From 56c9372d22859203caf7dcabf271896ddf9e216c Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 7 Oct 2013 06:25:39 +0200
Subject: Factorization: Separate the logic from the text.

---
 fripost-install.template | 23 +++++++++++++++++++++++
 pre-partman.sh           | 24 +++++++++++++++---------
 sshfprs.sh               | 20 ++++++++++++++++++++
 3 files changed, 58 insertions(+), 9 deletions(-)
 create mode 100755 sshfprs.sh

diff --git a/fripost-install.template b/fripost-install.template
index 44b3418..6c10976 100644
--- a/fripost-install.template
+++ b/fripost-install.template
@@ -27,3 +27,26 @@ Description: Filling ${DISK} with ${SIZE} ${WHAT}
 Template: fripost-install/full-disk-encryption-fill_progress_info
 Type: text
 Description: ${COMMAND}
+
+Template: fripost-install/full-disk-encryption-slurpkey_title
+Type: note
+Description: Waiting for passphrase
+
+Template: fripost-install/full-disk-encryption-slurpkey_text
+Type: text
+Description: Press 'continue' once you have sent the key
+ You now need to send the encryption key for LUKS/dm-crypt to
+ this special-purpose SSH server:
+ .
+     ssh -T -p 22 -l root ${IPv4} < /path/to/key
+ .
+ To defeat MiTM-attacks, please ensure that the server fingerprint matches
+ .
+     ${SSHFPR_SERVER}
+ .
+ Key(s) that are granted access have the following fingerprint:
+ .
+     ${SSHFPR_AUTHORIZED}
+ .
+ Note: This server is ephemeral, and will be replaced with a full-blown
+ one toward the end of the installation.
diff --git a/pre-partman.sh b/pre-partman.sh
index 79436ee..c0cebee 100755
--- a/pre-partman.sh
+++ b/pre-partman.sh
@@ -9,16 +9,18 @@
 # Licensed under the GNU GPL version 3 or higher.
 
 set -ue
+root=/cdrom
 
 . /usr/share/debconf/confmodule
 
-debconf-loadtemplate fripost-install /cdrom/preseed/fripost-install.template
+debconf-loadtemplate fripost-install $root/preseed/fripost-install.template
 
 db_input high fripost-install/full-disk-encryption || true
 db_go
 db_get fripost-install/full-disk-encryption
 [ x"${RET:-true}" = x"false" ] && exit 0
 
+##############################################################################
 # Crypto, disk and network modules, required to unlock the system from
 # our initramfs.
 # TODO: should probably be stored in debconf, since we'll need the
@@ -29,14 +31,19 @@ while read k rest; do /sbin/modinfo -F filename "$k"; done < /proc/modules \
 
 anna-install cryptsetup-udeb
 
+
+##############################################################################
+# Slurp encryption key
+
 db_input high fripost-install/full-disk-encryption-password || true
 db_go
 db_get fripost-install/full-disk-encryption-password
 
+keyfile=~root/root.key
 if [ -n "$RET" ]; then
-	touch ~root/root.key
-	chmod 0644 ~root/root.key
-	echo $RET >> ~root/root.key #TODO we don't want echo there
+	touch "$keyfile"
+	chmod 0644 "$keyfile"
+	echo $RET >> "$keyfile"
 	# TODO: remove passord from debconf
 else
     anna-install openssh-server-udeb
@@ -60,14 +67,13 @@ else
 	AllowUsers root
 	StrictModes yes
 
-	ForceCommand /bin/sh -c 'umask 0077; cat > ~root/root.key'
+	#ForceCommand /bin/sh -c 'umask 0077; cat > $keyfile'
 	EOF
 
-    # Populate the authorized keys. TODO: make something more generic
+    # Populate the authorized keys.
     test -d ~root/.ssh || mkdir -m 0700 ~root/.ssh
-    cat > ~root/.ssh/authorized_keys <<- EOF
-	no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa ...
-	EOF
+    sed 's/^/no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding /' \
+            $root/preseed/authorized_keys > ~root/.ssh/authorized_keys
     chmod og-rwx ~root/.ssh/authorized_keys
 
     # Start the SSH daemon
diff --git a/sshfprs.sh b/sshfprs.sh
new file mode 100755
index 0000000..83cebd9
--- /dev/null
+++ b/sshfprs.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Like ssh-keygen -lf, but for a file such as authorized_keys, which
+# may contain multiple keys.
+#
+# Usage: sshfprs.sh file [prefix]
+
+set -ue
+
+file="$1"
+prefix="${2:-}"
+
+while read pk; do
+	# ssh-keygen can't read from STDIN, and ash doesn't have the '<<<'
+	# construct, so we save each pubkey in a temporary file
+	pkf=$(mktemp)
+	echo "$pk" > "$pkf"
+	echo "${prefix}$(ssh-keygen -lf $pkf)"
+	rm "$pkf"
+done < "$file"
-- 
cgit v1.2.3