From 7311edb67891fc8a74ccf75677ee4c6a20634bb7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 7 Oct 2013 07:31:55 +0200 Subject: wibble --- post-install.sh | 4 +--- pre-partman.sh | 26 +++++++++++++------------- sshfprs.sh | 5 +++++ 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/post-install.sh b/post-install.sh index 9a99965..1950539 100755 --- a/post-install.sh +++ b/post-install.sh @@ -15,9 +15,7 @@ home="$(sed -rn '0,/^[^:]*:[^:]*:1000:[^:]*:[^:]*:([^:]*):.*/s//\1/p' /etc/passw test -d "$home/.ssh" || mkdir -m 0700 "$home/.ssh" # TODO: make something more generic -cat > "$home/.ssh/authorized_keys" << EOF -ssh-rsa ... -EOF +cp /cdrom/preseed/authorized_keys "$home/.ssh/authorized_keys" chown -R "$user:$user" "$home/.ssh" chmod -R og-rwx "$home/.ssh" diff --git a/pre-partman.sh b/pre-partman.sh index de391dd..61359a4 100755 --- a/pre-partman.sh +++ b/pre-partman.sh @@ -39,15 +39,15 @@ db_get fripost-install/full-disk-encryption-password keyfile=~root/root.key if [ -n "$RET" ]; then - touch "$keyfile" - chmod 0644 "$keyfile" - echo $RET >> "$keyfile" - # TODO: remove passord from debconf + touch "$keyfile" + chmod 0644 "$keyfile" + echo $RET >> "$keyfile" + # TODO: remove passord from debconf else anna-install openssh-server-udeb mkdir -pm0755 /etc/ssh/ - sshHostKey=/etc/ssh/ssh_host_rsa_key + sshHostKey=/etc/ssh/ssh_host_rsa_key ssh-keygen -b 4096 -t rsa -N '' -C $sshHostKey -f $sshHostKey cat > /etc/ssh/sshd_config <<- EOF @@ -82,7 +82,7 @@ else db_subst fripost-install/full-disk-encryption-slurpkey_text IPv4 \ "$(ip addr show eth0 | sed -nr 's/^\s+inet\s([0-9.]{4,32}).*/\1/p')" db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_SERVER \ - "$(ssh-keygen -lf $sshHostKey)" + "$(ssh-keygen -lf $sshHostKey)" db_subst fripost-install/full-disk-encryption-slurpkey_text SSHFPR_AUTHORIZED \ "$($root/preseed/sshfprs.sh ~root/.ssh/authorized_keys ' - ')" @@ -93,7 +93,7 @@ else db_go done - kill `cat /var/run/sshd.pid` || true + kill `cat /var/run/sshd.pid` || true fi @@ -106,7 +106,7 @@ db_get fripost-install/full-disk-encryption-fill dev="$RET" heartbeat () { - local pid sig sleep + local pid sig sleep pid=$1 sig=${2:-SIGHUP} sleep=${3:-1} @@ -204,10 +204,10 @@ anna-install cryptsetup-udeb crypto-dm-modules arch=$(uname -m) if [ x"$arch" = x"x86_64" ]; then - keysize=256 + keysize=256 hash=sha512 elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then - keysize=128 + keysize=128 hash=sha256 fi # Notes: 1/ XTS requires the key size to be doubled, 2/ We use AES128 @@ -215,9 +215,9 @@ fi # platforms. # TODO: Note: Generating key... (this may take a while) /sbin/cryptsetup -q --align-payload $grain \ - --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ - --iter-time 5000 --use-random --key-file="$keyfile" \ - luksFormat $system + --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \ + --iter-time 5000 --use-random --key-file="$keyfile" \ + luksFormat $system /sbin/cryptsetup luksOpen --key-file="$keyfile" $system system_crypt rm "$keyfile" # We are on a ramdisk, so it's good enough to unlink(2) diff --git a/sshfprs.sh b/sshfprs.sh index 83cebd9..a0aaabe 100755 --- a/sshfprs.sh +++ b/sshfprs.sh @@ -4,6 +4,11 @@ # may contain multiple keys. # # Usage: sshfprs.sh file [prefix] +# +# +# Copyright 2013 Guilhem Moulin +# +# Licensed under the GNU GPL version 3 or higher. set -ue -- cgit v1.2.3