diff options
Diffstat (limited to 'post-install-msg.sh')
-rwxr-xr-x | post-install-msg.sh | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/post-install-msg.sh b/post-install-msg.sh new file mode 100755 index 0000000..8c5d5d7 --- /dev/null +++ b/post-install-msg.sh @@ -0,0 +1,60 @@ +#! /bin/sh +# +# Tell the user that the machine is ready to slurp the key for full disk +# encryption. +# +# Copyright 2013 Guilhem Moulin <guilhem@fripost.org> +# +# Licensed under the GNU GPL version 3 or higher. + +set -ue + +cd /target/etc/ + +chroot /target/ service ssh start; sleep 1 +sed -i 's/^DenyUsers \*$/AllowGroups ssh/' ./ssh/sshd_config + +# Busybox's sed doesn't support address '0,/../' +user="$(sed -rn 's/^([^:]*):[^:]*:1000:.*/\1/p' ./passwd)" +home="/target/$(sed -rn 's/^[^:]*:[^:]*:1000:[^:]*:[^:]*:([^:]*):.*/\1/p' ./passwd)" + +. /usr/share/debconf/confmodule + +ipv4="$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" +template=$(mktemp) + +cat > "$template" <<EOF +Template: post-install/title +Type: text +Description: Installation complete + +Template: post-install/text +Type: text +Description: Press 'continue' to reboot + After the reboot, you will be able to log in to this new Debian GNU/Linux + system: + . + ssh -p 22 -l $user $ipv4 + . + To defeat MiTM-attacks, please ensure that the server fingerprint matches + . + $(ssh-keygen -lf ./ssh/ssh_host_rsa_key) + . + Key(s) that are currently granted access have the following fingerprint: + . +EOF +while read pk; do + # ssh-keygen can't read from STDIN, and ash doesn't have the '<<<' + # construct, so we save each pubkey in a temporary file + pkf=$(mktemp) + echo "$pk" > "$pkf" + echo " - $(ssh-keygen -lf $pkf)" >> "$template" + rm "$pkf" +done < "$home/.ssh/authorized_keys" +# TODO: key granted access to the initramfs +# TODO: copy the previous keys? + +debconf-loadtemplate post-install "$template" +db_settitle post-install/title +db_input critical post-install/text +db_go |