Package: dropbear
Version: 0.50-2
Severity: wishlist
Tags: patch
this patch is part of three patches (initramfs-tools, cryptsetup,
dropbear) which enable mkinitramfs to create initramfss that provide the
ability to log in and unlock a cryptroot during the boot process from
remote via ssh.
initramfs script, hook-script, and config are added.
openssh-client is promoted from suggested to recommended, because in
case of a cryptroot with dropbear it's not really unimportant that
mkinitramfs is able to create authorization keys. also udev is needed
for dropbear in initramfs.
diff -rNc dropbear-0.50.orig/debian/control dropbear-0.50/debian/control
*** dropbear-0.50.orig/debian/control 2008-02-14 20:17:40.000000000 +0100
--- dropbear-0.50/debian/control 2008-02-14 20:17:59.000000000 +0100
***************
*** 8,14 ****
Package: dropbear
Architecture: any
Depends: ${shlibs:Depends}
! Suggests: openssh-client, runit
Description: lightweight SSH2 server and client
dropbear is a SSH 2 server and client designed to be small enough to
be used in small memory environments, while still being functional and
--- 8,15 ----
Package: dropbear
Architecture: any
Depends: ${shlibs:Depends}
! Recommends: openssh-client, udev
! Suggests: runit
Description: lightweight SSH2 server and client
dropbear is a SSH 2 server and client designed to be small enough to
be used in small memory environments, while still being functional and
diff -rNc dropbear-0.50.orig/debian/initramfs/dropbear-conf dropbear-0.50/debian/initramfs/dropbear-conf
*** dropbear-0.50.orig/debian/initramfs/dropbear-conf 1970-01-01 01:00:00.000000000 +0100
--- dropbear-0.50/debian/initramfs/dropbear-conf 2008-02-14 20:17:59.000000000 +0100
***************
*** 0 ****
--- 1,8 ----
+ #
+ # DROPBEAR: [ y | n ]
+ #
+ # Use dropbear if available. If not specified, dropbear will be used - if
+ # possible - in case of cryptroot.
+ #
+
+ #DROPBEAR=y
diff -rNc dropbear-0.50.orig/debian/initramfs/dropbear-hook dropbear-0.50/debian/initramfs/dropbear-hook
*** dropbear-0.50.orig/debian/initramfs/dropbear-hook 1970-01-01 01:00:00.000000000 +0100
--- dropbear-0.50/debian/initramfs/dropbear-hook 2008-02-14 20:19:44.000000000 +0100
***************
*** 0 ****
--- 1,55 ----
+ #!/bin/sh
+
+ PREREQ=""
+
+ prereqs() {
+ echo "$PREREQ"
+ }
+
+ case $1 in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+ esac
+
+ . "${CONFDIR}/initramfs.conf"
+ . /usr/share/initramfs-tools/hook-functions
+
+ # Install dropbear if explicitly enabled, or in case of a cryptroot setup if not explicitly disabled
+ if [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ); then
+ if [ ! -x "/usr/sbin/dropbear" ]; then
+ if [ "${DROPBEAR}" = "y" ]; then
+ echo "dropbear: FAILURE: Dropbear not found!"
+ else
+ echo "dropbear: WARNING: Dropbear not found, remote unlocking of cryptroot via ssh won't work!"
+ fi
+ else
+ rm -f "${DESTDIR}/sbin/dropbear"
+ copy_exec "/usr/sbin/dropbear" "/sbin/"
+ cp /lib/libnss_* "${DESTDIR}/lib/"
+ echo "root:x:0:0:root:/root:/bin/sh" > "${DESTDIR}/etc/passwd"
+ for keytype in "dss" "rsa"; do
+ if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then
+ mkdir -p "/etc/initramfs-tools/etc/dropbear"
+ dropbearkey -t "${keytype}" -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key"
+ fi
+ done
+ cp -R /etc/initramfs-tools/etc/dropbear "${DESTDIR}/etc/"
+ if [ ! -f "/etc/initramfs-tools/root/.ssh/id_rsa.pub" ]; then
+ mkdir -p "/etc/initramfs-tools/root/.ssh"
+ if [ -x "/usr/bin/ssh-keygen" ]; then
+ ssh-keygen -N "" -f "/etc/initramfs-tools/root/.ssh/id_rsa"
+ else
+ if [ "${DROPBEAR}" = "y" ]; then
+ echo "dropbear: FAILURE: no authorized publickey found and ssh-keygen not available!"
+ else
+ echo "dropbear: WARNING: no authorized publickey found and ssh-keygen not available, remote unlocking of cryptroot via ssh won't work!"
+ fi
+ fi
+ fi
+ mkdir -p "${DESTDIR}/root/.ssh"
+ cp /etc/initramfs-tools/root/.ssh/id_rsa.pub "${DESTDIR}/root/.ssh/authorized_keys"
+ fi
+ fi
+
diff -rNc dropbear-0.50.orig/debian/initramfs/dropbear-script dropbear-0.50/debian/initramfs/dropbear-script
*** dropbear-0.50.orig/debian/initramfs/dropbear-script 1970-01-01 01:00:00.000000000 +0100
--- dropbear-0.50/debian/initramfs/dropbear-script 2008-02-14 20:17:59.000000000 +0100
***************
*** 0 ****
--- 1,34 ----
+ #!/bin/sh
+
+ PREREQ="udev"
+
+ prereqs() {
+ echo "$PREREQ"
+ }
+
+ case $1 in
+ # get pre-requisites
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+ esac
+
+ . /scripts/functions
+
+ log_begin_msg "Starting dropbear"
+
+ . /conf/initramfs.conf
+
+ for x in $(cat /proc/cmdline); do
+ case $x in
+ ip=*)
+ IPOPTS="${x#ip=}"
+ ;;
+ esac
+ done
+
+ configure_networking
+
+ /sbin/dropbear
+
diff -rNc dropbear-0.50.orig/debian/rules dropbear-0.50/debian/rules
*** dropbear-0.50.orig/debian/rules 2008-02-14 20:17:40.000000000 +0100
--- dropbear-0.50/debian/rules 2008-02-14 20:17:59.000000000 +0100
***************
*** 91,96 ****
--- 91,102 ----
# copyright, changelog
cat debian/copyright.in LICENSE >debian/copyright
test -r changelog || ln -s CHANGES changelog
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/hooks
+ install -m0755 debian/initramfs/dropbear-hook '$(DIR)'/usr/share/initramfs-tools/hooks/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount
+ install -m0755 debian/initramfs/dropbear-script '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d
+ install -m0644 debian/initramfs/dropbear-conf '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear
binary-indep: