104 lines
2.5 KiB
Bash
104 lines
2.5 KiB
Bash
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
CONFIG_FILE="/etc/dropbear/config"
|
|
KEY_TYPES="ed25519 ecdsa rsa"
|
|
|
|
get_fingerprint() {
|
|
kf="$1"
|
|
dropbearkey -y -f "${kf}" | sed -n '/^Fingerprint:/ {s/Fingerprint: *//; p}'
|
|
}
|
|
|
|
display_fingerprints() {
|
|
for kt in $KEY_TYPES; do
|
|
kf="/etc/dropbear/dropbear_${kt}_host_key"
|
|
if [ -s "${kf}" ]; then
|
|
echo "$(basename "${kf}") : $(get_fingerprint "${kf}")"
|
|
fi
|
|
done
|
|
}
|
|
|
|
copy_openssh_keys() {
|
|
return_code=1
|
|
|
|
for kt in $KEY_TYPES; do
|
|
osshkey="/etc/ssh/ssh_host_${kt}_key"
|
|
if [ -s "$osshkey" ]; then
|
|
dropbearconvert \
|
|
openssh dropbear \
|
|
"$osshkey" \
|
|
"/etc/dropbear/dropbear_${kt}_host_key"
|
|
return_code=0
|
|
fi
|
|
done
|
|
|
|
return $return_code
|
|
}
|
|
|
|
generate_keys() {
|
|
for kt in $KEY_TYPES; do
|
|
kf="/etc/dropbear/dropbear_${kt}_host_key"
|
|
if [ ! -s "$kf" ]; then
|
|
echo "Generating ${kt} host key for dropbear ..."
|
|
dropbearkey -t "${kt}" -f "${kf}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
build() {
|
|
#
|
|
# Begin real processing
|
|
#
|
|
|
|
# Are we even needed?
|
|
if [ ! -r "/etc/dropbear/root_key" ] || [ ! -s "/etc/dropbear/root_key" ]; then
|
|
echo "There is no root key in /etc/dropbear/root_key existent; exit"
|
|
return 0
|
|
fi
|
|
|
|
# if TMPDIR is set leave it alone otherwise set
|
|
[ -z "$TMPDIR" ] && TMPDIR='/tmp/dropbear_initrd_encrypt'
|
|
|
|
# check if TMPDIR exsists if not make it
|
|
[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR"
|
|
|
|
umask 0022
|
|
|
|
[ -d /etc/dropbear ] && mkdir -p /etc/dropbear
|
|
|
|
copy_openssh_keys || generate_keys
|
|
display_fingerprints
|
|
|
|
add_checked_modules "/drivers/net/"
|
|
add_binary "rm"
|
|
add_binary "killall"
|
|
add_binary "dropbear"
|
|
|
|
add_dir "/root/.ssh"
|
|
cat /etc/dropbear/root_key >"${BUILDROOT}"/root/.ssh/authorized_keys
|
|
|
|
add_full_dir "/etc/dropbear"
|
|
add_file "/lib/libnss_files.so.2"
|
|
add_dir "/var/run"
|
|
add_dir "/var/log"
|
|
touch "${BUILDROOT}"/var/log/lastlog
|
|
|
|
if [ -s $CONFIG_FILE ]; then
|
|
echo "Using config file $CONFIG_FILE:"
|
|
cat $CONFIG_FILE
|
|
add_file $CONFIG_FILE
|
|
fi
|
|
|
|
add_runscript
|
|
}
|
|
|
|
help() {
|
|
cat <<HELPEOF
|
|
This hook is meant to be used in conjunction with mkinitcpio-netconf and/or
|
|
mkinitcpio-ppp. It DOES NOT provide any default shell. It will only install
|
|
and start dropbear on early userspace. In the package mkinitcpio-utils you
|
|
will find hooks and shells for remote unlocking a luks root partition,
|
|
among others.
|
|
HELPEOF
|
|
}
|