Bug 2218231

Summary: fdo serviceinfo service create user but ssh key is wrong
Product: Red Hat Enterprise Linux 9 Reporter: Yi He <yih>
Component: fdo-serviceinfo-api-server-containerAssignee: idiez
Status: CLOSED COMPLETED QA Contact: Xiaofeng Wang <xiaofwan>
Severity: medium Docs Contact: Eliane Ramos Pereira <elpereir>
Priority: medium    
Version: 9.3CC: amurdaca, idiez, miabbott, perobins
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-29 11:34:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yi He 2023-06-28 13:51:34 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible: 100%


Steps to Reproduce:
1. Define user and ssh key in service info config file:
sudo /usr/local/bin/yq -iy '.service_info.initial_user |= {username: "fdouser", sshkeys: ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzxo5dEcS+LDK/OFAfHo6740EyoDM8aYaCkBala0FnWfMMTOq7PQe04ahB0eFLS3IlQtK5bpgzxBdFGVqF6uT5z4hhaPjQec0G3+BD5Pxo6V+SxShKZo+ZNGU3HVrF9p2V7QH0YFQj5B8F6AicA3fYh2BVUFECTPuMpy5A52ufWu0r4xOFmbU7SIhRQRAQz2u4yjXqBsrpYptAvyzzoN4gjUhNnwOHSPsvFpWoBFkWmqn0ytgHg3Vv9DlHW+45P02QH1UFedXR2MqLnwRI30qqtaOkVS+9rE/dhnR+XPpHHG+hv2TgMDAuQ3IK7Ab5m/yCbN73cxFifH4LST0vVG3Jx45xn+GTeHHhfkAfBSCtya6191jixbqyovpRunCBKexI5cfRPtWOitM3m7Mq26r7LpobMM+oOLUm4p0KKNIthWcmK9tYwXWSuGGfUQ+Y8gt7E0G06ZGbCPHOrxJ8lYQqXsif04piONPA/c9Hq43O99KPNGShONCS9oPFdOLRT3U= ostree-image-test"]}' fdo/serviceinfo-api-server.yml

2. Build simplified installer image and boot it, cannot login fdouser with ssh key.
[root@vm-2 .ssh]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
admin:x:1000:1000:Administrator account:/home/admin:/bin/bash
systemd-oom:x:990:990:systemd Userspace OOM Killer:/:/usr/sbin/nologin
fdouser:x:1001:1001::/var/home/fdouser:/bin/bash
[root@vm-2 .ssh]# cat /home/fdouser/.ssh/authorized_keys
# These keys are installed by FIDO Device Onboarding
ssh-rsa
# End of FIDO Device Onboarding keys
# These keys are installed by FIDO Device Onboarding
AAAAB3NzaC1yc2EAAAADAQABAAABgQCzxo5dEcS+LDK/OFAfHo6740EyoDM8aYaCkBala0FnWfMMTOq7PQe04ahB0eFLS3IlQtK5bpgzxBdFGVqF6uT5z4hhaPjQec0G3+BD5Pxo6V+SxShKZo+ZNGU3HVrF9p2V7QH0YFQj5B8F6AicA3fYh2BVUFECTPuMpy5A52ufWu0r4xOFmbU7SIhRQRAQz2u4yjXqBsrpYptAvyzzoN4gjUhNnwOHSPsvFpWoBFkWmqn0ytgHg3Vv9DlHW+45P02QH1UFedXR2MqLnwRI30qqtaOkVS+9rE/dhnR+XPpHHG+hv2TgMDAuQ3IK7Ab5m/yCbN73cxFifH4LST0vVG3Jx45xn+GTeHHhfkAfBSCtya6191jixbqyovpRunCBKexI5cfRPtWOitM3m7Mq26r7LpobMM+oOLUm4p0KKNIthWcmK9tYwXWSuGGfUQ+Y8gt7E0G06ZGbCPHOrxJ8lYQqXsif04piONPA/c9Hq43O99KPNGShONCS9oPFdOLRT3U=
# End of FIDO Device Onboarding keys
# These keys are installed by FIDO Device Onboarding
ostree-image-test
# End of FIDO Device Onboarding keys

Actual results:
ssh key does not work

Expected results:
should be able to login with ssh key

Additional info:
Comment 1 idiez 2023-06-28 15:50:40 UTC 
PR fixing the issue posted https://github.com/fedora-iot/fido-device-onboard-rs/pull/522
Comment 2 Yi He 2023-06-29 11:31:07 UTC 
Verify result: fixed

Steps:
1. build fdo client rpm with this pr
2. add new fdo client rpm into osbuild-composer repo list.
3. run test script https://github.com/virt-s1/rhel-edge/blob/main/ostree-fdo-container.sh, all passed.