I don't think Recommends is appropriate for the general
case - it's meant for packages used in "all but unusual
installations" (from the policy manual) isn't it?
ok, i'm not too familiar with the interpretation of the policy, so i
tend to just beleive you if you say so.
The key generation should be able to be performed using
dropbearkey (and /usr/lib/dropbear/dropbearconvert if
required), without needing ssh-keygen.
ahok, i missed the -y option of dropbearkey (it's missing in the
manpage), and thought openssh-client is probably already a dependency
because of user key generation.
i also added a [ -x ] to avoid an error msg on boot if dropbear was not
installed to initramfs.
attached the new patch.
maybe you can take a look at #465902, regarding the 'if cryptroot,
default to installing dropbear to initramfs' behaviour.
Chris
diff -pruN dropbear-0.50.orig/debian/control dropbear-0.50/debian/control
--- dropbear-0.50.orig/debian/control 2008-02-16 14:46:13.000000000 +0100
+++ dropbear-0.50/debian/control 2008-02-16 14:48:45.000000000 +0100
@@ -8,7 +8,7 @@ Standards-Version: 3.7.2.2
Package: dropbear
Architecture: any
Depends: ${shlibs:Depends}
-Suggests: openssh-client, runit
+Suggests: openssh-client, udev, runit
Description: lightweight SSH2 server and client
dropbear is a SSH 2 server and client designed to be small enough to
be used in small memory environments, while still being functional and
diff -pruN dropbear-0.50.orig/debian/initramfs/dropbear-conf dropbear-0.50/debian/initramfs/dropbear-conf
--- dropbear-0.50.orig/debian/initramfs/dropbear-conf 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.50/debian/initramfs/dropbear-conf 2008-02-16 14:48:00.000000000 +0100
@@ -0,0 +1,8 @@
+#
+# DROPBEAR: [ y | n ]
+#
+# Use dropbear if available. If not specified, dropbear will be used - if
+# possible - in case of cryptroot.
+#
+
+#DROPBEAR=y
diff -pruN dropbear-0.50.orig/debian/initramfs/dropbear-hook dropbear-0.50/debian/initramfs/dropbear-hook
--- dropbear-0.50.orig/debian/initramfs/dropbear-hook 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.50/debian/initramfs/dropbear-hook 2008-02-16 14:55:30.000000000 +0100
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case $1 in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. "${CONFDIR}/initramfs.conf"
+. /usr/share/initramfs-tools/hook-functions
+
+# Install dropbear if explicitly enabled, or in case of a cryptroot setup if not explicitly disabled
+if [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ); then
+ if [ ! -x "/usr/sbin/dropbear" ]; then
+ if [ "${DROPBEAR}" = "y" ]; then
+ echo "dropbear: FAILURE: Dropbear not found!"
+ else
+ echo "dropbear: WARNING: Dropbear not found, remote unlocking of cryptroot via ssh won't work!"
+ fi
+ else
+ rm -f "${DESTDIR}/sbin/dropbear"
+ copy_exec "/usr/sbin/dropbear" "/sbin/"
+ cp /lib/libnss_* "${DESTDIR}/lib/"
+ echo "root:x:0:0:root:/root:/bin/sh" > "${DESTDIR}/etc/passwd"
+ for keytype in "dss" "rsa"; do
+ if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then
+ mkdir -p "/etc/initramfs-tools/etc/dropbear"
+ dropbearkey -t "${keytype}" -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key"
+ fi
+ done
+ cp -R /etc/initramfs-tools/etc/dropbear "${DESTDIR}/etc/"
+ if [ ! -f "/etc/initramfs-tools/root/.ssh/id_rsa.pub" ]; then
+ mkdir -p "/etc/initramfs-tools/root/.ssh"
+ dropbearkey -t rsa -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear
+ /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/initramfs-tools/root/.ssh/id_rsa.dropbear /etc/initramfs-tools/root/.ssh/id_rsa
+ dropbearkey -y -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear | grep "^ssh-rsa " > /etc/initramfs-tools/root/.ssh/id_rsa.pub
+ fi
+ mkdir -p "${DESTDIR}/root/.ssh"
+ cp /etc/initramfs-tools/root/.ssh/id_rsa.pub "${DESTDIR}/root/.ssh/authorized_keys"
+ fi
+fi
+
diff -pruN dropbear-0.50.orig/debian/initramfs/dropbear-script dropbear-0.50/debian/initramfs/dropbear-script
--- dropbear-0.50.orig/debian/initramfs/dropbear-script 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.50/debian/initramfs/dropbear-script 2008-02-16 15:06:43.000000000 +0100
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+PREREQ="udev"
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case $1 in
+ # get pre-requisites
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+
+[ -x /sbin/dropbear ] || exit 0
+
+log_begin_msg "Starting dropbear"
+
+. /conf/initramfs.conf
+
+for x in $(cat /proc/cmdline); do
+ case $x in
+ ip=*)
+ IPOPTS="${x#ip=}"
+ ;;
+ esac
+done
+
+configure_networking
+
+/sbin/dropbear
+
diff -pruN dropbear-0.50.orig/debian/rules dropbear-0.50/debian/rules
--- dropbear-0.50.orig/debian/rules 2008-02-16 14:46:13.000000000 +0100
+++ dropbear-0.50/debian/rules 2008-02-16 14:48:00.000000000 +0100
@@ -91,6 +91,12 @@ install: deb-checkdir deb-checkuid build
# copyright, changelog
cat debian/copyright.in LICENSE >debian/copyright
test -r changelog || ln -s CHANGES changelog
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/hooks
+ install -m0755 debian/initramfs/dropbear-hook '$(DIR)'/usr/share/initramfs-tools/hooks/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount
+ install -m0755 debian/initramfs/dropbear-script '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d
+ install -m0644 debian/initramfs/dropbear-conf '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear
binary-indep:
