← Back to team overview

ubuntu-phone team mailing list archive

Re: Developer mode ... the next steps, managing ssh

 

hi,
Am Montag, den 18.08.2014, 10:39 +0200 schrieb Martin Pitt:
> Oliver Grawert [2014-08-14 20:09 +0200]:
> > today i landed the dbus support for en/disabling ssh as phablet user, if
> > you have any scripts that call something like: "adb shell start
> > ssh" (which operates on the assumption that your adb shell actually runs
> > as root), please make it use the following lines now (works via adb or
> > manually)
> > 
> > gdbus call -y -d com.canonical.PropertyService
> > -o /com/canonical/PropertyService -m
> > com.canonical.PropertyService.SetProperty ssh true 
> > 
> > this will enable sshd ...
> 
> For the record, I updated autopkgtest's ssh setup script for phones in
> http://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=8310717
> 
> However, non-root adb will break some other things in there: It writes
> into /cache/recovery/ubuntu_command for factory reset, and saves and
this is fixed already by having the dir owned by the right group and the
phablet user being in it, you should already be able to put files in
there as phablet user.

> restores /etc/NetworkManager/system-connections/ before/after factory
> reset.
if it actually uses the files this needs to be fixed in factory reset
code ... 
phablet-network will use nmcli in the future landings for this are
pending

>   Running these through adb (or ssh, which is less desirable)
> would need sudo. I suppose there is no SetPropery call (as an user) to
> enable sudo, as that would make the whole lockdown pointless.
this wont make the lockdown pointless as you still need to explicitly
enable password protection to switch it on ...
there will be some debus properties i'm currently working on that will
allow a set of hardcoded commands via sudoers.d snippets ...
(alternatively we would have to echo the password into scripts and store
it as clear text on the PC ... i find that less desirable)


> Also, will "adb reboot recovery" still work as non-root?
> 
yes, the privilege dropping only happens for adb shell ... the rest of
adb features still works as known 

> I suppose for both things we need a way to enable sudo when flashing
> the device. Will/does ubuntu-device-flash --developer-mode do that? I.
> e. we'll set up our test devices with that once, and from then on adb
> will stay root even after factory reset?
> 
we have sudo ... but it is very ugly to use programmatically if you have
send a password (adbd's tty handling essentially doesnt exist and we
cant hack it up easily without breaking other core behavior):

mypassword=1234
adb shell "echo $mypassword| sudo -S /usr/bin/foople"

for all the bits that are used by phablet-tools the necessary dbus
backends are planned already ... if you do not use phablet-tools in your
scripts or test tools, please let me know what other dbus properties you
need ... 

ciao
	oli

Attachment: signature.asc
Description: This is a digitally signed message part


Follow ups

References