File: dropbear-initramfs.postinst

package info (click to toggle)
dropbear 2022.83-1%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 12,216 kB
  • sloc: ansic: 96,944; sh: 4,508; perl: 774; python: 739; makefile: 694; java: 177
file content (78 lines) | stat: -rw-r--r-- 2,496 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
#!/bin/sh
set -e


showpubkey() {
    local keyfile="$1" pubkey

    if ! command -v ssh-keygen >/dev/null; then
        cat
    else
        pubkey="$(mktemp --tmpdir -- "${keyfile##*/}-XXXXXXXXXX.pub")"
        grep -m1 -E '^(ssh-(rsa|ed25519)|ecdsa-sha2-nistp(256|384|521)) ' >"$pubkey"
        ssh-keygen -v -lf "$pubkey" | sed -r "1s@\\S+(\\s+\\([^)]+\\))\$@$keyfile\\1@"
        rm -f -- "$pubkey"
    fi
}

move_confdir() {
    local src="/etc/dropbear-initramfs/$1"
    local dest="/etc/dropbear/initramfs/$1"
    if [ -e "$src" ] && [ ! -e "$dest" ]; then
        mv -T -- "$src" "$dest"
    fi
}

if [ "$1" = "configure" ]; then
    # TODO remove once Bookworm is released
    if dpkg --compare-versions "$2" lt "2020.81-4~"; then
        for keytype in dss rsa ecdsa ed25519; do
            move_confdir "dropbear_${keytype}_host_key"
        done
        move_confdir "authorized_keys"
        for keytype in dsa rsa ecdsa ed25519; do
            move_confdir "id_${keytype}.pub"
        done
    fi

    havehostkey=no
    for keytype in rsa ecdsa ed25519; do
        keyfile="/etc/dropbear/initramfs/dropbear_${keytype}_host_key"
        if [ -e "$keyfile" ]; then
            havehostkey=yes
            break
        fi
    done
    if [ "$havehostkey" = "no" ]; then
        # generate host keys (excluding DSS)
        for keytype in rsa ecdsa ed25519; do
            keyfile="/etc/dropbear/initramfs/dropbear_${keytype}_host_key"
            echo "Generating Dropbear $(echo "$keytype" | tr '[a-z]' '[A-Z]') host key.  Please wait." >&2
            dropbearkey -t "$keytype" -f "$keyfile" | showpubkey "$keyfile"
        done
    fi

    # XXX here we could read the configured network-config, and use it
    # for default values for prompting the user for the
    # initramfs-network- config (subsequently writing it to menu.lst:#
    # kopt= or lilo.conf), instead of just printing the reminder below.
    update-initramfs -u
    if ! grep -Eq '^(.*\s)?ip=' /proc/cmdline; then
        cat <<-EOT
			Dropbear has been added to the initramfs. Don't forget to check
			your "ip=" kernel bootparameter to match your desired initramfs
			ip configuration.

		EOT
    fi
fi

#DEBHELPER#

# TODO remove once Bookworm is released
if [ "$1" = "configure" ] && [ -d /etc/dropbear-initramfs ] && dpkg --compare-versions "$2" lt "2020.81-4~"; then
    if ! rmdir /etc/dropbear-initramfs; then
        echo "ERROR: Couldn't remove directory /etc/dropbear-initramfs" >&2
    fi
fi
exit 0