From 10881d7746babef6d856ccc20ffb4b3e14055d22 Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 12:35:33 +0100 Subject: [PATCH 1/9] Document opkssh installation for openSUSE Leap Micro 6.2 Added detailed installation instructions for opkssh on openSUSE Leap Micro 6.2, including shell entry, folder creation, variable setup, and output expectations. Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-transactional-systemds.md | 48 +++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 scripts/install-transactional-systemds.md diff --git a/scripts/install-transactional-systemds.md b/scripts/install-transactional-systemds.md new file mode 100644 index 00000000..a07cb63f --- /dev/null +++ b/scripts/install-transactional-systemds.md @@ -0,0 +1,48 @@ +# Installing in Transactional systems + +Transactional systems (also Atomic, Immutable) are a Linux variant where direct modification of the root file system is not permitted even for the root user. Some examples of transactional systems are [SLE Micro](https://www.suse.com/products/micro/), [openSUSE Leap Micro](https://get.opensuse.org/leapmicro/6.2/), [opensuse MicroOS](https://get.opensuse.org/microos/), [Fedora silverblue](https://www.fedoraproject.org/atomic-desktops/silverblue/), [Fedora Coreos](https://www.fedoraproject.org/coreos/) +The installation of opkssh in these machines needs slight adjustments and this document details the process for openSUSE Leap Micro v6.2. + +## openSUSE Leap Micro 6.2 + +- Enter shell + ```bash + sudo transactional-update shell + ``` +- Create necessary folders and data + ```bash + mkdir /opt/opkssh + cd /tmp + curl -LO https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh + chmod u+x install-linux.sh + ``` +- Setup necessary variables and install, we select `/opt` since this is not part of the snapshots and also considered as the locations for user installations + ```bash + export OPKSSH_INSTALL_DIR=/opt/opkssh + ./install-linux.sh --no-home-policy + ``` +- Output should be similar to follows + + ```bash + Bash version: 5.2 + Added opksshuser to group: opksshuser + Downloading version latest of opkssh from https://github.com/openpubkey/opkssh/releases/latest/download/opkssh-linux-amd64... + opkssh 100%[=====================================================>] 12.74M 11.0MB/s in 1.2s + Installed opkssh to /opt/opkssh/opkssh + SELinux detected. Configuring SELinux for opkssh + Restoring context for /opt/opkssh/opkssh... + Downloading TE-file + Compiling SELinux module... + Packaging module... + Installing module... + SELinux module installed successfully! + Configuring opkssh: + Running in chroot, ignoring command 'restart' + Installation successful! Run 'opkssh' to use it. + ``` + - Exit the shell and reboot + ```bash + exit + sudo shutdown -r now + ``` +- After restart, setup the policies and providers as required. NOTE: For all the scripts use the absolute path of the instllation `/opt/opkssh/opkssh` From cc04a9ad45d9d7320d0ae4b482d986195ad08d72 Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 14:14:02 +0100 Subject: [PATCH 2/9] Revise installation instructions for opkssh Updated text for clarity and corrected minor errors in the installation instructions for opkssh on transactional systems. Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-transactional-systemds.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/install-transactional-systemds.md b/scripts/install-transactional-systemds.md index a07cb63f..5c839919 100644 --- a/scripts/install-transactional-systemds.md +++ b/scripts/install-transactional-systemds.md @@ -1,22 +1,27 @@ # Installing in Transactional systems -Transactional systems (also Atomic, Immutable) are a Linux variant where direct modification of the root file system is not permitted even for the root user. Some examples of transactional systems are [SLE Micro](https://www.suse.com/products/micro/), [openSUSE Leap Micro](https://get.opensuse.org/leapmicro/6.2/), [opensuse MicroOS](https://get.opensuse.org/microos/), [Fedora silverblue](https://www.fedoraproject.org/atomic-desktops/silverblue/), [Fedora Coreos](https://www.fedoraproject.org/coreos/) -The installation of opkssh in these machines needs slight adjustments and this document details the process for openSUSE Leap Micro v6.2. +Transactional systems (also Atomic, Immutable) are a Linux variant where direct modification of the root file system isn't permitted even for the root user. Some examples of transactional systems are [SLE Micro](https://www.suse.com/products/micro/), [openSUSE Leap Micro](https://get.opensuse.org/leapmicro/6.2/), [openSUSE MicroOS](https://get.opensuse.org/microos/), [Fedora Silverblue](https://www.fedoraproject.org/atomic-desktops/silverblue/), [Fedora CoreOS](https://www.fedoraproject.org/coreos/) +The installation of `opkssh` in these machines needs slight adjustments and this document details the changes necessary for installation on those systems. ## openSUSE Leap Micro 6.2 +NOTE: This should also work the same for MicroOS and SLE Micro too. + - Enter shell + ```bash sudo transactional-update shell ``` - Create necessary folders and data + ```bash mkdir /opt/opkssh cd /tmp curl -LO https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh chmod u+x install-linux.sh ``` -- Setup necessary variables and install, we select `/opt` since this is not part of the snapshots and also considered as the locations for user installations +- Setup necessary variables and install, we select `/opt` since this isn't part of the snapshots and also considered as the locations for user installations. Using `/usr/` won't work since it's read only. + ```bash export OPKSSH_INSTALL_DIR=/opt/opkssh ./install-linux.sh --no-home-policy @@ -27,7 +32,7 @@ The installation of opkssh in these machines needs slight adjustments and this d Bash version: 5.2 Added opksshuser to group: opksshuser Downloading version latest of opkssh from https://github.com/openpubkey/opkssh/releases/latest/download/opkssh-linux-amd64... - opkssh 100%[=====================================================>] 12.74M 11.0MB/s in 1.2s + opkssh 100%[=====================================================>] 12.74M 11.0MB/s in 1.2s Installed opkssh to /opt/opkssh/opkssh SELinux detected. Configuring SELinux for opkssh Restoring context for /opt/opkssh/opkssh... @@ -41,8 +46,10 @@ The installation of opkssh in these machines needs slight adjustments and this d Installation successful! Run 'opkssh' to use it. ``` - Exit the shell and reboot + ```bash exit sudo shutdown -r now ``` -- After restart, setup the policies and providers as required. NOTE: For all the scripts use the absolute path of the instllation `/opt/opkssh/opkssh` + +- After restart, setup the policies and providers as required. NOTE: For all the scripts use the absolute path of the installation `/opt/opkssh/opkssh` From ac309981204cb028b488e7f7bb46f35f033107b7 Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:04:11 +0100 Subject: [PATCH 3/9] Update installation success message in install-linux.sh Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-linux.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/install-linux.sh b/scripts/install-linux.sh index 35d4733d..81bce88f 100644 --- a/scripts/install-linux.sh +++ b/scripts/install-linux.sh @@ -764,9 +764,13 @@ log_opkssh_installation() { VERSION_INSTALLED=$("$INSTALL_DIR"/"$BINARY_NAME" --version) INSTALLED_ON=$(date) # Log the installation details to /var/log/opkssh.log to help with debugging - echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" - - echo "Installation successful! Run '$BINARY_NAME' to use it." + echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, INSTALL_DIR: $INSTALL_DIR, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" + if [[ $INSTALL_DIR = "/usr/local/bin" ]] + then + echo "Installation successful! Run '$BINARY_NAME' to use it." + else + echo "Installation successful! Run '$INSTALL_DIR/$BINARY_NAME' to use it." + fi } # main From 9877324d3e919e6e4f60c9965e5432de3b2504ba Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:14:41 +0100 Subject: [PATCH 4/9] Revise opkssh installation steps Updated installation instructions to download the opkssh binary instead of building it from source. Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/installing.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/scripts/installing.md b/scripts/installing.md index c064dd86..cd369907 100644 --- a/scripts/installing.md +++ b/scripts/installing.md @@ -33,19 +33,9 @@ This is useful if you want to install a locally built opkssh binary. ## What the script is doing -**1: Build opkssh.** Run the following from the root directory, replace GOARCH and GOOS to match with server you wish to install OPKSSH. This will generate the opkssh binary. +**1: Download opkssh.** Download opkssh binary from Github releases for the corresponding CPU architecture. -```bash -go build -``` - -**2: Copy opkssh to server.** Copy the opkssh binary you just built in the previous step to the SSH server you want to configure - -```bash -scp opkssh ${USER}@${HOSTNAME}:~ -``` - -**3: Install opkssh on server.** SSH to the server +**2: Move binary to install director.** SSH to the server Create the following file directory structure on the server and move the executable there: From 176592c1b6a2f90b7c0a4f45daf4830f0738dfc6 Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:36:35 +0100 Subject: [PATCH 5/9] Update installation instructions for opkssh Clarify instructions for downloading and moving the opkssh binary. Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/installing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/installing.md b/scripts/installing.md index cd369907..7fb7595a 100644 --- a/scripts/installing.md +++ b/scripts/installing.md @@ -33,9 +33,9 @@ This is useful if you want to install a locally built opkssh binary. ## What the script is doing -**1: Download opkssh.** Download opkssh binary from Github releases for the corresponding CPU architecture. +**1: Download opkssh.** Download opkssh binary from Github releases for the corresponding OS and CPU architecture. -**2: Move binary to install director.** SSH to the server +**2: Move binary to install directory.** SSH to the server Create the following file directory structure on the server and move the executable there: From 1411cd74d55a61d0e20e1b971e74892c37c4b24e Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:54:38 +0100 Subject: [PATCH 6/9] revert Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-linux.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/scripts/install-linux.sh b/scripts/install-linux.sh index 81bce88f..4e919abe 100644 --- a/scripts/install-linux.sh +++ b/scripts/install-linux.sh @@ -764,13 +764,8 @@ log_opkssh_installation() { VERSION_INSTALLED=$("$INSTALL_DIR"/"$BINARY_NAME" --version) INSTALLED_ON=$(date) # Log the installation details to /var/log/opkssh.log to help with debugging - echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, INSTALL_DIR: $INSTALL_DIR, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" - if [[ $INSTALL_DIR = "/usr/local/bin" ]] - then - echo "Installation successful! Run '$BINARY_NAME' to use it." - else - echo "Installation successful! Run '$INSTALL_DIR/$BINARY_NAME' to use it." - fi + echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" + echo "Installation successful! Run '$BINARY_NAME' to use it." } # main From 7d03c8692911bc3c7ded864aefd4644b317d372a Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:56:11 +0100 Subject: [PATCH 7/9] Update install-linux.sh Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-linux.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install-linux.sh b/scripts/install-linux.sh index 4e919abe..0acd9fa3 100644 --- a/scripts/install-linux.sh +++ b/scripts/install-linux.sh @@ -765,6 +765,7 @@ log_opkssh_installation() { INSTALLED_ON=$(date) # Log the installation details to /var/log/opkssh.log to help with debugging echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" + echo "Installation successful! Run '$BINARY_NAME' to use it." } From 8d948e10fb26145e411836771c3ec5231254e61c Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:56:47 +0100 Subject: [PATCH 8/9] Fix echo command formatting in install-linux.sh Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-linux.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-linux.sh b/scripts/install-linux.sh index 0acd9fa3..4b473197 100644 --- a/scripts/install-linux.sh +++ b/scripts/install-linux.sh @@ -764,9 +764,9 @@ log_opkssh_installation() { VERSION_INSTALLED=$("$INSTALL_DIR"/"$BINARY_NAME" --version) INSTALLED_ON=$(date) # Log the installation details to /var/log/opkssh.log to help with debugging - echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" + echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" - echo "Installation successful! Run '$BINARY_NAME' to use it." + echo "Installation successful! Run '$BINARY_NAME' to use it." } # main From d67d1e2b32a487a4adb515501c31f6b9a1b4770c Mon Sep 17 00:00:00 2001 From: Viki <62500639+vigneshmanick@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:57:19 +0100 Subject: [PATCH 9/9] Log installation details in opkssh script Signed-off-by: Viki <62500639+vigneshmanick@users.noreply.github.com> --- scripts/install-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install-linux.sh b/scripts/install-linux.sh index 4b473197..35d4733d 100644 --- a/scripts/install-linux.sh +++ b/scripts/install-linux.sh @@ -765,7 +765,7 @@ log_opkssh_installation() { INSTALLED_ON=$(date) # Log the installation details to /var/log/opkssh.log to help with debugging echo "Successfully installed opkssh (INSTALLED_ON: $INSTALLED_ON, VERSION_INSTALLED: $VERSION_INSTALLED, INSTALL_VERSION: $INSTALL_VERSION, LOCAL_INSTALL_FILE: $LOCAL_INSTALL_FILE, HOME_POLICY: $HOME_POLICY, RESTART_SSH: $RESTART_SSH)" >> "$log_file" - + echo "Installation successful! Run '$BINARY_NAME' to use it." }