Add things for network luks unlock

2016-12-02 13:28:54 -05:00
parent 6266b8dc2c
commit 2ab9a20f30
27 changed files with 5492 additions and 0 deletions
--- a/src/mkinitcpio-tinyssh/.SRCINFO
+++ b/src/mkinitcpio-tinyssh/.SRCINFO
@@ -0,0 +1,23 @@
+# Generated by mksrcinfo v8
+# Fri Oct 21 11:25:24 UTC 2016
+pkgbase = mkinitcpio-tinyssh
+	pkgdesc = Archlinux mkinitcpio hook to install and enable the tinyssh daemon in early userspace
+	pkgver = 0.0.3
+	pkgrel = 3
+	url = https://github.com/grazzolini/mkinitcpio-tinyssh
+	changelog = ChangeLog
+	arch = any
+	license = BSD
+	depends = psmisc
+	depends = tinyssh
+	depends = ucspi-tcp
+	optdepends = mkinitcpio-netconf: Network interface configuration
+	optdepends = mkinitcpio-ppp: PPP interface configuration
+	optdepends = tinyssh-convert: For converting OpenSSH keys
+	optdepends = tinyssh-convert-git: For converting OpenSSH keys
+	conflicts = mkinitcpio-dropbear
+	source = mkinitcpio-tinyssh-0.0.3.tar.gz::https://github.com/grazzolini/mkinitcpio-tinyssh/archive/v0.0.3.tar.gz
+	sha512sums = 16f5f2c09bdcf53a7a63011630c6ce03c73db724a3bed52145e53a9d4dc818878af7ad48b7c19927bca9fd8fc9fc230dbcef966b14c40f48468109acd3618f64
+
+pkgname = mkinitcpio-tinyssh
+
--- a/src/mkinitcpio-tinyssh/.gitignore
+++ b/src/mkinitcpio-tinyssh/.gitignore
@@ -0,0 +1,6 @@
+v*.tar.gz
+mkinitcpio-tinyssh-*-any.pkg.tar.xz
+mkinitcpio-tinyssh-*.tar.gz
+develop.*
+pkg/*
+src/*
--- a/src/mkinitcpio-tinyssh/ChangeLog
+++ b/src/mkinitcpio-tinyssh/ChangeLog
@@ -0,0 +1,22 @@
+2016-08-15 Giancarlo Razzolini <grazzolini@gmail.com>
+	* 0.0.3:
+	- Created a new function to use the tinyssh-convert tool to convert already existing OpenSSH ED25519 keys to the tinyssh format.
+	- It will continue to create the tinyssh keys if openssh isn't installed and it has no keys available.
+	- This will only happen if openssh is installed and has run at least once and if there are no keys already created under /etc/tinyssh/sshkeydir.
+	- This is only valid for ED25519 keys, since the tinyssh-convert tool can only convert those.
+
+2015-08-11 Giancarlo Razzolini <grazzolini@gmail.com>
+
+	* 0.0.2 :
+	- Initial systemd support. It will add the tinyssh@22.socket unit, create a dependency on cryptsetup.target and enable the unit.
+	- Changed the root user home dir to /root.
+	- TMPDIR juggling cleanup.
+	- Hook help text correction.
+
+2015-08-03 Giancarlo Razzolini <grazzolini@gmail.com>
+
+	* 0.0.1 :
+	- Initial release.
+	- Uses the ucspi-tcp tcpserver tool to start the tinysshd daemon on boot.
+	- Right now only accepts connections on the default ssh port (22).
+	- There is no customization of the tinysshd parameters yet.
--- a/src/mkinitcpio-tinyssh/PKGBUILD
+++ b/src/mkinitcpio-tinyssh/PKGBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Giancarlo Razzolini <grazzolini@gmail.com>
+pkgname=mkinitcpio-tinyssh
+pkgver=0.0.3
+pkgrel=3
+pkgdesc="Archlinux mkinitcpio hook to install and enable the tinyssh daemon in early userspace"
+arch=('any')
+url="https://github.com/grazzolini/mkinitcpio-tinyssh"
+license=('BSD')
+depends=('psmisc' 'tinyssh' 'ucspi-tcp')
+optdepends=('mkinitcpio-netconf: Network interface configuration'
+            'mkinitcpio-ppp: PPP interface configuration'
+            'tinyssh-convert: For converting OpenSSH keys'
+            'tinyssh-convert-git: For converting OpenSSH keys')
+conflicts=('mkinitcpio-dropbear')
+#install=$pkgname.install
+source=("${pkgname}-${pkgver}.tar.gz::$url/archive/v$pkgver.tar.gz")
+changelog='ChangeLog'
+sha512sums=('16f5f2c09bdcf53a7a63011630c6ce03c73db724a3bed52145e53a9d4dc818878af7ad48b7c19927bca9fd8fc9fc230dbcef966b14c40f48468109acd3618f64')
+
+package() {
+  install -Dm644 "$srcdir/$pkgname-$pkgver/tinyssh_hook"      "$pkgdir/usr/lib/initcpio/hooks/tinyssh"
+  install -Dm644 "$srcdir/$pkgname-$pkgver/tinyssh_install"   "$pkgdir/usr/lib/initcpio/install/tinyssh"
+  install -Dm644 "$srcdir/$pkgname-$pkgver/LICENSE" "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+}
--- a/src/mkinitcpio-tinyssh/mkinitcpio-tinyssh.install
+++ b/src/mkinitcpio-tinyssh/mkinitcpio-tinyssh.install
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+post_install() {
+    touch /etc/tinyssh/root_key
+    chmod 600 /etc/tinyssh/root_key
+
+    cat<<INSTALLEOF
+    Insert your SSH public key into "/etc/tinyssh/root_key", e.g. using
+    "cat ~/.ssh/id_ed25519.pub > /etc/tinyssh/root_key".
+
+    If you want to use the same host keys as your OpenSSH installation
+    (only ed25519 for now), install tinyssh-convert or tinyssh-convert-git
+    BEFORE rebuilding your initramfs. Or, if you already have keys generated,
+    remove either the /etc/tinyssh/sshkeydir, or the ed25519 public and secret
+    keys from that dir, in order to use OpenSSH keys. This hook will not overwrite
+    existing keys either OpenSSH's converted or tinysshd-makekey created.
+
+    Afterwards add the "tinyssh" hook after any networking hook (netconf/ppp)
+    and before any hook provided with the mkinitcpio-utils package in the
+    "HOOKS" array in "/etc/mkinitcpio.conf". Finally rebuild the initramsfs
+    ("mkinitcpio -p linux").
+INSTALLEOF
+}
+
+post_remove() {
+    cat<<REMOVEEOF
+    Remove "tinyssh" from "HOOKS" in "/etc/mkinitcpio.conf", then rebuild
+    the initramfs ("mkinitcpio -p linux").
+REMOVEEOF
+}
+
+post_upgrade() {
+    post_install
+}