aboutsummaryrefslogtreecommitdiffstats
path: root/src/fripost-postinst-udeb/debian
diff options
context:
space:
mode:
Diffstat (limited to 'src/fripost-postinst-udeb/debian')
-rw-r--r--src/fripost-postinst-udeb/debian/changelog5
-rw-r--r--src/fripost-postinst-udeb/debian/compat1
-rw-r--r--src/fripost-postinst-udeb/debian/control11
-rw-r--r--src/fripost-postinst-udeb/debian/copyright7
-rw-r--r--src/fripost-postinst-udeb/debian/install2
-rwxr-xr-xsrc/fripost-postinst-udeb/debian/rules3
-rw-r--r--src/fripost-postinst-udeb/debian/templates93
7 files changed, 122 insertions, 0 deletions
diff --git a/src/fripost-postinst-udeb/debian/changelog b/src/fripost-postinst-udeb/debian/changelog
new file mode 100644
index 0000000..c1ea4fd
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/changelog
@@ -0,0 +1,5 @@
+fripost-postinst (0.0.0) unstable; urgency=low
+
+ * Tests
+
+ -- Guilhem Moulin <guilhem@fripost.org> Wed, 17 Oct 2013 04:32:31 +0200
diff --git a/src/fripost-postinst-udeb/debian/compat b/src/fripost-postinst-udeb/debian/compat
new file mode 100644
index 0000000..7f8f011
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/compat
@@ -0,0 +1 @@
+7
diff --git a/src/fripost-postinst-udeb/debian/control b/src/fripost-postinst-udeb/debian/control
new file mode 100644
index 0000000..e173159
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/control
@@ -0,0 +1,11 @@
+Source: fripost-postinst
+Section: debian-installer
+Priority: optional
+Maintainer: Guilhem Moulin <guilhem@fripost.org>
+Build-Depends: debhelper (>= 7)
+
+Package: fripost-postinst
+XC-Package-Type: udeb
+Architecture: all
+Depends: fripost-partman, ${misc:Depends}
+Description: Post-install scripts (e.g., install dropbear in the initramfs)
diff --git a/src/fripost-postinst-udeb/debian/copyright b/src/fripost-postinst-udeb/debian/copyright
new file mode 100644
index 0000000..4e26ce2
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/copyright
@@ -0,0 +1,7 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: native package
+
+Files: *
+Copyright: © 2013 Guilhem Moulin <guilhem@fripost.org>
+License: GPL-3+
+
diff --git a/src/fripost-postinst-udeb/debian/install b/src/fripost-postinst-udeb/debian/install
new file mode 100644
index 0000000..5426071
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/install
@@ -0,0 +1,2 @@
+finish-install.d/* /usr/lib/finish-install.d
+sshd_config /var/lib/fripost
diff --git a/src/fripost-postinst-udeb/debian/rules b/src/fripost-postinst-udeb/debian/rules
new file mode 100755
index 0000000..cbe925d
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/rules
@@ -0,0 +1,3 @@
+#!/usr/bin/make -f
+%:
+ dh $@
diff --git a/src/fripost-postinst-udeb/debian/templates b/src/fripost-postinst-udeb/debian/templates
new file mode 100644
index 0000000..5385ce9
--- /dev/null
+++ b/src/fripost-postinst-udeb/debian/templates
@@ -0,0 +1,93 @@
+Template: base-installer/progress/fripost
+Type: text
+Description: ${WHAT}
+
+Template: fripost/initrd-ssh-port
+Type: string
+Default: 22
+Description: On which [address:]port should dropbear listen?
+Extended_description: If port is a range (e.g., 1024-65535), a random
+ port in that range is chosen. Leaving the question empty is equivalent
+ to specifying the range of registered port 1024-49151. This is only
+ used for remote (SSH) unlocking of encrypted disks.
+
+Template: fripost/dropbear-use-openssh-key
+Type: boolean
+Default: false
+Description: Use the same key for dropbear and OpenSSH?
+Extended_description: If False, generate a dedicated key for dropbear.
+
+Template: fripost/activate-selinux
+Type: boolean
+Default: true
+Description: Install and activate (in enforcing mode) SELinux?
+Extended_description: Note that activating SELinux requires a dummy
+ reboot to label all files. So if you have full-disk encryption, you'll
+ have to send the password twice to dropbear.
+
+Template: fripost/keep-media-directory
+Type: boolean
+Default: false
+Description: Keep /media and its kids' entries in the fstab?
+Extended_description: /media (and its related entries in the fstab)
+ can safely be removed on a headless server.
+
+Template: fripost/sshd-fprs_title
+Type: text
+Description: Reboot in progress
+
+Template: fripost/sshd-fprs_text
+Type: note
+Description: Press 'continue' to reboot on the new system
+ We are done! After rebooting you should be able to log in into your
+ new machine:
+ .
+ ssh ${USER}@${IPv4}
+ .
+ To defeat MiTM-attacks, please ensure (for instance by trying to log in
+ right now, although it won't be successful before the next reboot) that
+ the server's public key has the following fingerprint
+ .
+ ${SSHFPR_SERVER}
+ .
+ To unlock the encrypted disk, you need to send the key to the SSH
+ daemon living in in the initrd:
+ .
+ ssh -p ${PORT} -T root@${IPv4} < /path/to/key
+ .
+ An attacker successfully mounting a MiTM-attack could get hold of the
+ encryption key! It is crucial that you match this (single purpose)
+ server's fingerprint against
+ .
+ ${SSHFPR_INITRD}
+ .
+ Key(s) that are granted access to these two servers have the following
+ fingerprint:
+ .
+ ${SSHFPR_AUTHORIZED}
+
+Template: fripost/sshd-fprs-nodropbear_text
+Type: note
+Description: Press 'continue' to reboot on the new system
+ We are done! After rebooting you should be able to log in into your new
+ machine:
+ .
+ ssh ${USER}@${IPv4}
+ .
+ To defeat MiTM-attacks, please ensure (for instance by trying to log in
+ right now, although it won't be successful before the next reboot) that
+ the server's public key has the following fingerprint
+ .
+ ${SSHFPR_SERVER}
+ .
+ Key(s) that are granted access to the server have the following
+ fingerprint:
+ .
+ ${SSHFPR_AUTHORIZED}
+
+Template: fripost/final-notice
+Type: boolean
+Default: true
+Description: Display the final notice before rebooting?
+Extended_description: It's good to show SSH fingerprints, because it
+ defeats MiTM-attacks.