1 files changed, 105 insertions, 31 deletions
diff --git a/pre-partman.sh b/pre-partman.sh
index ebb1d1e..0aa93bd 100755
--- a/pre-partman.sh
+++ b/pre-partman.sh
@@ -10,53 +10,127 @@
 
 set -ue
 
-# Crypto, disk and network modules, required to unlock the system from our initramfs
+. /usr/share/debconf/confmodule
+
+debconf-loadtemplate fripost-install /cdrom/preseed/fripost-install.template
+
+db_input high fripost-install/full-disk-encryption || true
+db_go
+db_get fripost-install/full-disk-encryption
+[ x"${RET:-true}" = x"false" ] && exit 0
+
+# Crypto, disk and network modules, required to unlock the system from
+# our initramfs.
 # TODO: should probably be stored in debconf, since we'll need the
 # modules in the target only
 while read k rest; do /sbin/modinfo -F filename "$k"; done < /proc/modules \
 | sed -nr "s@^/lib/modules/`uname -r`/kernel/(arch|drivers/(ata|scsi))(/.*)?/([^/]+)\.ko\$@\4@p" \
 > /tmp/initramfs-modules
 
-anna-install cryptsetup-udeb openssh-server-udeb
-mkdir -pm0755 /etc/ssh/
-ssh-keygen -b 4096 -t rsa -N '' -C /etc/ssh/ssh_host_rsa_key -f /etc/ssh/ssh_host_rsa_key
+anna-install cryptsetup-udeb
+
+db_input high fripost-install/full-disk-encryption-password || true
+db_go
+db_get fripost-install/full-disk-encryption-password
+
+if [ -n "$RET" ]; then
+	touch ~root/root.key
+	chmod 0644 ~root/root.key
+	echo $RET >> ~root/root.key #TODO we don't want echo there
+	# TODO: remove passord from debconf
+else
+    anna-install openssh-server-udeb
+
+    mkdir -pm0755 /etc/ssh/
+	sshHostKey=/etc/ssh/ssh_host_rsa_key
+    ssh-keygen -b 4096 -t rsa -N '' -C $sshHostKey -f $sshHostKey
+
+    cat > /etc/ssh/sshd_config <<- EOF
+	Port 22
+	Protocol 2
+	HostKey $sshHostKey
+	UsePrivilegeSeparation no
+
+	PasswordAuthentication no
+	ChallengeResponseAuthentication no
+	HostbasedAuthentication no
+	PubkeyAuthentication yes
+
+	PermitRootLogin yes
+	AllowUsers root
+	StrictModes yes
+
+	ForceCommand /bin/sh -c 'umask 0077; cat > ~root/root.key'
+	EOF
+
+    # Populate the authorized keys. TODO: make something more generic
+    test -d ~root/.ssh || mkdir -m 0700 ~root/.ssh
+    cat > ~root/.ssh/authorized_keys <<- EOF
+	no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa ...
+	EOF
+    chmod og-rwx ~root/.ssh/authorized_keys
 
-cat > /etc/ssh/sshd_config << EOF
-Port 22
-Protocol 2
-HostKey /etc/ssh/ssh_host_rsa_key
-UsePrivilegeSeparation no
+    # Start the SSH daemon
+    touch /var/log/lastlog
+    /usr/sbin/sshd
 
-PasswordAuthentication no
-ChallengeResponseAuthentication no
-HostbasedAuthentication no
-PubkeyAuthentication yes
+    # Tell the user we're ready
+    ipv4="$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')"
+    template=$(mktemp)
 
-PermitRootLogin yes
-AllowUsers root
-StrictModes yes
+    cat > "$template" <<- EOF
+	Template: cryptsetup-ssh-slurpkey/title
+	Type: note
+	Description: Waiting for passphrase
 
-ForceCommand /bin/sh -c 'umask 0077; cat > ~root/root.key'
-EOF
+	Template: cryptsetup-ssh-slurpkey/text
+	Type: note
+	Description: Press 'continue' once you have sent the key
+	 You now need to send the encryption key for LUKS/dm-crypt to
+	 this special-purpose SSH server:
+	 .
+	     ssh -T -p 22 -l root $ipv4 < /path/to/key
+	 .
+	 To defeat MiTM-attacks, please ensure that the server fingerprint matches
+	 .
+	     $(ssh-keygen -lf $sshHostKey)
+	 .
+	 Key(s) that are granted access have the following fingerprint:
+	 .
+	EOF
+    while read pk; do
+    	# ssh-keygen can't read from STDIN, and ash doesn't have the '<<<'
+    	# construct, so we save each pubkey in a temporary file
+    	pkf=$(mktemp)
+    	echo "$pk" > "$pkf"
+    	echo "   - $(ssh-keygen -lf $pkf)" >> "$template"
+    	rm "$pkf"
+    done < ~root/.ssh/authorized_keys
+    cat >> $template <<- EOF
+	 .
+	 Note: This server is ephemeral, and will be replaced with a full-blown
+	 one toward the end of the installation.
+	EOF
 
-# Populate the authorized keys. TODO: make something more generic
-test -d ~root/.ssh || mkdir -m 0700 ~root/.ssh
-cat > ~root/.ssh/authorized_keys << EOF
-no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa ...
-EOF
-chmod og-rwx ~root/.ssh/authorized_keys
+    debconf-loadtemplate cryptsetup-ssh-slurpkey "$template"
+    # Anything sent to the SSH is stored into ~root/root.key, which is our
+    # LUKS key.
+    until test -r ~root/root.key; do
+        db_settitle cryptsetup-ssh-slurpkey/title
+        db_input critical cryptsetup-ssh-slurpkey/text
+        db_go
+    done
 
-# Start the SSH daemon
-touch /var/log/lastlog
-/usr/sbin/sshd
+	kill `cat /var/run/sshd.pid` || true
+fi
 
-# Tell the user we're ready
-/cdrom/preseed/slurpkey-msg.sh
-kill `cat /var/run/sshd.pid` || true
+db_input high fripost-install/full-disk-encryption-fillrandom || true
+db_go
+db_get fripost-install/full-disk-encryption-fillrandom
 
 # Encrypt
 
-## fill the disk with random crap
+## fill the disk with random crap (TODO: progress)
 ## partition the disk
 ## format /boot to ext2
 ## gptsync