From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id BD4A9138334 for ; Mon, 25 Mar 2019 03:08:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D9317E0938; Mon, 25 Mar 2019 03:08:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A1D58E0938 for ; Mon, 25 Mar 2019 03:08:51 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 49EF8335C5D for ; Mon, 25 Mar 2019 03:08:49 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id A8E3A57C for ; Mon, 25 Mar 2019 03:08:47 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1553482503.1730c1575e3f51ebc409e7fcb51900f32cbc1cbd.whissi@gentoo> Subject: [gentoo-commits] proj/genkernel:master commit in: / X-VCS-Repository: proj/genkernel X-VCS-Files: gen_cmdline.sh gen_initramfs.sh X-VCS-Directories: / X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: 1730c1575e3f51ebc409e7fcb51900f32cbc1cbd X-VCS-Branch: master Date: Mon, 25 Mar 2019 03:08:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 153a4180-96fb-439e-820b-e3084cc2295d X-Archives-Hash: 309091bbb89ded5446da69d87f970869 commit: 1730c1575e3f51ebc409e7fcb51900f32cbc1cbd Author: Thomas Deutschmann gentoo org> AuthorDate: Mon Mar 25 02:55:03 2019 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Mon Mar 25 02:55:03 2019 +0000 URL: https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=1730c157 dropbear: add error handling Signed-off-by: Thomas Deutschmann gentoo.org> gen_cmdline.sh | 12 ++++++++++++ gen_initramfs.sh | 43 +++++++++++++++++++++++++++++-------------- 2 files changed, 41 insertions(+), 14 deletions(-) diff --git a/gen_cmdline.sh b/gen_cmdline.sh index 6d9dd39..31b1d79 100755 --- a/gen_cmdline.sh +++ b/gen_cmdline.sh @@ -446,6 +446,18 @@ parse_cmdline() { --ssh|--no-ssh) CMD_SSH=`parse_optbool "$*"` print_info 2 "CMD_SSH: ${CMD_SSH}" + if isTrue "${CMD_SSH}" && [ ! -e /usr/sbin/dropbear ] + then + echo 'Error: --ssh requires net-misc/dropbear' \ + 'to be installed on the host system.' + exit 1 + fi + if isTrue "${CMD_SSH}" && [ ! -e /etc/dropbear/authorized_keys ] + then + echo 'Error: --ssh requires that dropbear is configured' \ + 'but /etc/dropbear/authorized_keys does not exist!' + exit 1 + fi ;; --loglevel=*) CMD_LOGLEVEL="${*#*=}" diff --git a/gen_initramfs.sh b/gen_initramfs.sh index 1469aaa..a90668e 100755 --- a/gen_initramfs.sh +++ b/gen_initramfs.sh @@ -693,15 +693,30 @@ append_dropbear(){ then if [ -e /usr/bin/dropbearconvert -a /etc/ssh/ssh_host_rsa_key ] then - /usr/bin/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key + if /usr/bin/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key + then + print_info 1 "$(getIndent 2)SSH: >> /etc/ssh/ssh_host_rsa_key converted into /etc/dropbear/dropbear_rsa_host_key" + else + gen_die "RSA host key conversion using dropbearconvert failed" + fi else - /usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 4096 > /dev/null + if /usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 4096 > /dev/null + then + print_info 1 "$(getIndent 2)SSH: >> New dropbear RSA host key /etc/dropbear/dropbear_rsa_host_key created" + else + gen_die "RSA host key generation using dropbearkey failed" + fi fi fi - + if [ ! -e /etc/dropbear/dropbear_dss_host_key ] then - /usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key > /dev/null + if /usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key > /dev/null + then + print_info 1 "$(getIndent 2)SSH: >> New dropbear DSS host key /etc/dropbear/dropbear_dss_host_key created" + else + gen_die "DSS host key generation using dropbearkey failed" + fi fi cd "${TEMP}" \ @@ -712,20 +727,20 @@ append_dropbear(){ mkdir -p ${TEMP}/initramfs-dropbear-temp/bin mkdir -p ${TEMP}/initramfs-dropbear-temp/root/.ssh - cp -L ${GK_SHARE}/defaults/login-remote.sh ${TEMP}/initramfs-dropbear-temp/bin/ - cp -L /etc/dropbear/{dropbear_rsa_host_key,dropbear_dss_host_key} ${TEMP}/initramfs-dropbear-temp/etc/dropbear/ - cp -L /etc/dropbear/authorized_keys ${TEMP}/initramfs-dropbear-temp/root/.ssh - cp -L /etc/localtime ${TEMP}/initramfs-dropbear-temp/etc/ + cp -L ${GK_SHARE}/defaults/login-remote.sh ${TEMP}/initramfs-dropbear-temp/bin/ || gen_die "failed to copy defaults/login-remote.sh" + cp -L /etc/dropbear/{dropbear_rsa_host_key,dropbear_dss_host_key} ${TEMP}/initramfs-dropbear-temp/etc/dropbear/ || gen_die "failed to copy dropbear host key(s)" + cp -L /etc/dropbear/authorized_keys ${TEMP}/initramfs-dropbear-temp/root/.ssh || gen_die "failed to copy /etc/dropbear/authorized_keys. Did you forget to configure dropbear?" + cp -L /etc/localtime ${TEMP}/initramfs-dropbear-temp/etc/ || gen_die "failed to copy /etc/localtime. Please set system's timezone!" if [ ${ARCH} = "x86_64" ] then mkdir -p ${TEMP}/initramfs-dropbear-temp/lib64 - cp -L /lib64/libnss_files.so.2 ${TEMP}/initramfs-dropbear-temp/lib64/ + cp -L /lib64/libnss_files.so.2 ${TEMP}/initramfs-dropbear-temp/lib64/ || gen_die "failed to copy libnss_files.so.2" else mkdir -p ${TEMP}/initramfs-dropbear-temp/lib - cp -L /lib/libnss_files.so.2 ${TEMP}/initramfs-dropbear-temp/lib/ + cp -L /lib/libnss_files.so.2 ${TEMP}/initramfs-dropbear-temp/lib/ || gen_die "failed to libnss_files.so.2" fi - - sed "s/compat/files/g" /etc/nsswitch.conf > ${TEMP}/initramfs-dropbear-temp/etc/nsswitch.conf + + sed "s/compat/files/g" /etc/nsswitch.conf > ${TEMP}/initramfs-dropbear-temp/etc/nsswitch.conf || gen_die "failed to modify /etc/nsswitch.conf" echo "root:x:0:0:root:/root:/bin/login-remote.sh" > ${TEMP}/initramfs-dropbear-temp/etc/passwd echo "/bin/login-remote.sh" > ${TEMP}/initramfs-dropbear-temp/etc/shells echo "root:!:0:0:99999:7:::" > ${TEMP}/initramfs-dropbear-temp/etc/shadow @@ -739,10 +754,10 @@ append_dropbear(){ chmod 0644 ${TEMP}/initramfs-dropbear-temp/etc/group mkfifo ${TEMP}/initramfs-dropbear-temp/etc/dropbear/fifo_root mkfifo ${TEMP}/initramfs-dropbear-temp/etc/dropbear/fifo_swap - + copy_binaries "${TEMP}"/initramfs-dropbear-temp/ /usr/sbin/dropbear \ /bin/login /usr/bin/passwd - + log_future_cpio_content cd "${TEMP}"/initramfs-dropbear-temp \ || gen_die "cd '${TEMP}/initramfs-dropbear-temp' failed"