diff --git a/.gitignore b/.gitignore deleted file mode 100644 index d4a21d7..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -mkinitcpio-dropbear*.tar.zst -src/ -pkg/ diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index b7405f1..0000000 --- a/ChangeLog +++ /dev/null @@ -1,23 +0,0 @@ -2024-05-09 Marko Korhonen - - * 0.1.0 : - - Add support for ed25519 host keys - - Add support for a config file which allows changing the dropbear port - -2015-08-11 Giancarlo Razzolini - - * 0.0.3 : - - Correction of the hook help text. - - Changed the root user home directory to /root. - - Some other cleanups, specially regarding TMPDIR files juggling. - -2015-07-28 Giancarlo Razzolini - - * 0.0.2 : - - Removed leftovers from the old dropbear_initrd_encrypt which where conflicting with mkinitcpio-utils. - -2015-07-14 Giancarlo Razzolini - - * 0.0.1 : - - Initial release. - - Provide the same functionality as in dropbear_initrd_encrypt regarding dropbear. diff --git a/LICENSE b/LICENSE index 30768b9..707f934 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,3 @@ -Copyright (c) 2024, Marko Korhonen Copyright (c) 2015, Giancarlo Razzolini All rights reserved. diff --git a/PKGBUILD b/PKGBUILD deleted file mode 100644 index c8215c4..0000000 --- a/PKGBUILD +++ /dev/null @@ -1,36 +0,0 @@ -# Maintainer: Marko Korhonen -# Contributor: Caleb Maclennan -# Contributor: Giancarlo Razzolini - -pkgname=mkinitcpio-dropbear2 -pkgname_="mkinitcpio-dropbear" -conflicts=("$pkgname_") -pkgver=0.1.0 -pkgrel=1 -pkgdesc='hook to install and enable the dropbear daemon in early userspace' -arch=(any) -url="https://git.korhonen.cc/FunctionalHacker/$pkgname_" -license=(GPL3) -depends=(dropbear psmisc) -optdepends=( - 'mkinitcpio-netconf: Network interface configuration' - 'mkinitcpio-ppp: PPP interface configuration' - 'openssh: Allows the use of the same host keys used for normal access' -) -source=( - "dropbear_hook" - "dropbear_install" - "LICENSE" -) -backup=("etc/dropbear/config") -changelog=ChangeLog -sha256sums=('9852ab6a3ba4191ed3eabbfebb2876fe7ff1003f62309043ec0b8b9374e3b9ee' - '3f6cb2c6edd2a5510e9d2366b68815b0d0f9d7cfc066c26c4b842af44d2024fd' - 'ac69d63ecc672c698582b0fc260dbfe42d71adcdab707f807c8e1113be11abd8') - -package() { - install -Dm0644 dropbear_hook "$pkgdir/usr/lib/initcpio/hooks/dropbear" - install -Dm0644 dropbear_install "$pkgdir/usr/lib/initcpio/install/dropbear" - install -Dm0644 dropbear_config "$pkgdir/etc/dropbear/config" - install -Dm0644 -t "$pkgdir/usr/share/licenses/$pkgname_/" LICENSE -} diff --git a/dropbear_config b/dropbear_config deleted file mode 100644 index dbbdcc8..0000000 --- a/dropbear_config +++ /dev/null @@ -1 +0,0 @@ -DROPBEAR_PORT=22 diff --git a/dropbear_hook b/dropbear_hook index 1fc0d6e..18131f1 100644 --- a/dropbear_hook +++ b/dropbear_hook @@ -1,24 +1,22 @@ -#!/bin/sh +#!/usr/bin/ash -run_hook() { - [ -d /dev/pts ] || mkdir -p /dev/pts - mount -t devpts devpts /dev/pts +run_hook () +{ + [ -d /dev/pts ] || mkdir -p /dev/pts + mount -t devpts devpts /dev/pts - if [ -s /etc/dropbear/config ]; then - echo "Found dropbear config file" - . /etc/dropbear/config - fi - - port=${DROPBEAR_PORT:-22} - - echo "Starting dropbear on port $port" - /usr/sbin/dropbear -E -s -j -k -p "$port" + echo "Starting dropbear" + /usr/sbin/dropbear -E -s -j -k } -run_cleanuphook() { +run_cleanuphook () +{ umount /dev/pts rm -R /dev/pts if [ -f /var/run/dropbear.pid ]; then - kill "$(cat /var/run/dropbear.pid)" + kill `cat /var/run/dropbear.pid` fi + . /ip_opts + /sbin/ip addr flush dev "$device" + /sbin/ip link set down "$device" } diff --git a/dropbear_install b/dropbear_install index 8e1be6a..1285a24 100644 --- a/dropbear_install +++ b/dropbear_install @@ -1,103 +1,143 @@ -#!/bin/sh - -set -e - -CONFIG_FILE="/etc/dropbear/config" -KEY_TYPES="ed25519 ecdsa rsa" +#!/bin/bash get_fingerprint() { - kf="$1" - dropbearkey -y -f "${kf}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}' + local keyfile="$1" + dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}' } display_fingerprints() { - for kt in $KEY_TYPES; do - kf="/etc/dropbear/dropbear_${kt}_host_key" - if [ -s "${kf}" ]; then - echo "$(basename "${kf}") : $(get_fingerprint "${kf}")" - fi - done + local keyfile + + for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_dss_host_key" "/etc/dropbear/dropbear_ecdsa_host_key" ; do + if [ -s "${keyfile}" ] ; then + echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")" + fi + done } copy_openssh_keys() { - return_code=1 + local osshrsa="/etc/ssh/ssh_host_rsa_key" + local osshdsa="/etc/ssh/ssh_host_dsa_key" + local osshecdsa="/etc/ssh/ssh_host_ecdsa_key" - for kt in $KEY_TYPES; do - osshkey="/etc/ssh/ssh_host_${kt}_key" - if [ -s "$osshkey" ]; then - dropbearconvert \ - openssh dropbear \ - "$osshkey" \ - "/etc/dropbear/dropbear_${kt}_host_key" - return_code=0 - fi - done + local dbpre="/etc/dropbear/dropbear_" - return $return_code + local return_code=1 + + if [ -s "$osshrsa" ]; then + dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key + return_code=0 + fi + + if [ -s "$osshdsa" ]; then + dropbearconvert openssh dropbear $osshdsa ${dbpre}dss_host_key + return_code=0 + fi + + if [ -s "$osshecdsa" ]; then + dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key + return_code=0 + fi + + return $return_code } generate_keys() { - for kt in $KEY_TYPES; do - kf="/etc/dropbear/dropbear_${kt}_host_key" - if [ ! -s "$kf" ]; then - echo "Generating ${kt} host key for dropbear ..." - dropbearkey -t "${kt}" -f "${kf}" - fi - done + local keyfile keytype + for keytype in rsa dss ecdsa ; do + keyfile="/etc/dropbear/dropbear_${keytype}_host_key" + if [ ! -s "$keyfile" ]; then + echo "Generating ${keytype} host key for dropbear ..." + dropbearkey -t "${keytype}" -f "${keyfile}" + fi + done } -build() { - # - # Begin real processing - # - - # Are we even needed? - if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then - echo "There is no root key in /etc/dropbear/root_key existent; exit" - return 0 - fi - - # if TMPDIR is set leave it alone otherwise set - [ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt' - - # check if TMPDIR exsists if not make it - [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" - - umask 0022 - - [ -d /etc/dropbear ] && mkdir -p /etc/dropbear - - copy_openssh_keys || generate_keys - display_fingerprints - - add_checked_modules "/drivers/net/" - add_binary "rm" - add_binary "killall" - add_binary "dropbear" - - add_dir "/root/.ssh" - cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys - - add_full_dir "/etc/dropbear" - add_file "/lib/libnss_files.so.2" - add_dir "/var/run" - add_dir "/var/log" - touch "${BUILDROOT}"/var/log/lastlog - - if [ -s $CONFIG_FILE ]; then - echo "Using config file $CONFIG_FILE:" - cat $CONFIG_FILE - add_file $CONFIG_FILE - fi - - add_runscript +make_etc_passwd() { + echo 'root:x:0:0:root:/:/bin/cryptsetup_shell' > "${TMPDIR}"/passwd } -help() { - cat < ${TMPDIR}/cryptsetup_shell +#!/bin/sh +if [ -c "/dev/mapper/control" ]; then + if eval /sbin/cryptsetup luksOpen \`cat /.cryptdev\` \`cat /.cryptname\` \`cat /.cryptargs\` ; then + echo > /.done + killall cryptsetup + fi +else + echo "encryption bootup not succeeded. please wait!" +fi +SCRIPTEOF + + chmod a+x ${TMPDIR}/cryptsetup_shell + + add_file "${TMPDIR}/cryptsetup_shell" "/bin/cryptsetup_shell" + + echo '/bin/cryptsetup_shell' > "${TMPDIR}"/shells + add_file "${TMPDIR}/shells" "/etc/shells" + + cat /etc/dropbear/root_key > "${TMPDIR}"/authorized_keys + + add_dir "/.ssh" + add_file "${TMPDIR}/authorized_keys" "/.ssh/authorized_keys" + add_file "${TMPDIR}/passwd" "/etc/passwd" + add_full_dir "/etc/dropbear" + add_file "/lib/libnss_files.so.2" + add_dir "/var/run" + + touch "${TMPDIR}"/lastlog + add_dir "/var/log" + add_file "${TMPDIR}/lastlog" "/var/log/lastlog" + + # cleanup + rm "${TMPDIR}/cryptsetup_shell" + rm "${TMPDIR}/shells" + rm "${TMPDIR}/authorized_keys" + rm "${TMPDIR}/passwd" + rm "${TMPDIR}/lastlog" + + add_runscript + +} + +help () +{ + cat<