mkinitcpio-dropbear/dropbear_install

#!/bin/sh

get_fingerprint() {
    keyfile="$1"
    dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
}

display_fingerprints() {
    for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_ecdsa_host_key"; do
        if [ -s "${keyfile}" ]; then
            echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")"
        fi
    done
}

copy_openssh_keys() {
    osshrsa="/etc/ssh/ssh_host_rsa_key"
    osshecdsa="/etc/ssh/ssh_host_ecdsa_key"

    dbpre="/etc/dropbear/dropbear_"

    return_code=1

    if [ -s "$osshrsa" ]; then
        dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key
        return_code=0
    fi

    if [ -s "$osshecdsa" ]; then
        dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key
        return_code=0
    fi

    return $return_code
}

generate_keys() {
    for keytype in rsa ecdsa; do
        keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
        if [ ! -s "$keyfile" ]; then
            echo "Generating ${keytype} host key for dropbear ..."
            dropbearkey -t "${keytype}" -f "${keyfile}"
        fi
    done
}

build() {
    #
    # Begin real processing
    #

    # Are we even needed?
    if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then
        echo "There is no root key in /etc/dropbear/root_key existent; exit"
        return 0
    fi

    # if TMPDIR is set leave it alone otherwise set
    [ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt'

    # check if TMPDIR exsists if not make it
    [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"

    umask 0022

    [ -d /etc/dropbear ] && mkdir -p /etc/dropbear

    copy_openssh_keys || generate_keys
    display_fingerprints

    add_checked_modules "/drivers/net/"
    add_binary "rm"
    add_binary "killall"
    add_binary "dropbear"

    add_dir "/root/.ssh"
    cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys

    add_full_dir "/etc/dropbear"
    add_file "/lib/libnss_files.so.2"
    add_dir "/var/run"
    add_dir "/var/log"
    touch "${BUILDROOT}"/var/log/lastlog

    add_runscript
}

help() {
    cat <<HELPEOF
This hook is meant to be used in conjunction with mkinitcpio-netconf and/or
mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install
and start dropbear on early userspace. In the package mkinitcpio-utils you
will find hooks and shells for remote unlocking a luks root partition,
among others.
HELPEOF
}
Convert scripts to posix sh 2024-05-09 11:02:17 +03:00			`#!/bin/sh`
* Initial release. 2015-07-13 23:43:43 +03:00
			`get_fingerprint() {`
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`keyfile="$1"`
			`dropbearkey -y -f "${keyfile}" \| sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'`
* Initial release. 2015-07-13 23:43:43 +03:00			`}`

			`display_fingerprints() {`
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_ecdsa_host_key"; do`
			`if [ -s "${keyfile}" ]; then`
			`echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")"`
			`fi`
			`done`
* Initial release. 2015-07-13 23:43:43 +03:00			`}`

			`copy_openssh_keys() {`
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`osshrsa="/etc/ssh/ssh_host_rsa_key"`
			`osshecdsa="/etc/ssh/ssh_host_ecdsa_key"`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`dbpre="/etc/dropbear/dropbear_"`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`return_code=1`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`if [ -s "$osshrsa" ]; then`
			`dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key`
			`return_code=0`
			`fi`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`if [ -s "$osshecdsa" ]; then`
			`dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key`
			`return_code=0`
			`fi`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`return $return_code`
* Initial release. 2015-07-13 23:43:43 +03:00			`}`

			`generate_keys() {`
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`for keytype in rsa ecdsa; do`
			`keyfile="/etc/dropbear/dropbear_${keytype}_host_key"`
			`if [ ! -s "$keyfile" ]; then`
			`echo "Generating ${keytype} host key for dropbear ..."`
			`dropbearkey -t "${keytype}" -f "${keyfile}"`
			`fi`
			`done`
* Initial release. 2015-07-13 23:43:43 +03:00			`}`

Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`build() {`
			`#`
			`# Begin real processing`
			`#`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`# Are we even needed?`
			`if [ ! -r "/etc/dropbear/root_key" ] \|\| [ ! -s "/etc/dropbear/root_key" ]; then`
			`echo "There is no root key in /etc/dropbear/root_key existent; exit"`
			`return 0`
			`fi`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`# if TMPDIR is set leave it alone otherwise set`
			`[ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt'`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`# check if TMPDIR exsists if not make it`
			`[ -d "$TMPDIR" ] \|\| mkdir -p "$TMPDIR"`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`umask 0022`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`[ -d /etc/dropbear ] && mkdir -p /etc/dropbear`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`copy_openssh_keys \|\| generate_keys`
			`display_fingerprints`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`add_checked_modules "/drivers/net/"`
			`add_binary "rm"`
			`add_binary "killall"`
			`add_binary "dropbear"`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`add_dir "/root/.ssh"`
			`cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`add_full_dir "/etc/dropbear"`
			`add_file "/lib/libnss_files.so.2"`
			`add_dir "/var/run"`
			`add_dir "/var/log"`
			`touch "${BUILDROOT}"/var/log/lastlog`
* Initial release. 2015-07-13 23:43:43 +03:00
Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`add_runscript`
* Initial release. 2015-07-13 23:43:43 +03:00			`}`

Format scripts with shfmt 2024-05-09 11:02:40 +03:00			`help() {`
			`cat <<HELPEOF`
* Final changes on the hook message. 2015-07-15 05:51:47 +03:00			`This hook is meant to be used in conjunction with mkinitcpio-netconf and/or`
			`mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install`
* Corrected the reference to mkinitcpio-utils in the hook help. 2015-08-05 22:45:25 +03:00			`and start dropbear on early userspace. In the package mkinitcpio-utils you`
* Final changes on the hook message. 2015-07-15 05:51:47 +03:00			`will find hooks and shells for remote unlocking a luks root partition,`
			`among others.`
* Initial release. 2015-07-13 23:43:43 +03:00			`HELPEOF`
			`}`