From 21054b181c2e0f5938b2921ec74eb0ceafbbac0f Mon Sep 17 00:00:00 2001
From: Michael Ho <michael.ho@ieee.org>
Date: Thu, 14 Sep 2023 14:53:58 +0200
Subject: [PATCH] stages/org.osbuild.users: support multiple SSH keys

Add a new attribute, "keys", to allow specifying multiple public SSH
keys to install to a users authorized_keys file.

This maintains backwards compatibility with the existing "key" attribute
that can only specify a single SSH key to install into the file (without
using some newline hacks).

Signed-off-by: Michael Ho <michael.ho@ieee.org>
---
 stages/org.osbuild.users | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/stages/org.osbuild.users b/stages/org.osbuild.users
index e48b6aa3..88a40f0b 100755
--- a/stages/org.osbuild.users
+++ b/stages/org.osbuild.users
@@ -63,6 +63,13 @@ SCHEMA = """
           "key": {
             "description": "SSH Public Key to add to ~/.ssh/authorized_keys",
             "type": "string"
+          },
+          "keys": {
+            "description": "Array of SSH Public Keys to add to ~/.ssh/authorized_keys",
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
           }
         }
       }
@@ -124,7 +131,7 @@ def usermod(root, name, gid=None, groups=None, description=None, home=None, shel
         subprocess.run(["chroot", root, "usermod", *arguments, name], check=True)
 
 
-def add_ssh_key(root, user, key):
+def add_ssh_keys(root, user, keys):
     _, _, uid, gid, _, home, _ = getpwnam(root, user)
     ssh_dir = f"{root}/{home}/.ssh"
     authorized_keys = f"{ssh_dir}/authorized_keys"
@@ -134,7 +141,7 @@ def add_ssh_key(root, user, key):
         os.chown(ssh_dir, int(uid), int(gid))
 
     with open(authorized_keys, "a", encoding="utf8") as f:
-        f.write(f"{key}\n")
+        f.write("\n".join(keys) + "\n")
 
     os.chown(authorized_keys, int(uid), int(gid))
     os.chmod(authorized_keys, 0o600)
@@ -176,9 +183,13 @@ def main(tree, options):
         else:
             useradd(tree, name, uid, gid, groups, description, home, shell, password)
 
-        key = user_options.get("key")  # Public SSH key
+        # following maintains backwards compatibility for handling a single ssh key
+        key = user_options.get("key")   # Public SSH key
+        keys = user_options.get("keys", [])  # Additional public SSH keys
         if key:
-            add_ssh_key(tree, name, key)
+            keys.append(key)
+        if keys:
+            add_ssh_keys(tree, name, keys)
 
     return 0