hi!

i've updated the patch to 0.51-1.
also when using the patch with a current lenny, i found out that at some time 
after etch the bsd/legacy ptys were removed from the kernel config. so i added 
mounting devpts (if available) to the initramfs.
i also added:
- killing the dropbear parent process in init-bottom, so the ssh daemon can 
start as configured in the normal init.
- calling update-initramfs after installation if dropbear in initramfs is 
enabled
- a reminder for ip= kernel parameter after installation
- to dropbearkey-manpage: -y option, maybe that would be good to go upstream? :)

        Chris
diff -pruN dropbear-0.51.orig/debian/control dropbear-0.51/debian/control
--- dropbear-0.51.orig/debian/control	2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/debian/control	2008-04-15 17:58:15.000000000 +0200
@@ -8,7 +8,7 @@ Standards-Version: 3.7.3.0
 Package: dropbear
 Architecture: any
 Depends: ${shlibs:Depends}
-Suggests: openssh-client, runit
+Suggests: openssh-client, udev, runit
 Description: lightweight SSH2 server and client
  dropbear is a SSH 2 server and client designed to be small enough to
  be used in small memory environments, while still being functional and
diff -pruN dropbear-0.51.orig/debian/dropbear.postinst dropbear-0.51/debian/dropbear.postinst
--- dropbear-0.51.orig/debian/dropbear.postinst	2008-04-15 17:57:48.000000000 +0200
+++ dropbear-0.51/debian/dropbear.postinst	2008-04-15 17:58:15.000000000 +0200
@@ -77,3 +77,19 @@ update-service --check dropbear 2>/dev/n
   rm -rf /var/run/dropbear /var/run/dropbear.log
   update-service --add /etc/dropbear || :
 fi
+
+# if dropbear is to be installed to initramfs, we have to update initramfs.
+. /etc/initramfs-tools/initramfs.conf
+if [ -x /usr/sbin/update-initramfs ] && ( [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ) ); then
+	# here we could read the configured network-config, and use it for
+	# default values for prompting the user for the initramfs-network-
+	# config (subsequently writing it to menu.lst:# kopt= or lilo.conf),
+	# instead of just printing the reminder below.
+	update-initramfs -u
+	cat <<EOT
+Dropbear has ben added to your initramfs. Don't forget to check your "ip="
+kernel bootparameter to match your desired initramfs ip configuration.
+
+EOT
+fi
+
diff -pruN dropbear-0.51.orig/debian/initramfs/bottom-dropbear dropbear-0.51/debian/initramfs/bottom-dropbear
--- dropbear-0.51.orig/debian/initramfs/bottom-dropbear	1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/bottom-dropbear	2008-04-15 18:16:06.000000000 +0200
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+	echo "$PREREQ"
+}
+
+case "$1" in
+	prereqs)
+		prereqs
+		exit 0
+	;;
+esac
+
+. /scripts/functions
+
+[ -r /var/run/dropbear.pid ] || exit 0
+
+log_begin_msg "Stopping dropbear"
+
+kill `cat /var/run/dropbear.pid`
+
diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-conf dropbear-0.51/debian/initramfs/dropbear-conf
--- dropbear-0.51.orig/debian/initramfs/dropbear-conf	1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/dropbear-conf	2008-04-15 17:58:15.000000000 +0200
@@ -0,0 +1,8 @@
+#
+# DROPBEAR: [ y | n ]
+#
+# Use dropbear if available. If not specified, dropbear will be used - if
+# possible - in case of cryptroot.
+#
+
+#DROPBEAR=y
diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-hook dropbear-0.51/debian/initramfs/dropbear-hook
--- dropbear-0.51.orig/debian/initramfs/dropbear-hook	1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/dropbear-hook	2008-04-15 18:16:13.000000000 +0200
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+	echo "$PREREQ"
+}
+
+case "$1" in
+	prereqs)
+		prereqs
+		exit 0
+	;;
+esac
+
+. "${CONFDIR}/initramfs.conf"
+. /usr/share/initramfs-tools/hook-functions
+
+# Install dropbear if explicitly enabled, or in case of a cryptroot setup if not explicitly disabled
+if [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ); then
+	if [ ! -x "/usr/sbin/dropbear" ]; then
+		if [ "${DROPBEAR}" = "y" ]; then
+			echo "dropbear: FAILURE: Dropbear not found!"
+		else
+			echo "dropbear: WARNING: Dropbear not found, remote unlocking of cryptroot via ssh won't work!"
+		fi
+	else
+		rm -f "${DESTDIR}/sbin/dropbear"
+		copy_exec "/usr/sbin/dropbear" "/sbin/"
+		cp /lib/libnss_* "${DESTDIR}/lib/"
+		echo "root:x:0:0:root:/root:/bin/sh" > "${DESTDIR}/etc/passwd"
+		for keytype in "dss" "rsa"; do
+			if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then
+				mkdir -p "/etc/initramfs-tools/etc/dropbear"
+				dropbearkey -t "${keytype}" -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key"
+			fi
+		done
+		cp -R /etc/initramfs-tools/etc/dropbear "${DESTDIR}/etc/"
+		if [ ! -f "/etc/initramfs-tools/root/.ssh/id_rsa.pub" ]; then
+			mkdir -p "/etc/initramfs-tools/root/.ssh"
+			dropbearkey -t rsa -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear
+			/usr/lib/dropbear/dropbearconvert dropbear openssh /etc/initramfs-tools/root/.ssh/id_rsa.dropbear /etc/initramfs-tools/root/.ssh/id_rsa
+			dropbearkey -y -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear | grep "^ssh-rsa " > /etc/initramfs-tools/root/.ssh/id_rsa.pub
+		fi
+		mkdir -p "${DESTDIR}/root/.ssh"
+		cp /etc/initramfs-tools/root/.ssh/id_rsa.pub "${DESTDIR}/root/.ssh/authorized_keys"
+	fi
+fi
+
diff -pruN dropbear-0.51.orig/debian/initramfs/premount-devpts dropbear-0.51/debian/initramfs/premount-devpts
--- dropbear-0.51.orig/debian/initramfs/premount-devpts	1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/premount-devpts	2008-04-15 18:16:19.000000000 +0200
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+PREREQ="udev"
+
+prereqs() {
+	echo "$PREREQ"
+}
+
+case "$1" in
+	prereqs)
+		prereqs
+		exit 0
+	;;
+esac
+
+. /scripts/functions
+
+grep -E "[[:space:]]+devpts$" /proc/filesystems >/dev/null 2>&1 || exit 0
+
+log_begin_msg "Mounting devpts"
+
+mkdir -p /dev/pts
+mount -t devpts none /dev/pts
+
diff -pruN dropbear-0.51.orig/debian/initramfs/premount-dropbear dropbear-0.51/debian/initramfs/premount-dropbear
--- dropbear-0.51.orig/debian/initramfs/premount-dropbear	1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/premount-dropbear	2008-04-15 18:16:27.000000000 +0200
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+PREREQ="udev devpts"
+
+prereqs() {
+	echo "$PREREQ"
+}
+
+case "$1" in
+	prereqs)
+		prereqs
+		exit 0
+	;;
+esac
+
+. /scripts/functions
+
+[ -x /sbin/dropbear ] || exit 0
+
+log_begin_msg "Starting dropbear"
+
+. /conf/initramfs.conf
+
+for x in $(cat /proc/cmdline); do
+	case "$x" in
+		ip=*)
+			IPOPTS="${x#ip=}"
+			;;
+	esac
+done
+
+configure_networking
+
+mkdir -p /var/run
+/sbin/dropbear
+
diff -pruN dropbear-0.51.orig/debian/rules dropbear-0.51/debian/rules
--- dropbear-0.51.orig/debian/rules	2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/debian/rules	2008-04-15 17:58:15.000000000 +0200
@@ -89,6 +89,15 @@ install: deb-checkdir deb-checkuid build
 	# copyright, changelog
 	cat debian/copyright.in LICENSE >debian/copyright
 	test -r changelog || ln -s CHANGES changelog
+	install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/hooks
+	install -m0755 debian/initramfs/dropbear-hook '$(DIR)'/usr/share/initramfs-tools/hooks/dropbear
+	install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount
+	install -m0755 debian/initramfs/premount-devpts '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/devpts
+	install -m0755 debian/initramfs/premount-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear
+	install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom
+	install -m0755 debian/initramfs/bottom-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom/dropbear
+	install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d
+	install -m0644 debian/initramfs/dropbear-conf '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear
 
 binary-indep:
 
diff -pruN dropbear-0.51.orig/dropbearkey.8 dropbear-0.51/dropbearkey.8
--- dropbear-0.51.orig/dropbearkey.8	2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/dropbearkey.8	2008-04-15 18:31:50.000000000 +0200
@@ -9,6 +9,7 @@ dropbearkey \- create private keys for t
 .I file
 [\-s
 .IR bits ]
+[\-y]
 .SH DESCRIPTION
 .B dropbearkey
 generates a type
@@ -35,8 +36,16 @@ Write the secret key to the file
 Set the key size to
 .I bits
 bits, should be multiple of 8 (optional).
+.TP
+.B \-y
+Just print the publickey and fingerprint for the private key in 
+.IR file .
 .SH EXAMPLE
+generate a host-key:
  # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+
+extract a public key suitable for authorized_keys from private key:
+ # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys
 .SH AUTHOR
 Matt Johnston ([EMAIL PROTECTED]).
 .br

Reply via email to