diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d4a21d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +mkinitcpio-dropbear*.tar.zst +src/ +pkg/ diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..b7405f1 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,23 @@ +2024-05-09 Marko Korhonen + + * 0.1.0 : + - Add support for ed25519 host keys + - Add support for a config file which allows changing the dropbear port + +2015-08-11 Giancarlo Razzolini + + * 0.0.3 : + - Correction of the hook help text. + - Changed the root user home directory to /root. + - Some other cleanups, specially regarding TMPDIR files juggling. + +2015-07-28 Giancarlo Razzolini + + * 0.0.2 : + - Removed leftovers from the old dropbear_initrd_encrypt which where conflicting with mkinitcpio-utils. + +2015-07-14 Giancarlo Razzolini + + * 0.0.1 : + - Initial release. + - Provide the same functionality as in dropbear_initrd_encrypt regarding dropbear. diff --git a/LICENSE b/LICENSE index 707f934..30768b9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,3 +1,4 @@ +Copyright (c) 2024, Marko Korhonen Copyright (c) 2015, Giancarlo Razzolini All rights reserved. diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..c8215c4 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,36 @@ +# Maintainer: Marko Korhonen +# Contributor: Caleb Maclennan +# Contributor: Giancarlo Razzolini + +pkgname=mkinitcpio-dropbear2 +pkgname_="mkinitcpio-dropbear" +conflicts=("$pkgname_") +pkgver=0.1.0 +pkgrel=1 +pkgdesc='hook to install and enable the dropbear daemon in early userspace' +arch=(any) +url="https://git.korhonen.cc/FunctionalHacker/$pkgname_" +license=(GPL3) +depends=(dropbear psmisc) +optdepends=( + 'mkinitcpio-netconf: Network interface configuration' + 'mkinitcpio-ppp: PPP interface configuration' + 'openssh: Allows the use of the same host keys used for normal access' +) +source=( + "dropbear_hook" + "dropbear_install" + "LICENSE" +) +backup=("etc/dropbear/config") +changelog=ChangeLog +sha256sums=('9852ab6a3ba4191ed3eabbfebb2876fe7ff1003f62309043ec0b8b9374e3b9ee' + '3f6cb2c6edd2a5510e9d2366b68815b0d0f9d7cfc066c26c4b842af44d2024fd' + 'ac69d63ecc672c698582b0fc260dbfe42d71adcdab707f807c8e1113be11abd8') + +package() { + install -Dm0644 dropbear_hook "$pkgdir/usr/lib/initcpio/hooks/dropbear" + install -Dm0644 dropbear_install "$pkgdir/usr/lib/initcpio/install/dropbear" + install -Dm0644 dropbear_config "$pkgdir/etc/dropbear/config" + install -Dm0644 -t "$pkgdir/usr/share/licenses/$pkgname_/" LICENSE +} diff --git a/dropbear_config b/dropbear_config new file mode 100644 index 0000000..dbbdcc8 --- /dev/null +++ b/dropbear_config @@ -0,0 +1 @@ +DROPBEAR_PORT=22 diff --git a/dropbear_hook b/dropbear_hook index 6a9bae7..1fc0d6e 100644 --- a/dropbear_hook +++ b/dropbear_hook @@ -1,19 +1,24 @@ -#!/usr/bin/ash +#!/bin/sh -run_hook () -{ - [ -d /dev/pts ] || mkdir -p /dev/pts - mount -t devpts devpts /dev/pts +run_hook() { + [ -d /dev/pts ] || mkdir -p /dev/pts + mount -t devpts devpts /dev/pts - echo "Starting dropbear" - /usr/sbin/dropbear -E -s -j -k + if [ -s /etc/dropbear/config ]; then + echo "Found dropbear config file" + . /etc/dropbear/config + fi + + port=${DROPBEAR_PORT:-22} + + echo "Starting dropbear on port $port" + /usr/sbin/dropbear -E -s -j -k -p "$port" } -run_cleanuphook () -{ +run_cleanuphook() { umount /dev/pts rm -R /dev/pts if [ -f /var/run/dropbear.pid ]; then - kill `cat /var/run/dropbear.pid` + kill "$(cat /var/run/dropbear.pid)" fi } diff --git a/dropbear_install b/dropbear_install index 40a5116..8e1be6a 100644 --- a/dropbear_install +++ b/dropbear_install @@ -1,103 +1,100 @@ -#!/bin/bash +#!/bin/sh + +set -e + +CONFIG_FILE="/etc/dropbear/config" +KEY_TYPES="ed25519 ecdsa rsa" get_fingerprint() { - local keyfile="$1" - dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}' + kf="$1" + dropbearkey -y -f "${kf}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}' } display_fingerprints() { - local keyfile - - for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_dss_host_key" "/etc/dropbear/dropbear_ecdsa_host_key" ; do - if [ -s "${keyfile}" ] ; then - echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")" - fi - done + for kt in $KEY_TYPES; do + kf="/etc/dropbear/dropbear_${kt}_host_key" + if [ -s "${kf}" ]; then + echo "$(basename "${kf}") : $(get_fingerprint "${kf}")" + fi + done } copy_openssh_keys() { - local osshrsa="/etc/ssh/ssh_host_rsa_key" - local osshdsa="/etc/ssh/ssh_host_dsa_key" - local osshecdsa="/etc/ssh/ssh_host_ecdsa_key" + return_code=1 - local dbpre="/etc/dropbear/dropbear_" + for kt in $KEY_TYPES; do + osshkey="/etc/ssh/ssh_host_${kt}_key" + if [ -s "$osshkey" ]; then + dropbearconvert \ + openssh dropbear \ + "$osshkey" \ + "/etc/dropbear/dropbear_${kt}_host_key" + return_code=0 + fi + done - local return_code=1 - - if [ -s "$osshrsa" ]; then - dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key - return_code=0 - fi - - if [ -s "$osshdsa" ]; then - dropbearconvert openssh dropbear $osshdsa ${dbpre}dss_host_key - return_code=0 - fi - - if [ -s "$osshecdsa" ]; then - dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key - return_code=0 - fi - - return $return_code + return $return_code } generate_keys() { - local keyfile keytype - for keytype in rsa dss ecdsa ; do - keyfile="/etc/dropbear/dropbear_${keytype}_host_key" - if [ ! -s "$keyfile" ]; then - echo "Generating ${keytype} host key for dropbear ..." - dropbearkey -t "${keytype}" -f "${keyfile}" - fi - done + for kt in $KEY_TYPES; do + kf="/etc/dropbear/dropbear_${kt}_host_key" + if [ ! -s "$kf" ]; then + echo "Generating ${kt} host key for dropbear ..." + dropbearkey -t "${kt}" -f "${kf}" + fi + done } -build () -{ - # - # Begin real processing - # +build() { + # + # Begin real processing + # - # Are we even needed? - if [ ! -r "/etc/dropbear/root_key" -o ! -s "/etc/dropbear/root_key" ]; then - echo "There is no root key in /etc/dropbear/root_key existent; exit" - return 0 - fi + # Are we even needed? + if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then + echo "There is no root key in /etc/dropbear/root_key existent; exit" + return 0 + fi - # if TMPDIR is set leave it alone otherwise set - [ -z $TMPDIR ] && TMPDIR='/tmp/dropbear_initrd_encrypt' + # if TMPDIR is set leave it alone otherwise set + [ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt' - # check if TMPDIR exsists if not make it - [ -d $TMPDIR ] || mkdir -p $TMPDIR + # check if TMPDIR exsists if not make it + [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" - umask 0022 + umask 0022 - [ -d /etc/dropbear ] && mkdir -p /etc/dropbear + [ -d /etc/dropbear ] && mkdir -p /etc/dropbear - copy_openssh_keys || generate_keys - display_fingerprints + copy_openssh_keys || generate_keys + display_fingerprints - add_checked_modules "/drivers/net/" - add_binary "rm" - add_binary "killall" - add_binary "dropbear" + add_checked_modules "/drivers/net/" + add_binary "rm" + add_binary "killall" + add_binary "dropbear" - add_dir "/root/.ssh" - cat /etc/dropbear/root_key > "${BUILDROOT}"/root/.ssh/authorized_keys + add_dir "/root/.ssh" + cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys - add_full_dir "/etc/dropbear" - add_file "/lib/libnss_files.so.2" - add_dir "/var/run" - add_dir "/var/log" - touch "${BUILDROOT}"/var/log/lastlog + add_full_dir "/etc/dropbear" + add_file "/lib/libnss_files.so.2" + add_dir "/var/run" + add_dir "/var/log" + touch "${BUILDROOT}"/var/log/lastlog - add_runscript + if [ -s $CONFIG_FILE ]; then + echo "Using config file $CONFIG_FILE:" + cat $CONFIG_FILE + add_file $CONFIG_FILE + fi + + add_runscript } -help () -{ - cat<