refactor: use mounting authorized_keys

Author: cbluebird

OS/debian-ssh/12.6/Dockerfile

@@ -17,11 +17,13 @@ RUN chmod +x /usr/start/startup.sh && \
     echo 'GatewayPorts yes' >> /etc/ssh/sshd_config && \
     echo 'X11Forwarding yes' >> /etc/ssh/sshd_config && \ 
     echo 'Port 22' >> /etc/ssh/sshd_config && \
+    echo 'AuthorizedKeysFile   /usr/start/authorized_keys  .ssh/authorized_keys .ssh/authorized_keys2' >> /etc/ssh/sshd_config && \
     useradd -m -s /bin/bash devbox && \
     usermod -aG sudo devbox && \
     echo 'devbox ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \
     rm -rf /tmp/* && \
     mkdir -p /home/devbox/.ssh && \
+    echo "devbox:devbox" | sudo chpasswd && \
     chown -R devbox:devbox /home/devbox/.ssh && \
     chmod -R 770 /home/devbox/.ssh 
 

configs/version.txt

@@ -1,2 +1,2 @@
 php=8.2.20
-node.js=22
+node.js=22

script/clean_unused_runtime.sh

@@ -4,7 +4,7 @@ REFERENCED_RUNTIMES="referenced_runtimes.txt"
 DEPRECATED_RUNTIMES="deprecated_runtimes.txt"
 
 kubectl get devbox -A -o json | jq -r '.items[].spec.runtimeRef.name' | sort | uniq > "$REFERENCED_RUNTIMES"
-kubectl get runtime -A -o json | jq -r '.items[] | select(.spec.state == "deprecated") | .metadata.name' | sort | uniq > "$DEPRECATED_RUNTIMES"
+kubectl get runtime -n devbox-system -o json | jq -r '.items[] | select(.spec.state == "deprecated") | .metadata.name' | sort | uniq > "$DEPRECATED_RUNTIMES"
 
 UNREFERENCED_RUNTIMES=$(comm -13 "$REFERENCED_RUNTIMES" "$DEPRECATED_RUNTIMES")
 
@@ -14,7 +14,7 @@ echo "$UNREFERENCED_RUNTIMES"
 if [ ! -z "$UNREFERENCED_RUNTIMES" ]; then
     echo "正在删除未被引用的 deprecated runtime..."
     for runtime in $UNREFERENCED_RUNTIMES; do
-        kubectl delete runtime "$runtime" --all-namespaces
+        kubectl delete runtime "$runtime" -n devbox-system
     done
 else
     echo "没有未被引用的 deprecated runtime 需要删除。"

script/startup.sh

@@ -1,42 +1,5 @@
 #!/bin/bash
 
-# Define the password file location
-PASSWORD_FILE="/usr/start/user_password.txt"
-
-if [ ! -z "${SEALOS_DEVBOX_NEED_INIT}" ] && [ "${SEALOS_DEVBOX_NEED_INIT}" == "true" ]; then
-    if [ -d "/home/devbox/.ssh" ]; then
-        cd /home/devbox/.ssh
-        rm -rf ./*
-    fi
-    if [ -f "/usr/start/user_password.txt" ]; then
-        rm /usr/start/user_password.txt
-    fi
-fi
-
-# Check if the password file exists
-if [ ! -f "${PASSWORD_FILE}" ]; then
-    # If the password file doesn't exist, check if USER_PASSWORD is already set
-    if [ -z "${SEALOS_DEVBOX_PASSWORD}" ]; then
-        # If USER_PASSWORD is not set, generate a random 8-character password
-        SEALOS_DEVBOX_PASSWORD=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c8)
-    fi
-    # Save the generated or existing USER_PASSWORD to the password file
-    touch "${PASSWORD_FILE}"
-    # Set the password for the 'sealos' user
-    echo "devbox:${SEALOS_DEVBOX_PASSWORD}" | sudo chpasswd
-    # Display the password for logging purposes (optional)
-    echo "SEALOS_DEVBOX_PASSWORD=${SEALOS_DEVBOX_PASSWORD}"
-fi
-
-if [ -f /usr/start/.ssh/id.pub ]; then
-    public_key=$(cat /usr/start/.ssh/id.pub)
-    if ! grep -qF "$public_key" /home/devbox/.ssh/authorized_keys 2>/dev/null; then
-        mkdir -p /home/devbox/.ssh 
-        echo "$public_key" >> /home/devbox/.ssh/authorized_keys
-        echo "Public key successfully added to authorized_keys"
-    fi
-fi
-
 if [ ! -z "${SEALOS_DEVBOX_NAME}" ]; then
     echo "${SEALOS_DEVBOX_NAME}">/etc/hostname
 fi