aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-07 07:31:55 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 04:27:28 +0200
commit7311edb67891fc8a74ccf75677ee4c6a20634bb7 (patch)
tree83449d2ede993c46a480694f98a69e6a48825fae
parent6ffad46704d417b7a84cd5088849d77964f99580 (diff)
wibble
-rwxr-xr-xpost-install.sh4
-rwxr-xr-xpre-partman.sh26
-rwxr-xr-xsshfprs.sh5
3 files changed, 19 insertions, 16 deletions
diff --git a/post-install.sh b/post-install.sh
index 9a99965..1950539 100755
--- a/post-install.sh
+++ b/post-install.sh
@@ -15,9 +15,7 @@ home="$(sed -rn '0,/^[^:]*:[^:]*:1000:[^:]*:[^:]*:([^:]*):.*/s//\1/p' /etc/passw
test -d "$home/.ssh" || mkdir -m 0700 "$home/.ssh"
# TODO: make something more generic
-cat > "$home/.ssh/authorized_keys" << EOF
-ssh-rsa ...
-EOF
+cp /cdrom/preseed/authorized_keys "$home/.ssh/authorized_keys"
chown -R "$user:$user" "$home/.ssh"
chmod -R og-rwx "$home/.ssh"
diff --git a/pre-partman.sh b/pre-partman.sh
index de391dd..61359a4 100755
--- a/pre-partman.sh
+++ b/pre-partman.sh
@@ -39,15 +39,15 @@ db_get fripost-install/full-disk-encryption-password
keyfile=~root/root.key
if [ -n "$RET" ]; then
- touch "$keyfile"
- chmod 0644 "$keyfile"
- echo $RET >> "$keyfile"
- # TODO: remove passord from debconf
+ touch "$keyfile"
+ chmod 0644 "$keyfile"
+ echo $RET >> "$keyfile"
+ # TODO: remove passord from debconf
else
anna-install openssh-server-udeb
mkdir -pm0755 /etc/ssh/
- sshHostKey=/etc/ssh/ssh_host_rsa_key
+ sshHostKey=/etc/ssh/ssh_host_rsa_key
ssh-keygen -b 4096 -t rsa -N '' -C $sshHostKey -f $sshHostKey
cat > /etc/ssh/sshd_config <<- EOF
@@ -82,7 +82,7 @@ else
db_subst fripost-install/full-disk-encryption-slurpkey_text IPv4 \
"$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')"
db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_SERVER \
- "$(ssh-keygen -lf $sshHostKey)"
+ "$(ssh-keygen -lf $sshHostKey)"
db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_AUTHORIZED \
"$($root/preseed/sshfprs.sh ~root/.ssh/authorized_keys ' - ')"
@@ -93,7 +93,7 @@ else
db_go
done
- kill `cat /var/run/sshd.pid` || true
+ kill `cat /var/run/sshd.pid` || true
fi
@@ -106,7 +106,7 @@ db_get fripost-install/full-disk-encryption-fill
dev="$RET"
heartbeat () {
- local pid sig sleep
+ local pid sig sleep
pid=$1
sig=${2:-SIGHUP}
sleep=${3:-1}
@@ -204,10 +204,10 @@ anna-install cryptsetup-udeb crypto-dm-modules
arch=$(uname -m)
if [ x"$arch" = x"x86_64" ]; then
- keysize=256
+ keysize=256
hash=sha512
elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
- keysize=128
+ keysize=128
hash=sha256
fi
# Notes: 1/ XTS requires the key size to be doubled, 2/ We use AES128
@@ -215,9 +215,9 @@ fi
# platforms.
# TODO: Note: Generating key... (this may take a while)
/sbin/cryptsetup -q --align-payload $grain \
- --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
- --iter-time 5000 --use-random --key-file="$keyfile" \
- luksFormat $system
+ --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
+ --iter-time 5000 --use-random --key-file="$keyfile" \
+ luksFormat $system
/sbin/cryptsetup luksOpen --key-file="$keyfile" $system system_crypt
rm "$keyfile" # We are on a ramdisk, so it's good enough to unlink(2)
diff --git a/sshfprs.sh b/sshfprs.sh
index 83cebd9..a0aaabe 100755
--- a/sshfprs.sh
+++ b/sshfprs.sh
@@ -4,6 +4,11 @@
# may contain multiple keys.
#
# Usage: sshfprs.sh file [prefix]
+#
+#
+# Copyright 2013 Guilhem Moulin <guilhem@fripost.org>
+#
+# Licensed under the GNU GPL version 3 or higher.
set -ue