hi!
i've updated the patch to 0.51-1.
also when using the patch with a current lenny, i found out that at some time
after etch the bsd/legacy ptys were removed from the kernel config. so i added
mounting devpts (if available) to the initramfs.
i also added:
- killing the dropbear parent process in init-bottom, so the ssh daemon can
start as configured in the normal init.
- calling update-initramfs after installation if dropbear in initramfs is
enabled
- a reminder for ip= kernel parameter after installation
- to dropbearkey-manpage: -y option, maybe that would be good to go upstream? :)
Chris
diff -pruN dropbear-0.51.orig/debian/control dropbear-0.51/debian/control
--- dropbear-0.51.orig/debian/control 2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/debian/control 2008-04-15 17:58:15.000000000 +0200
@@ -8,7 +8,7 @@ Standards-Version: 3.7.3.0
Package: dropbear
Architecture: any
Depends: ${shlibs:Depends}
-Suggests: openssh-client, runit
+Suggests: openssh-client, udev, runit
Description: lightweight SSH2 server and client
dropbear is a SSH 2 server and client designed to be small enough to
be used in small memory environments, while still being functional and
diff -pruN dropbear-0.51.orig/debian/dropbear.postinst dropbear-0.51/debian/dropbear.postinst
--- dropbear-0.51.orig/debian/dropbear.postinst 2008-04-15 17:57:48.000000000 +0200
+++ dropbear-0.51/debian/dropbear.postinst 2008-04-15 17:58:15.000000000 +0200
@@ -77,3 +77,19 @@ update-service --check dropbear 2>/dev/n
rm -rf /var/run/dropbear /var/run/dropbear.log
update-service --add /etc/dropbear || :
fi
+
+# if dropbear is to be installed to initramfs, we have to update initramfs.
+. /etc/initramfs-tools/initramfs.conf
+if [ -x /usr/sbin/update-initramfs ] && ( [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ) ); then
+ # here we could read the configured network-config, and use it for
+ # default values for prompting the user for the initramfs-network-
+ # config (subsequently writing it to menu.lst:# kopt= or lilo.conf),
+ # instead of just printing the reminder below.
+ update-initramfs -u
+ cat <<EOT
+Dropbear has ben added to your initramfs. Don't forget to check your "ip="
+kernel bootparameter to match your desired initramfs ip configuration.
+
+EOT
+fi
+
diff -pruN dropbear-0.51.orig/debian/initramfs/bottom-dropbear dropbear-0.51/debian/initramfs/bottom-dropbear
--- dropbear-0.51.orig/debian/initramfs/bottom-dropbear 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/bottom-dropbear 2008-04-15 18:16:06.000000000 +0200
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+
+[ -r /var/run/dropbear.pid ] || exit 0
+
+log_begin_msg "Stopping dropbear"
+
+kill `cat /var/run/dropbear.pid`
+
diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-conf dropbear-0.51/debian/initramfs/dropbear-conf
--- dropbear-0.51.orig/debian/initramfs/dropbear-conf 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/dropbear-conf 2008-04-15 17:58:15.000000000 +0200
@@ -0,0 +1,8 @@
+#
+# DROPBEAR: [ y | n ]
+#
+# Use dropbear if available. If not specified, dropbear will be used - if
+# possible - in case of cryptroot.
+#
+
+#DROPBEAR=y
diff -pruN dropbear-0.51.orig/debian/initramfs/dropbear-hook dropbear-0.51/debian/initramfs/dropbear-hook
--- dropbear-0.51.orig/debian/initramfs/dropbear-hook 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/dropbear-hook 2008-04-15 18:16:13.000000000 +0200
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+PREREQ=""
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. "${CONFDIR}/initramfs.conf"
+. /usr/share/initramfs-tools/hook-functions
+
+# Install dropbear if explicitly enabled, or in case of a cryptroot setup if not explicitly disabled
+if [ "${DROPBEAR}" = "y" ] || ( [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ); then
+ if [ ! -x "/usr/sbin/dropbear" ]; then
+ if [ "${DROPBEAR}" = "y" ]; then
+ echo "dropbear: FAILURE: Dropbear not found!"
+ else
+ echo "dropbear: WARNING: Dropbear not found, remote unlocking of cryptroot via ssh won't work!"
+ fi
+ else
+ rm -f "${DESTDIR}/sbin/dropbear"
+ copy_exec "/usr/sbin/dropbear" "/sbin/"
+ cp /lib/libnss_* "${DESTDIR}/lib/"
+ echo "root:x:0:0:root:/root:/bin/sh" > "${DESTDIR}/etc/passwd"
+ for keytype in "dss" "rsa"; do
+ if [ ! -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key" ]; then
+ mkdir -p "/etc/initramfs-tools/etc/dropbear"
+ dropbearkey -t "${keytype}" -f "/etc/initramfs-tools/etc/dropbear/dropbear_${keytype}_host_key"
+ fi
+ done
+ cp -R /etc/initramfs-tools/etc/dropbear "${DESTDIR}/etc/"
+ if [ ! -f "/etc/initramfs-tools/root/.ssh/id_rsa.pub" ]; then
+ mkdir -p "/etc/initramfs-tools/root/.ssh"
+ dropbearkey -t rsa -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear
+ /usr/lib/dropbear/dropbearconvert dropbear openssh /etc/initramfs-tools/root/.ssh/id_rsa.dropbear /etc/initramfs-tools/root/.ssh/id_rsa
+ dropbearkey -y -f /etc/initramfs-tools/root/.ssh/id_rsa.dropbear | grep "^ssh-rsa " > /etc/initramfs-tools/root/.ssh/id_rsa.pub
+ fi
+ mkdir -p "${DESTDIR}/root/.ssh"
+ cp /etc/initramfs-tools/root/.ssh/id_rsa.pub "${DESTDIR}/root/.ssh/authorized_keys"
+ fi
+fi
+
diff -pruN dropbear-0.51.orig/debian/initramfs/premount-devpts dropbear-0.51/debian/initramfs/premount-devpts
--- dropbear-0.51.orig/debian/initramfs/premount-devpts 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/premount-devpts 2008-04-15 18:16:19.000000000 +0200
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+PREREQ="udev"
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+
+grep -E "[[:space:]]+devpts$" /proc/filesystems >/dev/null 2>&1 || exit 0
+
+log_begin_msg "Mounting devpts"
+
+mkdir -p /dev/pts
+mount -t devpts none /dev/pts
+
diff -pruN dropbear-0.51.orig/debian/initramfs/premount-dropbear dropbear-0.51/debian/initramfs/premount-dropbear
--- dropbear-0.51.orig/debian/initramfs/premount-dropbear 1970-01-01 01:00:00.000000000 +0100
+++ dropbear-0.51/debian/initramfs/premount-dropbear 2008-04-15 18:16:27.000000000 +0200
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+PREREQ="udev devpts"
+
+prereqs() {
+ echo "$PREREQ"
+}
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /scripts/functions
+
+[ -x /sbin/dropbear ] || exit 0
+
+log_begin_msg "Starting dropbear"
+
+. /conf/initramfs.conf
+
+for x in $(cat /proc/cmdline); do
+ case "$x" in
+ ip=*)
+ IPOPTS="${x#ip=}"
+ ;;
+ esac
+done
+
+configure_networking
+
+mkdir -p /var/run
+/sbin/dropbear
+
diff -pruN dropbear-0.51.orig/debian/rules dropbear-0.51/debian/rules
--- dropbear-0.51.orig/debian/rules 2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/debian/rules 2008-04-15 17:58:15.000000000 +0200
@@ -89,6 +89,15 @@ install: deb-checkdir deb-checkuid build
# copyright, changelog
cat debian/copyright.in LICENSE >debian/copyright
test -r changelog || ln -s CHANGES changelog
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/hooks
+ install -m0755 debian/initramfs/dropbear-hook '$(DIR)'/usr/share/initramfs-tools/hooks/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount
+ install -m0755 debian/initramfs/premount-devpts '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/devpts
+ install -m0755 debian/initramfs/premount-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-premount/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom
+ install -m0755 debian/initramfs/bottom-dropbear '$(DIR)'/usr/share/initramfs-tools/scripts/init-bottom/dropbear
+ install -d -m0755 '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d
+ install -m0644 debian/initramfs/dropbear-conf '$(DIR)'/usr/share/initramfs-tools/conf-hooks.d/dropbear
binary-indep:
diff -pruN dropbear-0.51.orig/dropbearkey.8 dropbear-0.51/dropbearkey.8
--- dropbear-0.51.orig/dropbearkey.8 2008-03-27 14:17:14.000000000 +0100
+++ dropbear-0.51/dropbearkey.8 2008-04-15 18:31:50.000000000 +0200
@@ -9,6 +9,7 @@ dropbearkey \- create private keys for t
.I file
[\-s
.IR bits ]
+[\-y]
.SH DESCRIPTION
.B dropbearkey
generates a type
@@ -35,8 +36,16 @@ Write the secret key to the file
Set the key size to
.I bits
bits, should be multiple of 8 (optional).
+.TP
+.B \-y
+Just print the publickey and fingerprint for the private key in
+.IR file .
.SH EXAMPLE
+generate a host-key:
# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+
+extract a public key suitable for authorized_keys from private key:
+ # dropbearkey -y -f id_rsa | grep "^ssh-rsa " >> authorized_keys
.SH AUTHOR
Matt Johnston ([EMAIL PROTECTED]).
.br
