/openpilot/system/clearpilot/provision.sh
|
|
fi
|