V8.00.000.2025.06.17

Signed-off-by: Marc S. Weidner <msw@coresecret.dev>

func/cdi_4300_network/4312_dropbear_setup.sh

@@ -100,7 +100,7 @@ dropbear_setup() {
   install -D -m 0640 -o root -g root "${VAR_SETUP_PATH}${dropbear_sig_file}" \
     "${TARGET}/etc/initramfs-tools/files/"
   install -D -m 0600 -o root -g root "${VAR_SETUP_PATH}${dropbear_pub_key}" \
-    "${TARGET}/root/.ciss/keys/"
+    "${TARGET}/root/.ciss/cdi/keys/"
 
   ### Install the script to be called inside the Host environment for signing 'unlock_wrapper.sh'-script.
   install -D -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/target/etc/initramfs-tools/files/unlock_wrapper_signer.sh" \

func/cdi_4400_hardening/4420_installation_ssh.sh

@@ -34,7 +34,7 @@ installation_ssh() {
   ### Declare Arrays, HashMaps, and Variables.
   declare -a ary_user=()
   declare -i i=0
-  declare    var_auth="" var_name="" var_ca=""
+  declare    var_auth="" var_name="" var_ca="" var_pub=""
 
   chroot_exec "${TARGET}" apt-get install -y --no-install-recommends --no-install-suggests ssh
 
@@ -106,6 +106,18 @@ installation_ssh() {
 
   chroot_script "${TARGET}" "ssh-keygen -r ${VAR_FINAL_FQDN}. >| /root/.ciss/cdi/log/SSHFP.log"
 
+  if [[ "${dropbear_boot}" == "true" ]]; then
+
+    printf "### Dropbear SSHFP RR: \n" >> "${TARGET}/root/.ciss/cdi/log/SSHFP.log"
+
+    for var_pub in "${TARGET}"/etc/dropbear/initramfs/dropbear*key*.pub; do
+
+      chroot_script "${TARGET}" "ssh-keygen -E sha256 -r ${VAR_FINAL_FQDN}. -f ${var_pub} >> /root/.ciss/cdi/log/SSHFP.log"
+
+    done
+
+  fi
+
   ###########################################################################################
   # The file /etc/profile.d/idle-users.sh is created to set the read-only                   #
   # environment variables: TMOUT                                                            #