diff options
-rw-r--r-- | system/early-ssh/README | 11 | ||||
-rw-r--r-- | system/early-ssh/README.Slackware | 18 | ||||
-rw-r--r-- | system/early-ssh/early-ssh.SlackBuild | 72 | ||||
-rw-r--r-- | system/early-ssh/early-ssh.info | 10 | ||||
-rw-r--r-- | system/early-ssh/slack-desc | 19 | ||||
-rw-r--r-- | system/early-ssh/slack.diff | 98 |
6 files changed, 228 insertions, 0 deletions
diff --git a/system/early-ssh/README b/system/early-ssh/README new file mode 100644 index 0000000000..e4d729bd74 --- /dev/null +++ b/system/early-ssh/README @@ -0,0 +1,11 @@ +early-ssh is a simple initramfs hook, which installs Dropbear SSH server +into your initramfs, and starts it at boottime, so you will be able to +do a lot of things remotely over SSH, before your root partition gets +mounted, for example: + +* unlocking LUKS encrypted crypto devices - even your root can be an + encrypted filesystem +* assembling/altering RAID arrays (mdadm) +* checking the root filesystem in read-write mode, taking action in case + of errors +* and so on... diff --git a/system/early-ssh/README.Slackware b/system/early-ssh/README.Slackware new file mode 100644 index 0000000000..b003dd9efc --- /dev/null +++ b/system/early-ssh/README.Slackware @@ -0,0 +1,18 @@ +You will need to adjust how you generate your initrd to include +early-ssh and to start it at the correct time. + +Example for LUKS + LVM as described in README_CRYPT.TXT: + +mkinitrd -c -k "$kernel" -f ext4 -r /dev/disk/by-uuid/<some uuid> \ + -m ext4:<more modules> -u -L -o /boot/initrd-"$kernel".gz \ + -C /dev/disk/by-uuid/<some other uuid> + -s /tmp/initrd-tree-"$kernel" + +# clear the luksdev so init does not try to unlock it itself +true > /tmp/initrd-tree-"$kernel"/luksdev +DESTDIR=/tmp/initrd-tree-"$kernel" /usr/share/mkinitrd/hooks/early_ssh +sed -i '/^[[:space:]]*if \[ -x \/sbin\/cryptsetup \]/i \ + \/early_ssh' /tmp/initrd-tree-"$kernel"/init + +mkinitrd -k "$kernel" -f ext4 -r /dev/disk/by-uuid/<some uuid> -u -L \ + -o /boot/initrd-"$kernel".gz -s /tmp/initrd-tree-"$kernel" diff --git a/system/early-ssh/early-ssh.SlackBuild b/system/early-ssh/early-ssh.SlackBuild new file mode 100644 index 0000000000..70cc852bef --- /dev/null +++ b/system/early-ssh/early-ssh.SlackBuild @@ -0,0 +1,72 @@ +#!/bin/sh + +# Slackware build script for early-ssh + +# Copyright 2016-2018 Andrew Clemons, Wellington New Zealand +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=early-ssh +GITREV=${GITREV:-4acf000ddbe564dcafec626ec0dc7eadd821a857} +VERSION=${VERSION:-git$(echo "$GITREV" | sed 's/^\(.\{7\}\).*$/\1/')} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +ARCH=noarch + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$GITREV +tar xvf $CWD/$PRGNAM-$GITREV.tar.gz +cd $PRGNAM-$GITREV +patch -p1 < $CWD/slack.diff +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +mkdir -p $PKG/etc/early-ssh +install -m644 src/etc/early-ssh/early-ssh.conf.dist $PKG/etc/early-ssh + +mkdir -p $PKG/usr/share/mkinitrd/hooks +mkdir -p $PKG/usr/share/mkinitrd/scripts +install -m755 src/usr/share/initramfs-tools/hooks/early_ssh $PKG/usr/share/mkinitrd/hooks +install -m755 src/usr/share/initramfs-tools/scripts/local-top/early_ssh $PKG/usr/share/mkinitrd/scripts + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + README.md changelog \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/early-ssh/early-ssh.info b/system/early-ssh/early-ssh.info new file mode 100644 index 0000000000..9ddcea7867 --- /dev/null +++ b/system/early-ssh/early-ssh.info @@ -0,0 +1,10 @@ +PRGNAM="early-ssh" +VERSION="git4acf000" +HOMEPAGE="http://dev.kakaopor.hu/early-ssh/" +DOWNLOAD="https://github.com/gheja/early-ssh/archive/4acf000ddbe564dcafec626ec0dc7eadd821a857/early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.tar.gz" +MD5SUM="a7b27f5f6b28ea7ce76fdcae249b8225" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="dropbear" +MAINTAINER="Andrew Clemons" +EMAIL="andrew.clemons@gmail.com" diff --git a/system/early-ssh/slack-desc b/system/early-ssh/slack-desc new file mode 100644 index 0000000000..79f73599c1 --- /dev/null +++ b/system/early-ssh/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +early-ssh: early-ssh (gives you an SSH server during boot of your Linux system) +early-ssh: +early-ssh: early-ssh gives you an SSH server during the boot of your Linux +early-ssh: system. It starts before the root filesystem is mounted so you can +early-ssh: unlock your encrypted root filesystem interactively, you don't have +early-ssh: to be at the console of your server. You can also scp files to your +early-ssh: server so you can even start your key-encrypted system. +early-ssh: +early-ssh: +early-ssh: http://dev.kakaopor.hu/early-ssh/ +early-ssh: diff --git a/system/early-ssh/slack.diff b/system/early-ssh/slack.diff new file mode 100644 index 0000000000..b0de9a3372 --- /dev/null +++ b/system/early-ssh/slack.diff @@ -0,0 +1,98 @@ +diff -Naur early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/hooks/early_ssh early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/hooks/early_ssh +--- early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/hooks/early_ssh 2014-03-31 11:35:22.000000000 +1300 ++++ early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/hooks/early_ssh 2018-01-26 15:03:47.520179718 +1300 +@@ -1,5 +1,9 @@ + #!/bin/bash + ++# Adjusted for slackware's initrd ++# Andrew Clemons ++# August 2016 ++ + PREREQ="" + prereqs() + { +@@ -13,58 +17,46 @@ + ;; + esac + +-# load initramfs' hook functions +-source /usr/share/initramfs-tools/hook-functions ++if [ -z "$DESTDIR" ] ; then ++ echo "Missing destination directory. Use DESTDIR= to pass the destination directory." ++ exit 1 ++fi + + # create the needed directories + for i in /etc/dropbear /etc/early-ssh /root /root/.ssh /sbin /bin /usr/bin /var /var/log; do + [ ! -e "${DESTDIR}${i}" ] && mkdir -p "${DESTDIR}${i}" + done + ++if [ ! -e "${DESTDIR}/tmp" ] ; then ++ mkdir "${DESTDIR}/tmp" ++ chmod 1777 "${DESTDIR}/tmp" ++fi ++ + # copy the needed executables +-copy_exec /usr/sbin/dropbear sbin/ +-copy_exec /sbin/ifconfig sbin/ +-copy_exec /sbin/route sbin/ +-[ -f /usr/bin/scp ] && copy_exec /usr/bin/scp bin/ ++cp -a /usr/bin/dropbearmulti $DESTDIR/sbin/dropbear ++cp -a /usr/share/mkinitrd/scripts/early_ssh $DESTDIR/ + + # copy the configs + cp -rp /etc/dropbear/dropbear_dss_host_key $DESTDIR/etc/dropbear/ + cp -rp /etc/dropbear/dropbear_rsa_host_key $DESTDIR/etc/dropbear/ ++cp -rp /etc/dropbear/dropbear_ecdsa_host_key $DESTDIR/etc/dropbear/ + cp -rp /etc/localtime $DESTDIR/etc/ + [ -f /root/.ssh/authorized_keys ] && cp -rp /root/.ssh/authorized_keys $DESTDIR/root/.ssh/authorized_keys + cp -rp /etc/login.defs $DESTDIR/etc/ + cp -rp /etc/early-ssh/early-ssh.conf $DESTDIR/etc/early-ssh/ + +-ls -1 /lib/libnss_files* 2>/dev/null >/dev/null +-if [ $? == 0 ]; then +- cp -rp /lib/libnss_files* $DESTDIR/lib/ +-else +- cp -rp `dpkg -L libc6 | grep '/libnss_files' | tr '\n' ' '` $DESTDIR/lib/ +-fi +- +-ln -s /usr/lib/libz.so.1 $DESTDIR/usr/libz.so.1 +- +-echo "passwd: files +-group: files +-shadow: files +-" > $DESTDIR/etc/nsswitch.conf +- + . /etc/early-ssh/early-ssh.conf + + if [ "$PASSWD_OVERRIDE" != "" ]; then + cat $PASSWD_OVERRIDE >> $DESTDIR/etc/passwd +-else +- cat /etc/passwd | grep -E '^root:' | sed -e 's/:\/bin\/bash/:\/bin\/sh/' >> $DESTDIR/etc/passwd + fi + + if [ "$SHADOW_OVERRIDE" != "" ]; then + cat $SHADOW_OVERRIDE >> $DESTDIR/etc/shadow +-else +- cat /etc/shadow | grep -E '^root:' >> $DESTDIR/etc/shadow + fi + + if [ "$GROUP_OVERRIDE" != "" ]; then + cat $GROUP_OVERRIDE >> $DESTDIR/etc/group +-else +- cat /etc/group | grep -E '^root:' >> $DESTDIR/etc/group + fi ++ ++sed -i 's#/bin/bash#/bin/sh#g' $DESTDIR/etc/passwd +diff -Naur early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/scripts/local-top/early_ssh early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/scripts/local-top/early_ssh +--- early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/scripts/local-top/early_ssh 2014-03-31 11:35:22.000000000 +1300 ++++ early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/scripts/local-top/early_ssh 2018-01-26 14:27:42.613242124 +1300 +@@ -93,7 +93,7 @@ + ln -s /dev/urandom /dev/random + + # start the dropbear in the background +-/sbin/dropbear -d /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -E -F -p $PORT & ++/sbin/dropbear -F -p $PORT & + dropbear_pid=$! + + # give a notice to the user he/she can log in over SSH now |