.gitignore

@@ -1,3 +0,0 @@
-mkinitcpio-dropbear*.tar.zst
-src/
-pkg/

ChangeLog

@@ -1,23 +0,0 @@
-2024-05-09 Marko Korhonen <marko@korhonen.cc>
-
-	* 0.1.0 :
-	- Add support for ed25519 host keys
-	- Add support for a config file which allows changing the dropbear port
-
-2015-08-11 Giancarlo Razzolini <grazzolini@gmail.com>
-
-	* 0.0.3 :
-	- Correction of the hook help text.
-	- Changed the root user home directory to /root.
-	- Some other cleanups, specially regarding TMPDIR files juggling.
-
-2015-07-28 Giancarlo Razzolini <grazzolini@gmail.com>
-
-	* 0.0.2 :
-	- Removed leftovers from the old dropbear_initrd_encrypt which where conflicting with mkinitcpio-utils.
-
-2015-07-14 Giancarlo Razzolini <grazzolini@gmail.com>
-
-	* 0.0.1 :
-	- Initial release.
-	- Provide the same functionality as in dropbear_initrd_encrypt regarding dropbear.

LICENSE

@@ -1,4 +1,3 @@
-Copyright (c) 2024, Marko Korhonen
 Copyright (c) 2015, Giancarlo Razzolini
 All rights reserved.
 

PKGBUILD

@@ -1,36 +0,0 @@
-# Maintainer: Marko Korhonen <marko@korhonen.cc>
-# Contributor: Caleb Maclennan <caleb@alerque.com>
-# Contributor: Giancarlo Razzolini <grazzolini@archlinux.org>
-
-pkgname=mkinitcpio-dropbear2
-pkgname_="mkinitcpio-dropbear"
-conflicts=("$pkgname_")
-pkgver=0.1.0
-pkgrel=1
-pkgdesc='hook to install and enable the dropbear daemon in early userspace'
-arch=(any)
-url="https://git.korhonen.cc/FunctionalHacker/$pkgname_"
-license=(GPL3)
-depends=(dropbear psmisc)
-optdepends=(
-    'mkinitcpio-netconf: Network interface configuration'
-    'mkinitcpio-ppp: PPP interface configuration'
-    'openssh: Allows the use of the same host keys used for normal access'
-)
-source=(
-    "dropbear_hook"
-    "dropbear_install"
-    "LICENSE"
-)
-backup=("etc/dropbear/config")
-changelog=ChangeLog
-sha256sums=('9852ab6a3ba4191ed3eabbfebb2876fe7ff1003f62309043ec0b8b9374e3b9ee'
-            '3f6cb2c6edd2a5510e9d2366b68815b0d0f9d7cfc066c26c4b842af44d2024fd'
-            'ac69d63ecc672c698582b0fc260dbfe42d71adcdab707f807c8e1113be11abd8')
-
-package() {
-    install -Dm0644 dropbear_hook "$pkgdir/usr/lib/initcpio/hooks/dropbear"
-    install -Dm0644 dropbear_install "$pkgdir/usr/lib/initcpio/install/dropbear"
-    install -Dm0644 dropbear_config "$pkgdir/etc/dropbear/config"
-    install -Dm0644 -t "$pkgdir/usr/share/licenses/$pkgname_/" LICENSE
-}

dropbear_config

@@ -1 +0,0 @@
-DROPBEAR_PORT=22

dropbear_hook

@@ -1,24 +1,22 @@
-#!/bin/sh
+#!/usr/bin/ash
 
-run_hook() {
+run_hook ()
-    [ -d /dev/pts ] || mkdir -p /dev/pts
+{
-    mount -t devpts devpts /dev/pts
+  [ -d /dev/pts ] || mkdir -p /dev/pts
+  mount -t devpts devpts /dev/pts
 
-    if [ -s /etc/dropbear/config ]; then
+  echo "Starting dropbear"
-        echo "Found dropbear config file"
+  /usr/sbin/dropbear -E -s -j -k
-        . /etc/dropbear/config
-    fi
-
-    port=${DROPBEAR_PORT:-22}
-
-    echo "Starting dropbear on port $port"
-    /usr/sbin/dropbear -E -s -j -k -p "$port"
 }
 
-run_cleanuphook() {
+run_cleanuphook ()
+{
     umount /dev/pts
     rm -R /dev/pts
     if [ -f /var/run/dropbear.pid ]; then
-        kill "$(cat /var/run/dropbear.pid)"
+        kill `cat /var/run/dropbear.pid`
     fi
+    . /ip_opts
+    /sbin/ip addr flush dev "$device"
+    /sbin/ip link set down "$device"
 }

dropbear_install

@@ -1,103 +1,143 @@
-#!/bin/sh
+#!/bin/bash
-
-set -e
-
-CONFIG_FILE="/etc/dropbear/config"
-KEY_TYPES="ed25519 ecdsa rsa"
 
 get_fingerprint() {
-    kf="$1"
+  local keyfile="$1"
-    dropbearkey -y -f "${kf}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
+  dropbearkey -y -f "${keyfile}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
 }
 
 display_fingerprints() {
-    for kt in $KEY_TYPES; do
+  local keyfile
-        kf="/etc/dropbear/dropbear_${kt}_host_key"
+
-        if [ -s "${kf}" ]; then
+  for keyfile in "/etc/dropbear/dropbear_rsa_host_key" "/etc/dropbear/dropbear_dss_host_key" "/etc/dropbear/dropbear_ecdsa_host_key" ; do
-            echo "$(basename "${kf}") : $(get_fingerprint "${kf}")"
+      if [ -s "${keyfile}" ] ; then
-        fi
+	  echo "$(basename "${keyfile}") : $(get_fingerprint "${keyfile}")"
-    done
+      fi
+  done
 }
 
 copy_openssh_keys() {
-    return_code=1
+  local osshrsa="/etc/ssh/ssh_host_rsa_key"
+  local osshdsa="/etc/ssh/ssh_host_dsa_key"
+  local osshecdsa="/etc/ssh/ssh_host_ecdsa_key"
 
-    for kt in $KEY_TYPES; do
+  local dbpre="/etc/dropbear/dropbear_"
-        osshkey="/etc/ssh/ssh_host_${kt}_key"
-        if [ -s "$osshkey" ]; then
-            dropbearconvert \
-                openssh dropbear \
-                "$osshkey" \
-                "/etc/dropbear/dropbear_${kt}_host_key"
-            return_code=0
-        fi
-    done
 
-    return $return_code
+  local return_code=1
+
+  if [ -s "$osshrsa" ]; then
+      dropbearconvert openssh dropbear $osshrsa ${dbpre}rsa_host_key
+      return_code=0
+  fi
+
+  if [ -s "$osshdsa" ]; then
+      dropbearconvert openssh dropbear $osshdsa ${dbpre}dss_host_key
+      return_code=0
+  fi
+
+  if [ -s "$osshecdsa" ]; then
+      dropbearconvert openssh dropbear $osshecdsa ${dbpre}ecdsa_host_key
+      return_code=0
+  fi
+
+  return $return_code
 }
 
 generate_keys() {
-    for kt in $KEY_TYPES; do
+  local keyfile keytype
-        kf="/etc/dropbear/dropbear_${kt}_host_key"
+  for keytype in rsa dss ecdsa ; do
-        if [ ! -s "$kf" ]; then
+      keyfile="/etc/dropbear/dropbear_${keytype}_host_key"
-            echo "Generating ${kt} host key for dropbear ..."
+      if [ ! -s "$keyfile" ]; then
-            dropbearkey -t "${kt}" -f "${kf}"
+	  echo "Generating ${keytype} host key for dropbear ..."
-        fi
+	  dropbearkey -t "${keytype}" -f "${keyfile}"
-    done
+      fi
+  done
 }
 
-build() {
+make_etc_passwd() {
-    #
+  echo 'root:x:0:0:root:/:/bin/cryptsetup_shell' > "${TMPDIR}"/passwd
-    # Begin real processing
-    #
-
-    # Are we even needed?
-    if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then
-        echo "There is no root key in /etc/dropbear/root_key existent; exit"
-        return 0
-    fi
-
-    # if TMPDIR is set leave it alone otherwise set
-    [ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt'
-
-    # check if TMPDIR exsists if not make it
-    [ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"
-
-    umask 0022
-
-    [ -d /etc/dropbear ] && mkdir -p /etc/dropbear
-
-    copy_openssh_keys || generate_keys
-    display_fingerprints
-
-    add_checked_modules "/drivers/net/"
-    add_binary "rm"
-    add_binary "killall"
-    add_binary "dropbear"
-
-    add_dir "/root/.ssh"
-    cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys
-
-    add_full_dir "/etc/dropbear"
-    add_file "/lib/libnss_files.so.2"
-    add_dir "/var/run"
-    add_dir "/var/log"
-    touch "${BUILDROOT}"/var/log/lastlog
-
-    if [ -s $CONFIG_FILE ]; then
-        echo "Using config file $CONFIG_FILE:"
-        cat $CONFIG_FILE
-        add_file $CONFIG_FILE
-    fi
-
-    add_runscript
 }
 
-help() {
+build ()
-    cat <<HELPEOF
+{
+  #
+  # Begin real processing
+  #
+
+  # Are we even needed?
+  if [ ! -r "/etc/dropbear/root_key" -o ! -s "/etc/dropbear/root_key" ]; then
+    echo "There is no root key in /etc/dropbear/root_key existent; exit"
+    return 0
+  fi
+
+  # if TMPDIR is set leave it alone otherwise set
+  [ -z $TMPDIR ] && TMPDIR='/tmp/dropbear_initrd_encrypt'
+
+  # check if TMPDIR exsists if not make it
+  [ -d $TMPDIR ] || mkdir -p $TMPDIR
+
+  umask 0022
+
+  [ -d /etc/dropbear ] && mkdir -p /etc/dropbear
+
+  copy_openssh_keys || generate_keys
+  display_fingerprints
+
+  [ -e "${TMPDIR}/passwd" ] && ( grep -q -e '^root:' "${TMPDIR}/passwd" ) || make_etc_passwd
+
+  add_checked_modules "/drivers/net/"
+  add_binary "rm"
+  add_binary "killall"
+  add_binary "dropbear"
+
+  cat <<SCRIPTEOF > ${TMPDIR}/cryptsetup_shell
+#!/bin/sh
+if [ -c "/dev/mapper/control" ]; then
+  if eval /sbin/cryptsetup luksOpen \`cat /.cryptdev\` \`cat /.cryptname\` \`cat /.cryptargs\` ; then
+    echo > /.done
+    killall cryptsetup
+  fi
+else
+  echo "encryption bootup not succeeded. please wait!"
+fi
+SCRIPTEOF
+
+  chmod a+x ${TMPDIR}/cryptsetup_shell
+
+  add_file "${TMPDIR}/cryptsetup_shell" "/bin/cryptsetup_shell"
+
+  echo '/bin/cryptsetup_shell' > "${TMPDIR}"/shells
+  add_file "${TMPDIR}/shells" "/etc/shells"
+
+  cat /etc/dropbear/root_key > "${TMPDIR}"/authorized_keys
+
+  add_dir "/.ssh"
+  add_file "${TMPDIR}/authorized_keys" "/.ssh/authorized_keys"
+  add_file "${TMPDIR}/passwd" "/etc/passwd"
+  add_full_dir "/etc/dropbear"
+  add_file "/lib/libnss_files.so.2"
+  add_dir "/var/run"
+
+  touch "${TMPDIR}"/lastlog
+  add_dir "/var/log"
+  add_file "${TMPDIR}/lastlog" "/var/log/lastlog"
+
+  # cleanup
+  rm "${TMPDIR}/cryptsetup_shell"
+  rm "${TMPDIR}/shells"
+  rm "${TMPDIR}/authorized_keys"
+  rm "${TMPDIR}/passwd"
+  rm "${TMPDIR}/lastlog"
+
+  add_runscript
+  
+}
+
+help ()
+{
+    cat<<HELPEOF
 This hook is meant to be used in conjunction with mkinitcpio-netconf and/or
 mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install
-and start dropbear on early userspace. In the package mkinitcpio-utils you
+and start dropbear on early userspace. In the package mkinitcpio-shells you
 will find hooks and shells for remote unlocking a luks root partition,
 among others.
 HELPEOF