Fix ssh key usage in initramfs and switch naming

Author: ericvh

.github/workflows/build.yml

@@ -71,11 +71,11 @@ jobs:
       run: |
         mkdir -p build/binaries
         echo "Generating default SSH keys for CPU..."
-        ssh-keygen -t rsa -b 4096 -f build/binaries/cpu_rsa -N "" -C "cpu-default-key"
+        ssh-keygen -t rsa -b 4096 -f build/binaries/identity -N "" -C "cpu-default-key"
         echo "SSH keys generated:"
-        echo "  Private key: build/binaries/cpu_rsa"
-        echo "  Public key: build/binaries/cpu_rsa.pub"
-        ls -la build/binaries/cpu_rsa*
+        echo "  Private key: build/binaries/identity"
+        echo "  Public key: build/binaries/identity.pub"
+        ls -la build/binaries/identity*
 
     - name: Build cpu binary for aarch64
       run: |
@@ -103,7 +103,7 @@ jobs:
         # Build the initramfs with cpud bundled in as init and include SSH public key
         echo "Building initramfs with u-root..."
         GOOS=linux GOARCH=arm64 ../../u-root-bin -format=cpio -o ../../initramfs/cpud-initramfs.cpio \
-            -files "../../binaries/cpu_rsa.pub:etc/cpu_rsa.pub" \
+            -files "../../binaries/identity.pub:etc/identity.pub" \
             -initcmd="cpud" \
             ./cmds/cpud \
             ../u-root/cmds/core/ls \
@@ -147,8 +147,8 @@ jobs:
         echo "Files in this archive:" >> BUILD_INFO.txt
         echo "- cpu: CPU client binary" >> BUILD_INFO.txt
         echo "- cpud: CPU daemon binary" >> BUILD_INFO.txt
-        echo "- cpu_rsa: Default SSH private key" >> BUILD_INFO.txt
-        echo "- cpu_rsa.pub: Default SSH public key" >> BUILD_INFO.txt
+        echo "- identity: Default SSH private key" >> BUILD_INFO.txt
+        echo "- identity.pub: Default SSH public key" >> BUILD_INFO.txt
         echo "- cpud-initramfs.cpio.gz: U-root initramfs with cpud as init" >> BUILD_INFO.txt
         echo "" >> BUILD_INFO.txt
         echo "Usage:" >> BUILD_INFO.txt
@@ -157,14 +157,14 @@ jobs:
         echo "" >> BUILD_INFO.txt
         echo "SSH Keys:" >> BUILD_INFO.txt
         echo "  Default SSH keys are provided for convenience" >> BUILD_INFO.txt
-        echo "  Private key: cpu_rsa" >> BUILD_INFO.txt
-        echo "  Public key: cpu_rsa.pub (also embedded in initramfs)" >> BUILD_INFO.txt
+        echo "  Private key: identity" >> BUILD_INFO.txt
+        echo "  Public key: identity.pub (also embedded in initramfs)" >> BUILD_INFO.txt
         echo "  WARNING: These are default keys - generate your own for production!" >> BUILD_INFO.txt
         echo "" >> BUILD_INFO.txt
         echo "Initramfs usage:" >> BUILD_INFO.txt
         echo "  Use cpud-initramfs.cpio.gz as initrd with Linux kernel" >> BUILD_INFO.txt
         echo "  Boot parameters: init=/init" >> BUILD_INFO.txt
-        echo "  SSH public key is embedded at /etc/cpu_rsa.pub" >> BUILD_INFO.txt
+        echo "  SSH public key is embedded at /etc/identity.pub" >> BUILD_INFO.txt
         cat BUILD_INFO.txt
     
     - name: Create checksums
@@ -173,8 +173,8 @@ jobs:
         echo "Creating checksums..."
         sha256sum cpu > cpu.sha256
         sha256sum cpud > cpud.sha256
-        sha256sum cpu_rsa > cpu_rsa.sha256
-        sha256sum cpu_rsa.pub > cpu_rsa.pub.sha256
+        sha256sum identity > identity.sha256
+        sha256sum identity.pub > identity.pub.sha256
         sha256sum BUILD_INFO.txt > BUILD_INFO.txt.sha256
         cd ../initramfs
         sha256sum cpud-initramfs.cpio.gz > cpud-initramfs.cpio.gz.sha256
@@ -243,13 +243,13 @@ jobs:
         files: |
           build/binaries/cpu
           build/binaries/cpud
-          build/binaries/cpu_rsa
-          build/binaries/cpu_rsa.pub
+          build/binaries/identity
+          build/binaries/identity.pub
           build/binaries/BUILD_INFO.txt
           build/binaries/cpu.sha256
           build/binaries/cpud.sha256
-          build/binaries/cpu_rsa.sha256
-          build/binaries/cpu_rsa.pub.sha256
+          build/binaries/identity.sha256
+          build/binaries/identity.pub.sha256
           build/binaries/BUILD_INFO.txt.sha256
           build/binaries/cpud-initramfs.cpio.gz
           build/binaries/cpud-initramfs.cpio.gz.sha256
@@ -269,18 +269,18 @@ jobs:
           - `*.sha256` - SHA256 checksums for verification
           
           ### SSH Keys
-          - `cpu_rsa` - Default SSH private key
-          - `cpu_rsa.pub` - Default SSH public key (also embedded in initramfs)
-          - `cpu_rsa.sha256` - Private key checksum
-          - `cpu_rsa.pub.sha256` - Public key checksum
+          - `identity` - Default SSH private key
+          - `identity.pub` - Default SSH public key (also embedded in initramfs)
+          - `identity.sha256` - Private key checksum
+          - `identity.pub.sha256` - Public key checksum
           
           **⚠️ WARNING**: These are default keys for convenience. Generate your own keys for production use!
           
           ### Initramfs
           - `cpud-initramfs.cpio.gz` - U-root initramfs with cpud as init
           - `cpud-initramfs.cpio.gz.sha256` - Initramfs checksum
           
-          The initramfs includes the SSH public key at `/etc/cpu_rsa.pub` for automatic authentication.
+          The initramfs includes the SSH public key at `/etc/identity.pub` for automatic authentication.
           
           ### Archive
           - `cpu-binaries-aarch64-${{ env.CPU_VERSION }}.tar.gz` - Complete archive with all binaries
@@ -293,23 +293,23 @@ jobs:
           # Download binaries and keys
           wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu
           wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud
-          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu_rsa
-          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu_rsa.pub
+          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/identity
+          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/identity.pub
           
           # Make executable
           chmod +x cpu cpud
-          chmod 600 cpu_rsa
-          chmod 644 cpu_rsa.pub
+          chmod 600 identity
+          chmod 644 identity.pub
           
           # Verify (optional)
           wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu.sha256
           wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpud.sha256
-          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu_rsa.sha256
-          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/cpu_rsa.pub.sha256
+          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/identity.sha256
+          wget https://github.com/${{ github.repository }}/releases/download/${{ github.event.inputs.release_tag || github.ref_name }}/identity.pub.sha256
           sha256sum -c cpu.sha256
           sha256sum -c cpud.sha256
-          sha256sum -c cpu_rsa.sha256
-          sha256sum -c cpu_rsa.pub.sha256
+          sha256sum -c identity.sha256
+          sha256sum -c identity.pub.sha256
           ```
           
           ### Download complete archive:

.github/workflows/package.yml

@@ -58,10 +58,11 @@ jobs:
 
     - name: Generate SSH keys
       run: |
+        mkdir -p binaries
         echo "Generating default SSH keys for CPU..."
-        ssh-keygen -t rsa -b 4096 -f binaries/cpu_rsa -N "" -C "cpu-default-key"
+        ssh-keygen -t rsa -b 4096 -f binaries/identity -N "" -C "cpu-default-key"
         echo "SSH keys generated:"
-        ls -la binaries/cpu_rsa*
+        ls -la binaries/identity*
     
     - name: Build binaries
       run: |
@@ -77,8 +78,8 @@ jobs:
         FROM scratch
         COPY binaries/cpu /usr/local/bin/cpu
         COPY binaries/cpud /usr/local/bin/cpud
-        COPY binaries/cpu_rsa /etc/cpu_rsa
-        COPY binaries/cpu_rsa.pub /etc/cpu_rsa.pub
+        COPY binaries/identity /etc/identity
+        COPY binaries/identity.pub /etc/identity.pub
         COPY BUILD_INFO.txt /BUILD_INFO.txt
         LABEL org.opencontainers.image.title="CPU Binaries"
         LABEL org.opencontainers.image.description="Prebuilt CPU binaries for aarch64 with SSH keys"
@@ -100,8 +101,8 @@ jobs:
         Files in this package:
         - /usr/local/bin/cpu: CPU client binary
         - /usr/local/bin/cpud: CPU daemon binary
-        - /etc/cpu_rsa: Default SSH private key
-        - /etc/cpu_rsa.pub: Default SSH public key
+        - /etc/identity: Default SSH private key
+        - /etc/identity.pub: Default SSH public key
         
         WARNING: These are default keys for convenience - generate your own for production!
         
@@ -110,8 +111,8 @@ jobs:
           docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest /usr/local/bin/cpud -h
         
         Extract SSH keys from container:
-          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest cat /etc/cpu_rsa > cpu_rsa
-          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest cat /etc/cpu_rsa.pub > cpu_rsa.pub
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest cat /etc/identity > identity
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest cat /etc/identity.pub > identity.pub
         EOF
     
     - name: Build and push Docker image

Makefile

@@ -26,8 +26,8 @@ CPU_BINARY := $(BINARIES_DIR)/cpu
 CPUD_BINARY := $(BINARIES_DIR)/cpud
 INITRAMFS_FILE := $(INITRAMFS_DIR)/cpud-initramfs.cpio.gz
 BUILD_INFO := $(BINARIES_DIR)/BUILD_INFO.txt
-SSH_PRIVATE_KEY := $(BINARIES_DIR)/cpu_rsa
-SSH_PUBLIC_KEY := $(BINARIES_DIR)/cpu_rsa.pub
+SSH_PRIVATE_KEY := $(BINARIES_DIR)/identity
+SSH_PUBLIC_KEY := $(BINARIES_DIR)/identity.pub
 
 # Version detection
 CPU_VERSION := $(shell cd $(CPU_REPO) 2>/dev/null && git describe --tags --always 2>/dev/null || echo "unknown")
@@ -115,8 +115,8 @@ $(BUILD_INFO): $(CPU_BINARY) $(CPUD_BINARY) $(SSH_PRIVATE_KEY)
 	echo "Files in this archive:" >> ../../binaries/BUILD_INFO.txt && \
 	echo "- cpu: CPU client binary" >> ../../binaries/BUILD_INFO.txt && \
 	echo "- cpud: CPU daemon binary" >> ../../binaries/BUILD_INFO.txt && \
-	echo "- cpu_rsa: Default SSH private key" >> ../../binaries/BUILD_INFO.txt && \
-	echo "- cpu_rsa.pub: Default SSH public key" >> ../../binaries/BUILD_INFO.txt && \
+	echo "- identity: Default SSH private key" >> ../../binaries/BUILD_INFO.txt && \
+	echo "- identity.pub: Default SSH public key" >> ../../binaries/BUILD_INFO.txt && \
 	echo "- cpud-initramfs.cpio.gz: U-root initramfs with cpud as init" >> ../../binaries/BUILD_INFO.txt && \
 	echo "" >> ../../binaries/BUILD_INFO.txt && \
 	echo "Usage:" >> ../../binaries/BUILD_INFO.txt && \
@@ -125,14 +125,15 @@ $(BUILD_INFO): $(CPU_BINARY) $(CPUD_BINARY) $(SSH_PRIVATE_KEY)
 	echo "" >> ../../binaries/BUILD_INFO.txt && \
 	echo "SSH Keys:" >> ../../binaries/BUILD_INFO.txt && \
 	echo "  Default SSH keys are provided for convenience" >> ../../binaries/BUILD_INFO.txt && \
-	echo "  Private key: cpu_rsa" >> ../../binaries/BUILD_INFO.txt && \
-	echo "  Public key: cpu_rsa.pub (also embedded in initramfs)" >> ../../binaries/BUILD_INFO.txt && \
+	echo "  Private key: identity" >> ../../binaries/BUILD_INFO.txt && \
+	echo "  Public key: identity.pub (also embedded in initramfs)" >> ../../binaries/BUILD_INFO.txt && \
 	echo "  WARNING: These are default keys - generate your own for production!" >> ../../binaries/BUILD_INFO.txt && \
 	echo "" >> ../../binaries/BUILD_INFO.txt && \
 	echo "Initramfs usage:" >> ../../binaries/BUILD_INFO.txt && \
 	echo "  Use cpud-initramfs.cpio.gz as initrd with Linux kernel" >> ../../binaries/BUILD_INFO.txt && \
 	echo "  Boot parameters: init=/init" >> ../../binaries/BUILD_INFO.txt && \
-	echo "  SSH public key is embedded at /etc/cpu_rsa.pub" >> ../../binaries/BUILD_INFO.txt && \
+	echo "  SSH public key is embedded at /etc/identity.pub" >> ../../binaries/BUILD_INFO.txt && \
+	echo "  cpud automatically uses the embedded SSH key for authentication" >> ../../binaries/BUILD_INFO.txt && \
 	echo "" >> ../../binaries/BUILD_INFO.txt && \
 	echo "Build system: Makefile" >> ../../binaries/BUILD_INFO.txt
 
@@ -157,8 +158,9 @@ $(INITRAMFS_FILE): $(CPUD_BINARY) $(UROOT_BIN) $(SSH_PUBLIC_KEY)
 	@rm -f $(INITRAMFS_DIR)/*
 	@echo "Building initramfs with u-root..."
 	@cd $(CPU_REPO) && GOOS=$(GOOS) GOARCH=$(GOARCH) ../../u-root-bin -format=cpio -o ../../initramfs/cpud-initramfs.cpio \
-		-files "../../binaries/cpu_rsa.pub:etc/cpu_rsa.pub" \
+		-files "../../binaries/identity.pub:etc/identity.pub" \
 		-initcmd="cpud" \
+		-uinitcmd="cpud -pk /etc/identity.pub" \
 		./cmds/cpud \
 		../u-root/cmds/core/ls \
 		../u-root/cmds/core/ip \