msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🔁 Render Graphviz Diagrams. / 🔁 Render Graphviz Diagrams. (push) Successful in 39s
Details
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m45s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-07-20 19:43:09 +02:00
parent 55a0cb6884
commit e1f09ca170
27 changed files with 1100 additions and 909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
func/4195_setup_dropbear.sh
View File

@@ -53,9 +53,9 @@ setup_dropbear() {
### Prepare dropbear authorized_keys
declare -a ary_user=()
ary_user+=("${user_root_ssh_pubkeys_0}")
[[ -v "${user_root_ssh_pubkeys_1}" ]] && ary_user+=("${user_root_ssh_pubkeys_1}")
[[ -v "${user_root_ssh_pubkeys_2}" ]] && ary_user+=("${user_root_ssh_pubkeys_2}")
[[ -v "${user_root_ssh_pubkeys_3}" ]] && ary_user+=("${user_root_ssh_pubkeys_3}")
[[ -v user_root_ssh_pubkeys_1 ]] && ary_user+=("${user_root_ssh_pubkeys_1}")
[[ -v user_root_ssh_pubkeys_2 ]] && ary_user+=("${user_root_ssh_pubkeys_2}")
[[ -v user_root_ssh_pubkeys_3 ]] && ary_user+=("${user_root_ssh_pubkeys_3}")
touch "${TARGET}/etc/dropbear/initramfs/authorized_keys" && chmod 0600 "${TARGET}/etc/dropbear/initramfs/authorized_keys"
printf "%s\n" "${ary_user[@]}" > "${TARGET}/etc/dropbear/initramfs/authorized_keys"
@@ -106,6 +106,8 @@ setup_dropbear() {
### Install the script to be called inside initramfs environment for unlocking LUKS and NUKE Devices.
install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/unlock_wrapper.sh" \
"${TARGET}/includes/initramfs-tools/files/"
install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/unlock_wrapper.sh" \
"${TARGET}/usr/lib/cryptsetup/scripts/"
### Install the script to be called inside Host environment for signing 'unlock_wrapper.sh'-script.
install -D -m 0700 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/unlock_wrapper_signer.sh" \
@@ -131,7 +133,7 @@ EOF
### Install the variable file to be called inside initramfs environment for setting up dropbear firewall.
install -D -m 0600 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/dropbear_fw.cnf" \
"${TARGET}/includes/initramfs-tools/files/"
"${TARGET}/includes/initramfs-tools/files/dropbear_fw.conf"
### Install the firewall script to be called inside initramfs environment for setting up dropbear firewall.
install -D -m 0755 -o root -g root "${VAR_SETUP_PATH}/includes/initramfs-tools/files/dropbear_fw.sh" \
@@ -169,6 +171,8 @@ EOF
# 0: on success
#######################################
write_dropbear_conf() {
[[ -z "${dropbear_port:-}" ]] && dropbear_port="2222"
cat << EOF >| "${TARGET}/etc/dropbear/initramfs/dropbear.conf"
#
# Configuration options for the dropbear-initramfs boot scripts.
@@ -185,7 +189,7 @@ write_dropbear_conf() {
# -K: Keepalive interval in seconds
# -p: Specify port (and optionally address)
# -w: Disable root login (SHOULD NOT be implemented for initramfs)
DROPBEAR_OPTIONS="-b /etc/dropbear/initramfs/banner -c /usr/local/bin/unlock_wrapper.sh -E -I 300 -K 60 -p ${dropbear_port:-2222}"
DROPBEAR_OPTIONS="-b /etc/dropbear/banner -c /usr/local/bin/unlock_wrapper.sh -E -I 300 -K 60 -p ${dropbear_port}"
#
# On local (non-NFS) mounts, interfaces matching this pattern are