aboutsummaryrefslogtreecommitdiff
path: root/system/early-ssh
diff options
context:
space:
mode:
authorAndrew Clemons <andrew.clemons@gmail.com>2018-01-26 23:16:40 +0000
committerDavid Spencer <idlemoor@slackbuilds.org>2018-01-26 23:16:40 +0000
commit4d70287e53c29bbc36398db59d9647d866341192 (patch)
tree2e3a652832d186275d64bb6c7e57034a91e82810 /system/early-ssh
parentd1d463e693af5d499f26f0b15d2bccfcd8c2c93d (diff)
system/early-ssh: Added (SSH server during boot).
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
Diffstat (limited to 'system/early-ssh')
-rw-r--r--system/early-ssh/README11
-rw-r--r--system/early-ssh/README.Slackware18
-rw-r--r--system/early-ssh/early-ssh.SlackBuild72
-rw-r--r--system/early-ssh/early-ssh.info10
-rw-r--r--system/early-ssh/slack-desc19
-rw-r--r--system/early-ssh/slack.diff98
6 files changed, 228 insertions, 0 deletions
diff --git a/system/early-ssh/README b/system/early-ssh/README
new file mode 100644
index 0000000000000..e4d729bd74e22
--- /dev/null
+++ b/system/early-ssh/README
@@ -0,0 +1,11 @@
+early-ssh is a simple initramfs hook, which installs Dropbear SSH server
+into your initramfs, and starts it at boottime, so you will be able to
+do a lot of things remotely over SSH, before your root partition gets
+mounted, for example:
+
+* unlocking LUKS encrypted crypto devices - even your root can be an
+ encrypted filesystem
+* assembling/altering RAID arrays (mdadm)
+* checking the root filesystem in read-write mode, taking action in case
+ of errors
+* and so on...
diff --git a/system/early-ssh/README.Slackware b/system/early-ssh/README.Slackware
new file mode 100644
index 0000000000000..b003dd9efc2b5
--- /dev/null
+++ b/system/early-ssh/README.Slackware
@@ -0,0 +1,18 @@
+You will need to adjust how you generate your initrd to include
+early-ssh and to start it at the correct time.
+
+Example for LUKS + LVM as described in README_CRYPT.TXT:
+
+mkinitrd -c -k "$kernel" -f ext4 -r /dev/disk/by-uuid/<some uuid> \
+ -m ext4:<more modules> -u -L -o /boot/initrd-"$kernel".gz \
+ -C /dev/disk/by-uuid/<some other uuid>
+ -s /tmp/initrd-tree-"$kernel"
+
+# clear the luksdev so init does not try to unlock it itself
+true > /tmp/initrd-tree-"$kernel"/luksdev
+DESTDIR=/tmp/initrd-tree-"$kernel" /usr/share/mkinitrd/hooks/early_ssh
+sed -i '/^[[:space:]]*if \[ -x \/sbin\/cryptsetup \]/i \
+ \/early_ssh' /tmp/initrd-tree-"$kernel"/init
+
+mkinitrd -k "$kernel" -f ext4 -r /dev/disk/by-uuid/<some uuid> -u -L \
+ -o /boot/initrd-"$kernel".gz -s /tmp/initrd-tree-"$kernel"
diff --git a/system/early-ssh/early-ssh.SlackBuild b/system/early-ssh/early-ssh.SlackBuild
new file mode 100644
index 0000000000000..70cc852bef850
--- /dev/null
+++ b/system/early-ssh/early-ssh.SlackBuild
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+# Slackware build script for early-ssh
+
+# Copyright 2016-2018 Andrew Clemons, Wellington New Zealand
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=early-ssh
+GITREV=${GITREV:-4acf000ddbe564dcafec626ec0dc7eadd821a857}
+VERSION=${VERSION:-git$(echo "$GITREV" | sed 's/^\(.\{7\}\).*$/\1/')}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+ARCH=noarch
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$GITREV
+tar xvf $CWD/$PRGNAM-$GITREV.tar.gz
+cd $PRGNAM-$GITREV
+patch -p1 < $CWD/slack.diff
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+mkdir -p $PKG/etc/early-ssh
+install -m644 src/etc/early-ssh/early-ssh.conf.dist $PKG/etc/early-ssh
+
+mkdir -p $PKG/usr/share/mkinitrd/hooks
+mkdir -p $PKG/usr/share/mkinitrd/scripts
+install -m755 src/usr/share/initramfs-tools/hooks/early_ssh $PKG/usr/share/mkinitrd/hooks
+install -m755 src/usr/share/initramfs-tools/scripts/local-top/early_ssh $PKG/usr/share/mkinitrd/scripts
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ README.md changelog \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/early-ssh/early-ssh.info b/system/early-ssh/early-ssh.info
new file mode 100644
index 0000000000000..9ddcea7867e59
--- /dev/null
+++ b/system/early-ssh/early-ssh.info
@@ -0,0 +1,10 @@
+PRGNAM="early-ssh"
+VERSION="git4acf000"
+HOMEPAGE="http://dev.kakaopor.hu/early-ssh/"
+DOWNLOAD="https://github.com/gheja/early-ssh/archive/4acf000ddbe564dcafec626ec0dc7eadd821a857/early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.tar.gz"
+MD5SUM="a7b27f5f6b28ea7ce76fdcae249b8225"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="dropbear"
+MAINTAINER="Andrew Clemons"
+EMAIL="andrew.clemons@gmail.com"
diff --git a/system/early-ssh/slack-desc b/system/early-ssh/slack-desc
new file mode 100644
index 0000000000000..79f73599c1d6c
--- /dev/null
+++ b/system/early-ssh/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+early-ssh: early-ssh (gives you an SSH server during boot of your Linux system)
+early-ssh:
+early-ssh: early-ssh gives you an SSH server during the boot of your Linux
+early-ssh: system. It starts before the root filesystem is mounted so you can
+early-ssh: unlock your encrypted root filesystem interactively, you don't have
+early-ssh: to be at the console of your server. You can also scp files to your
+early-ssh: server so you can even start your key-encrypted system.
+early-ssh:
+early-ssh:
+early-ssh: http://dev.kakaopor.hu/early-ssh/
+early-ssh:
diff --git a/system/early-ssh/slack.diff b/system/early-ssh/slack.diff
new file mode 100644
index 0000000000000..b0de9a33724f0
--- /dev/null
+++ b/system/early-ssh/slack.diff
@@ -0,0 +1,98 @@
+diff -Naur early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/hooks/early_ssh early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/hooks/early_ssh
+--- early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/hooks/early_ssh 2014-03-31 11:35:22.000000000 +1300
++++ early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/hooks/early_ssh 2018-01-26 15:03:47.520179718 +1300
+@@ -1,5 +1,9 @@
+ #!/bin/bash
+
++# Adjusted for slackware's initrd
++# Andrew Clemons
++# August 2016
++
+ PREREQ=""
+ prereqs()
+ {
+@@ -13,58 +17,46 @@
+ ;;
+ esac
+
+-# load initramfs' hook functions
+-source /usr/share/initramfs-tools/hook-functions
++if [ -z "$DESTDIR" ] ; then
++ echo "Missing destination directory. Use DESTDIR= to pass the destination directory."
++ exit 1
++fi
+
+ # create the needed directories
+ for i in /etc/dropbear /etc/early-ssh /root /root/.ssh /sbin /bin /usr/bin /var /var/log; do
+ [ ! -e "${DESTDIR}${i}" ] && mkdir -p "${DESTDIR}${i}"
+ done
+
++if [ ! -e "${DESTDIR}/tmp" ] ; then
++ mkdir "${DESTDIR}/tmp"
++ chmod 1777 "${DESTDIR}/tmp"
++fi
++
+ # copy the needed executables
+-copy_exec /usr/sbin/dropbear sbin/
+-copy_exec /sbin/ifconfig sbin/
+-copy_exec /sbin/route sbin/
+-[ -f /usr/bin/scp ] && copy_exec /usr/bin/scp bin/
++cp -a /usr/bin/dropbearmulti $DESTDIR/sbin/dropbear
++cp -a /usr/share/mkinitrd/scripts/early_ssh $DESTDIR/
+
+ # copy the configs
+ cp -rp /etc/dropbear/dropbear_dss_host_key $DESTDIR/etc/dropbear/
+ cp -rp /etc/dropbear/dropbear_rsa_host_key $DESTDIR/etc/dropbear/
++cp -rp /etc/dropbear/dropbear_ecdsa_host_key $DESTDIR/etc/dropbear/
+ cp -rp /etc/localtime $DESTDIR/etc/
+ [ -f /root/.ssh/authorized_keys ] && cp -rp /root/.ssh/authorized_keys $DESTDIR/root/.ssh/authorized_keys
+ cp -rp /etc/login.defs $DESTDIR/etc/
+ cp -rp /etc/early-ssh/early-ssh.conf $DESTDIR/etc/early-ssh/
+
+-ls -1 /lib/libnss_files* 2>/dev/null >/dev/null
+-if [ $? == 0 ]; then
+- cp -rp /lib/libnss_files* $DESTDIR/lib/
+-else
+- cp -rp `dpkg -L libc6 | grep '/libnss_files' | tr '\n' ' '` $DESTDIR/lib/
+-fi
+-
+-ln -s /usr/lib/libz.so.1 $DESTDIR/usr/libz.so.1
+-
+-echo "passwd: files
+-group: files
+-shadow: files
+-" > $DESTDIR/etc/nsswitch.conf
+-
+ . /etc/early-ssh/early-ssh.conf
+
+ if [ "$PASSWD_OVERRIDE" != "" ]; then
+ cat $PASSWD_OVERRIDE >> $DESTDIR/etc/passwd
+-else
+- cat /etc/passwd | grep -E '^root:' | sed -e 's/:\/bin\/bash/:\/bin\/sh/' >> $DESTDIR/etc/passwd
+ fi
+
+ if [ "$SHADOW_OVERRIDE" != "" ]; then
+ cat $SHADOW_OVERRIDE >> $DESTDIR/etc/shadow
+-else
+- cat /etc/shadow | grep -E '^root:' >> $DESTDIR/etc/shadow
+ fi
+
+ if [ "$GROUP_OVERRIDE" != "" ]; then
+ cat $GROUP_OVERRIDE >> $DESTDIR/etc/group
+-else
+- cat /etc/group | grep -E '^root:' >> $DESTDIR/etc/group
+ fi
++
++sed -i 's#/bin/bash#/bin/sh#g' $DESTDIR/etc/passwd
+diff -Naur early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/scripts/local-top/early_ssh early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/scripts/local-top/early_ssh
+--- early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857.orig/src/usr/share/initramfs-tools/scripts/local-top/early_ssh 2014-03-31 11:35:22.000000000 +1300
++++ early-ssh-4acf000ddbe564dcafec626ec0dc7eadd821a857/src/usr/share/initramfs-tools/scripts/local-top/early_ssh 2018-01-26 14:27:42.613242124 +1300
+@@ -93,7 +93,7 @@
+ ln -s /dev/urandom /dev/random
+
+ # start the dropbear in the background
+-/sbin/dropbear -d /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -E -F -p $PORT &
++/sbin/dropbear -F -p $PORT &
+ dropbear_pid=$!
+
+ # give a notice to the user he/she can log in over SSH now