Hi,
Attached is a patch which adds support for a completely
different networking configuration in the initramfs
from that of the running system.
The patch brings down network interfaces, when configured
to do so, after the rootfs is mounted. There is a
configuration file in conf.d/ and a script in
scripts/local-bottom/, and a patch to the debian/rules
file to install them.
Note: I now believe that both
/usr/share/initramfs-tools/conf-hooks.d/dropbear and
/usr/share/initramfs-tools/conf.d/dropbear should
be copied to/etc/initramfs-tools/, in conf-hooks.d/
and conf.d/ respectively, and maintained as configuration
files by dpkg to give the sysadmin better control.
However this patch does not do this with it's
conf.d/dropbear file to maintain consistency with
conf-hooks.d/dropbear. See Bug #715047.
It works for me, although I've not tested the
debian/rules file. However, it does not work without
a patch to klibc which enables the ipconfig command
to bring down network interfaces.
I will followup with a link to the klibc patch,
and a link to a related cryptsetup documentation
patch, when available.
Regards,
Karl <[email protected]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
diff '--exclude=*~' -ruN dropbear-2012.55.orig/debian/initramfs/dropbear-conf.d-conf dropbear-2012.55/debian/initramfs/dropbear-conf.d-conf
--- dropbear-2012.55.orig/debian/initramfs/dropbear-conf.d-conf 1969-12-31 18:00:00.000000000 -0600
+++ dropbear-2012.55/debian/initramfs/dropbear-conf.d-conf 2013-07-08 16:02:24.392327742 -0500
@@ -0,0 +1,12 @@
+#
+# DROPBEAR_IFDOWN: iface
+#
+# iface The interface to bring down. Default = '', meaning none.
+# 'all' brings all interfaces down.
+#
+# Bring down the named network interfaces after mounting root.
+# (Useful with cryptroot to give the initramfs a different IP from
+# that of the running system.)
+#
+
+#DROPBEAR_IFDOWN=
diff '--exclude=*~' -ruN dropbear-2012.55.orig/debian/initramfs/local-bottom-dropbear dropbear-2012.55/debian/initramfs/local-bottom-dropbear
--- dropbear-2012.55.orig/debian/initramfs/local-bottom-dropbear 1969-12-31 18:00:00.000000000 -0600
+++ dropbear-2012.55/debian/initramfs/local-bottom-dropbear 2013-07-08 11:32:16.636488409 -0500
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /conf/conf.d/dropbear
+
+[ -z "$DROPBEAR_IFDOWN" ] && exit 0
+
+. /scripts/functions
+
+log_begin_msg "Bringing interfaces down"
+
+ipconfig -c down $DROPBEAR_IFDOWN
diff '--exclude=*~' -ruN dropbear-2012.55.orig/debian/rules dropbear-2012.55/debian/rules
--- dropbear-2012.55.orig/debian/rules 2013-07-08 15:47:07.000000000 -0500
+++ dropbear-2012.55/debian/rules 2013-07-08 16:14:46.122648420 -0500
@@ -89,9 +89,16 @@
install -m0755 debian/initramfs/premount-dropbear \
'$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear
install -d -m0755 \
+ '$(DIR)'/usr/share/initramfs-tools/scripts/local-bottom
+ install -m0755 debian/initramfs/local-bottom-dropbear \
+ '$(DIR)'/usr/share/initramfs-tools/scripts/local-bottom/dropbear
+ install -d -m0755 \
'$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom
install -m0755 debian/initramfs/bottom-dropbear \
'$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf.d
+ install -m0644 debian/initramfs/dropbear-conf.d-conf \
+ '$(DIR)'/usr/share/initramfs-tools/conf.d/dropbear
install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d
install -m0644 debian/initramfs/dropbear-conf \
'$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear
