From 80bc0c047962ff681a935a6d8fd498589c276c81 Mon Sep 17 00:00:00 2001
From: Giancarlo Razzolini <grazzolini@gmail.com>
Date: Mon, 13 Jul 2015 17:43:43 -0300
Subject: [PATCH] * Initial release.

---
 dropbear_hook    |  22 ++++++++
 dropbear_install | 141 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 163 insertions(+)
 create mode 100644 dropbear_hook
 create mode 100644 dropbear_install

diff --git a/dropbear_hook b/dropbear_hook
new file mode 100644
index 0000000..55d7630
--- /dev/null
+++ b/dropbear_hook
@@ -0,0 +1,22 @@
+#!/usr/bin/ash
+
+run_hook ()
+{
+  [ -d /dev/pts ] || mkdir -p /dev/pts
+  mount -t devpts devpts /dev/pts
+
+  echo "Starting dropbear"
+  /usr/sbin/dropbear -E -s -j -k
+}
+
+run_cleanuphook ()
+{
+    umount /dev/pts
+    rm -R /dev/pts
+    if [ -f -f /var/run/dropbear.pid ]; then
+        kill `cat /var/run/dropbear.pid`
+    fi
+    . /ip_opts
+    /sbin/ip addr flush dev "$device"
+    /sbin/ip link set down "$device"
+}
diff --git a/dropbear_install b/dropbear_install
new file mode 100644
index 0000000..46a52fe
--- /dev/null
+++ b/dropbear_install
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+get_fingerprint() {
+  local keyfile="$1"
+  dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
+}
+
+display_fingerprints() {
+  local keyfile
+
+  for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_dss_host_key" "/etc/dropbear/dropbear_ecdsa_host_key" ; do
+      if [ -s "${keyfile}" ] ; then
+	  echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")"
+      fi
+  done
+}
+
+copy_openssh_keys() {
+  local osshrsa="/etc/ssh/ssh_host_rsa_key"
+  local osshdsa="/etc/ssh/ssh_host_dsa_key"
+  local osshecdsa="/etc/ssh/ssh_host_ecdsa_key"
+
+  local dbpre="/etc/dropbear/dropbear_"
+
+  local return_code=1
+
+  if [ -s "$osshrsa" ]; then
+      dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key
+      return_code=0
+  fi
+
+  if [ -s "$osshdsa" ]; then
+      dropbearconvert openssh dropbear $osshdsa ${dbpre}dss_host_key
+      return_code=0
+  fi
+
+  if [ -s "$osshecdsa" ]; then
+      dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key
+      return_code=0
+  fi
+
+  return $return_code
+}
+
+generate_keys() {
+  local keyfile keytype
+  for keytype in rsa dss ecdsa ; do
+      keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
+      if [ ! -s "$keyfile" ]; then
+	  echo "Generating ${keytype} host key for dropbear ..."
+	  dropbearkey -t "${keytype}" -f "${keyfile}"
+      fi
+  done
+}
+
+make_etc_passwd() {
+  echo 'root:x:0:0:root:/:/bin/cryptsetup_shell' > "${TMPDIR}"/passwd
+}
+
+build ()
+{
+  #
+  # Begin real processing
+  #
+
+  # Are we even needed?
+  if [ ! -r "/etc/dropbear/root_key" -o ! -s "/etc/dropbear/root_key" ]; then
+    echo "There is no root key in /etc/dropbear/root_key existent; exit"
+    return 0
+  fi
+
+  # if TMPDIR is set leave it alone otherwise set
+  [ -z $TMPDIR ] && TMPDIR='/tmp/dropbear_initrd_encrypt'
+
+  # check if TMPDIR exsists if not make it
+  [ -d $TMPDIR ] || mkdir -p $TMPDIR
+
+  umask 0022
+
+  [ -d /etc/dropbear ] && mkdir -p /etc/dropbear
+
+  copy_openssh_keys || generate_keys
+  display_fingerprints
+
+  [ -e "${TMPDIR}/passwd" ] && ( grep -q -e '^root:' "${TMPDIR}/passwd" ) || make_etc_passwd
+
+  add_checked_modules "/drivers/net/"
+  add_binary "rm"
+  add_binary "dropbear"
+
+  cat <<SCRIPTEOF > ${TMPDIR}/cryptsetup_shell
+#!/bin/sh
+if [ -c "/dev/mapper/control" ]; then
+  if eval /sbin/cryptsetup luksOpen \`cat /.cryptdev\` \`cat /.cryptname\` \`cat /.cryptargs\` ; then
+    echo > /.done
+    killall cryptsetup
+  fi
+else
+  echo "encryption bootup not succeeded. please wait!"
+fi
+SCRIPTEOF
+
+  chmod a+x ${TMPDIR}/cryptsetup_shell
+
+  add_file "${TMPDIR}/cryptsetup_shell" "/bin/cryptsetup_shell"
+
+  echo '/bin/cryptsetup_shell' > "${TMPDIR}"/shells
+  add_file "${TMPDIR}/shells" "/etc/shells"
+
+  cat /etc/dropbear/root_key > "${TMPDIR}"/authorized_keys
+
+  add_dir "/.ssh"
+  add_file "${TMPDIR}/authorized_keys" "/.ssh/authorized_keys"
+  add_file "${TMPDIR}/passwd" "/etc/passwd"
+  add_full_dir "/etc/dropbear"
+  add_file "/lib/libnss_files.so.2"
+  add_dir "/var/run"
+
+  touch "${TMPDIR}"/lastlog
+  add_dir "/var/log"
+  add_file "${TMPDIR}/lastlog" "/var/log/lastlog"
+
+  # cleanup
+  rm "${TMPDIR}/cryptsetup_shell"
+  rm "${TMPDIR}/shells"
+  rm "${TMPDIR}/authorized_keys"
+  rm "${TMPDIR}/passwd"
+  rm "${TMPDIR}/lastlog"
+
+  add_runscript
+  
+}
+
+help ()
+{
+    cat<<HELPEOF
+This hook should always be used in combination with the "encrypthssh" hook. 
+Add this hook before the "encryptssh", though. Together they allow to enter 
+a password for a LUKS encrypted root device either via SSH or locally. 
+HELPEOF
+}