From 7736539aa1cef633ab56aeba378c9257e8aa421e Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 3 Apr 2013 23:20:42 -0700 Subject: [PATCH] sys-kernel/dracut: Updated crypt-ssh patch --- sys-kernel/dracut/files/027-crypt-ssh.patch | 41 +++++++++++++-------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/sys-kernel/dracut/files/027-crypt-ssh.patch b/sys-kernel/dracut/files/027-crypt-ssh.patch index 62de3af..b4f0317 100644 --- a/sys-kernel/dracut/files/027-crypt-ssh.patch +++ b/sys-kernel/dracut/files/027-crypt-ssh.patch @@ -1,14 +1,14 @@ -commit 435277eac4489ef0fe1aa33591ae4aa27520ab63 +commit 2a662251cf8d8163d5fbd42cd4c08329d58f2486 Author: Stefan Reimer -Date: Sat Mar 30 13:02:51 2013 -0700 +Date: Wed Apr 3 23:18:19 2013 -0700 - Add initial version of crypt-ssh + Initial version of the crypt-ssh module diff --git a/modules.d/90crypt/cryptroot-ask.sh b/modules.d/90crypt/cryptroot-ask.sh -index 9665e48..026b127 100755 +index 9665e48..2d81684 100755 --- a/modules.d/90crypt/cryptroot-ask.sh +++ b/modules.d/90crypt/cryptroot-ask.sh -@@ -146,11 +146,16 @@ fi +@@ -146,12 +146,26 @@ fi if [ $ask_passphrase -ne 0 ]; then luks_open="$(command -v cryptsetup) $cryptsetupopts luksOpen" @@ -17,25 +17,36 @@ index 9665e48..026b127 100755 - --ply-prompt "Password ($device)" \ - --tty-tries 1 \ - --tty-cmd "$luks_open -T5 $device $luksname" +- unset luks_open ++ port=22001 + -+ if getarg 1 rc.luks.ssh; then ++ if getargbool 0 rd.luks.ssh; then ++ # Setup authorized_key file ++ echo -n "command=\"$luks_open -T5 $device $luksname && rm -f /root/.ssh/key.pub \" " > /root/.ssh/authorized_keys ++ cat /root/.ssh/key.pub >> /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys ++ echo "Starting SSH server on port $port" ++ /usr/sbin/dropbear -p $port -m -j -k -s ++ while [ -f /root/.ssh/key.pub ]; do ++ sleep 1 ++ done ++ kill $(cat /var/run/dropbear.pid) ++ else + ask_for_password --ply-tries 5 \ + --ply-cmd "$luks_open -T1 $device $luksname" \ + --ply-prompt "Password ($device)" \ + --tty-tries 1 \ + --tty-cmd "$luks_open -T5 $device $luksname" -+ else -+ /usr/sbin/dropbear -p 22001 -F -m -j -k -s + fi - unset luks_open ++ unset luks_open port fi + unset device luksname luksfile diff --git a/modules.d/92crypt-ssh/module-setup.sh b/modules.d/92crypt-ssh/module-setup.sh new file mode 100644 -index 0000000..d5e1342 +index 0000000..ac0785b --- /dev/null +++ b/modules.d/92crypt-ssh/module-setup.sh -@@ -0,0 +1,26 @@ +@@ -0,0 +1,27 @@ +#!/bin/bash +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- +# ex: ts=8 sw=4 sts=4 et filetype=sh @@ -58,8 +69,8 @@ index 0000000..d5e1342 + [ -r /etc/dropbear/dropbear_dss_host_key ] || /usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key > /dev/null + [ -r /etc/dropbear/dropbear_rsa_host_key ] || /usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key > /dev/null + -+ inst /usr/sbin/dropbear "/usr/sbin/dropbear" -+ inst /etc/dropbear/dropbear_dss_host_key "/etc/dropbear/dropbear_dss_host_key" -+ inst /etc/dropbear/dropbear_rsa_host_key "/etc/dropbear/dropbear_rsa_host_key" -+ [ -r /root/.ssh/authorized_keys ] && inst /root/.ssh/authorized_keys "/etc/dropbear/authorized_keys" ++ inst /usr/sbin/dropbear ++ inst /etc/dropbear/dropbear_dss_host_key ++ inst /etc/dropbear/dropbear_rsa_host_key ++ [ -r /root/.ssh/authorized_keys ] && inst /root/.ssh/authorized_keys /root/.ssh/key.pub +}