hi! i've updated the patch to 0.51-1. also when using the patch with a current lenny, i found out that at some time after etch the bsd/legacy ptys were removed from the kernel config. so i added mounting devpts (if available) to the initramfs. i also added: - killing the dropbear parent process in init-bottom, so the ssh daemon can start as configured in the normal init. - calling update-initramfs after installation if dropbear in initramfs is enabled - a reminder for ip= kernel parameter after installation - to dropbearkey-manpage: -y option, maybe that would be good to go upstream? :)
Chris
diff -pruN dropbear-0.51.orig/debian/control dropbear-0.51/debian/control --- dropbear-0.51.orig/debian/control 2008-03-27 14:17:14.000000000 +0100 +++ dropbear-0.51/debian/control 2008-04-15 17:58:15.000000000 +0200 @@ -8,7 +8,7 @@ Standards-Version: 3.7.3.0 Package: dropbear Architecture: any Depends: ${shlibs:Depends} -Suggests: openssh-client, runit +Suggests: openssh-client, udev, runit Description: lightweight SSH2 server and client dropbear is a SSH 2 server and client designed to be small enough to be used in small memory environments, while still being functional and diff -pruN dropbear-0.51.orig/debian/dropbear.postinst dropbear-0.51/debian/dropbear.postinst --- dropbear-0.51.orig/debian/dropbear.postinst 2008-04-15 17:57:48.000000000 +0200 +++ dropbear-0.51/debian/dropbear.postinst 2008-04-15 17:58:15.000000000 +0200 @@ -77,3 +77,19 @@ update-service --check dropbear 2>/dev/n rm -rf /var/run/dropbear /var/run/dropbear.log update-service --add /etc/dropbear || : fi + +# if dropbear is to be installed to initramfs, we have to update initramfs. +. /etc/initramfs-tools/initramfs.conf +if [ -x /usr/sbin/update-initramfs ] && ( [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ) ); then + # here we could read the configured network-config, and use it for + # default values for prompting the user for the initramfs-network- + # config (subsequently writing it to menu.lst:# kopt= or lilo.conf), + # instead of just printing the reminder below. + update-initramfs -u + cat <<EOT +Dropbear has ben added to your initramfs. Don't forget to check your "ip=" +kernel bootparameter to match your desired initramfs ip configuration. + +EOT +fi + diff -pruN dropbear-0.51.orig/debian/initramfs/bottom-dropbear dropbear-0.51/debian/initramfs/bottom-dropbear --- dropbear-0.51.orig/debian/initramfs/bottom-dropbear 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-0.51/debian/initramfs/bottom-dropbear 2008-04-15 18:16:06.000000000 +0200 @@ -0,0 +1,23 @@ +#!/bin/sh + +PREREQ="" + +prereqs() { + echo "$PREREQ" +} + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +[ -r /var/run/dropbear.pid ] || exit 0 + +log_begin_msg "Stopping dropbear" + +kill `cat /var/run/dropbear.pid` + diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-conf dropbear-0.51/debian/initramfs/dropbear-conf --- dropbear-0.51.orig/debian/initramfs/dropbear-conf 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-0.51/debian/initramfs/dropbear-conf 2008-04-15 17:58:15.000000000 +0200 @@ -0,0 +1,8 @@ +# +# DROPBEAR: [ y | n ] +# +# Use dropbear if available. If not specified, dropbear will be used - if +# possible - in case of cryptroot. +# + +#DROPBEAR=y diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-hook dropbear-0.51/debian/initramfs/dropbear-hook --- dropbear-0.51.orig/debian/initramfs/dropbear-hook 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-0.51/debian/initramfs/dropbear-hook 2008-04-15 18:16:13.000000000 +0200 @@ -0,0 +1,49 @@ +#!/bin/sh + +PREREQ="" + +prereqs() { + echo "$PREREQ" +} + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. "${CONFDIR}/initramfs.conf" +. /usr/share/initramfs-tools/hook-functions + +# Install dropbear if explicitly enabled, or in case of a cryptroot setup if not explicitly disabled +if [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ); then + if [ ! -x "/usr/sbin/dropbear" ]; then + if [ "${DROPBEAR}" = "y" ]; then + echo "dropbear: FAILURE: Dropbear not found!" + else + echo "dropbear: WARNING: Dropbear not found, remote unlocking of cryptroot via ssh won't work!" + fi + else + rm -f "${DESTDIR}/sbin/dropbear" + copy_exec "/usr/sbin/dropbear" "/sbin/" + cp /lib/libnss_* "${DESTDIR}/lib/" + echo "root:x:0:0:root:/root:/bin/sh" > "${DESTDIR}/etc/passwd" + for keytype in "dss" "rsa"; do + if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then + mkdir -p "/etc/initramfs-tools/etc/dropbear" + dropbearkey -t "${keytype}" -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" + fi + done + cp -R /etc/initramfs-tools/etc/dropbear "${DESTDIR}/etc/" + if [ ! -f "/etc/initramfs-tools/root/.ssh/id_rsa.pub" ]; then + mkdir -p "/etc/initramfs-tools/root/.ssh" + dropbearkey -t rsa -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear + /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/initramfs-tools/root/.ssh/id_rsa.dropbear /etc/initramfs-tools/root/.ssh/id_rsa + dropbearkey -y -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear | grep "^ssh-rsa " > /etc/initramfs-tools/root/.ssh/id_rsa.pub + fi + mkdir -p "${DESTDIR}/root/.ssh" + cp /etc/initramfs-tools/root/.ssh/id_rsa.pub "${DESTDIR}/root/.ssh/authorized_keys" + fi +fi + diff -pruN dropbear-0.51.orig/debian/initramfs/premount-devpts dropbear-0.51/debian/initramfs/premount-devpts --- dropbear-0.51.orig/debian/initramfs/premount-devpts 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-0.51/debian/initramfs/premount-devpts 2008-04-15 18:16:19.000000000 +0200 @@ -0,0 +1,24 @@ +#!/bin/sh + +PREREQ="udev" + +prereqs() { + echo "$PREREQ" +} + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +grep -E "[[:space:]]+devpts$" /proc/filesystems >/dev/null 2>&1 || exit 0 + +log_begin_msg "Mounting devpts" + +mkdir -p /dev/pts +mount -t devpts none /dev/pts + diff -pruN dropbear-0.51.orig/debian/initramfs/premount-dropbear dropbear-0.51/debian/initramfs/premount-dropbear --- dropbear-0.51.orig/debian/initramfs/premount-dropbear 1970-01-01 01:00:00.000000000 +0100 +++ dropbear-0.51/debian/initramfs/premount-dropbear 2008-04-15 18:16:27.000000000 +0200 @@ -0,0 +1,36 @@ +#!/bin/sh + +PREREQ="udev devpts" + +prereqs() { + echo "$PREREQ" +} + +case "$1" in + prereqs) + prereqs + exit 0 + ;; +esac + +. /scripts/functions + +[ -x /sbin/dropbear ] || exit 0 + +log_begin_msg "Starting dropbear" + +. /conf/initramfs.conf + +for x in $(cat /proc/cmdline); do + case "$x" in + ip=*) + IPOPTS="${x#ip=}" + ;; + esac +done + +configure_networking + +mkdir -p /var/run +/sbin/dropbear + diff -pruN dropbear-0.51.orig/debian/rules dropbear-0.51/debian/rules --- dropbear-0.51.orig/debian/rules 2008-03-27 14:17:14.000000000 +0100 +++ dropbear-0.51/debian/rules 2008-04-15 17:58:15.000000000 +0200 @@ -89,6 +89,15 @@ install: deb-checkdir deb-checkuid build # copyright, changelog cat debian/copyright.in LICENSE >debian/copyright test -r changelog || ln -s CHANGES changelog + install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/hooks + install -m0755 debian/initramfs/dropbear-hook '$(DIR)'/usr/share/initramfs-tools/hooks/dropbear + install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount + install -m0755 debian/initramfs/premount-devpts '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/devpts + install -m0755 debian/initramfs/premount-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear + install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom + install -m0755 debian/initramfs/bottom-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom/dropbear + install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d + install -m0644 debian/initramfs/dropbear-conf '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear binary-indep: diff -pruN dropbear-0.51.orig/dropbearkey.8 dropbear-0.51/dropbearkey.8 --- dropbear-0.51.orig/dropbearkey.8 2008-03-27 14:17:14.000000000 +0100 +++ dropbear-0.51/dropbearkey.8 2008-04-15 18:31:50.000000000 +0200 @@ -9,6 +9,7 @@ dropbearkey \- create private keys for t .I file [\-s .IR bits ] +[\-y] .SH DESCRIPTION .B dropbearkey generates a type @@ -35,8 +36,16 @@ Write the secret key to the file Set the key size to .I bits bits, should be multiple of 8 (optional). +.TP +.B \-y +Just print the publickey and fingerprint for the private key in +.IR file . .SH EXAMPLE +generate a host-key: # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key + +extract a public key suitable for authorized_keys from private key: + # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys .SH AUTHOR Matt Johnston ([EMAIL PROTECTED]). .br