This file is indexed.

/usr/share/initramfs-tools/hooks/dropbear is in dropbear-initramfs 2016.74-5+deb9u1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/bin/sh

PREREQ=""

prereqs() {
    echo "$PREREQ"
}

case "$1" in
    prereqs)
        prereqs
        exit 0
    ;;
esac

. /usr/share/initramfs-tools/hook-functions

dropbear_warn() {
    echo "dropbear: WARNING:" "$@" >&2
}

for conf in "$CONFDIR/initramfs.conf" "$CONFDIR/conf-hooks.d/dropbear"; do
    # XXX backward compatibility; remove once Stretch is the current stable
    if [ -f "$conf" ] && grep -q ^DROPBEAR= "$conf"; then
        dropbear_warn "Setting DROPBEAR in $conf is deprecated and will be ignored in a future release"
        . "$conf"
        if [ "$DROPBEAR" = n ]; then
            dropbear_warn "Uninstall dropbear-initramfs instead to disable the dropbear initramfs boot script"
            exit 0
        fi
    fi
done
if grep -q ^DROPBEAR_ "$CONFDIR/initramfs.conf" || grep -q ^PKGOPTION_dropbear_ "$CONFDIR/initramfs.conf"; then
    # XXX backward compatibility; remove once Stretch is the current stable
    dropbear_warn "Setting DROPBEAR_* or PKGOPTION_dropbear_* in $CONFDIR/initramfs.conf is deprecated and will be ignored in a future release"
    dropbear_warn "Use /etc/dropbear-initramfs/config instead"
fi

[ -r /etc/crypttab ] || exit 0

copy_exec /usr/sbin/dropbear /sbin
LIBC_DIR=$(ldd /usr/sbin/dropbear | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')
find -L "$LIBC_DIR" -maxdepth 1 -name 'libnss_files.*' -type f | while read so; do
    copy_exec "$so"
done

home=$(mktemp -d "$DESTDIR/root-XXXXXX")
chmod 0700 "$home"
for x in passwd group; do echo "$x: files"; done >"$DESTDIR/etc/nsswitch.conf"
echo "root:*:0:0::${home#$DESTDIR}:/bin/sh" >"$DESTDIR/etc/passwd"
echo "root:!:0:" >"$DESTDIR/etc/group"

# Copy config and host keys
mkdir -p "$DESTDIR/etc/dropbear"
if [ -e /etc/dropbear-initramfs/config ]; then
    cp -p "/etc/dropbear-initramfs/config" "$DESTDIR/etc/dropbear/"
fi
for keytype in dss rsa ecdsa; do
    hostkey="/etc/dropbear-initramfs/dropbear_${keytype}_host_key"
    [ -f "$hostkey" ] && cp -p "$hostkey" "$DESTDIR/etc/dropbear/"
done

if [ -z "$(find "$DESTDIR/etc/dropbear" -maxdepth 1 -name 'dropbear_*_host_key')" ]; then
    dropbear_warn "Missing host keys, remote unlocking of cryptroot via SSH won't work!"
fi

# Copy authorized_keys
mkdir -m0700 "$home/.ssh"
if [ -e /etc/dropbear-initramfs/authorized_keys ]; then
    cat /etc/dropbear-initramfs/authorized_keys
else
    for keytype in dsa rsa ecdsa; do
        pubkey="/etc/dropbear-initramfs/id_${keytype}.pub"
        [ -e "$pubkey" ] && cat "$pubkey"
    done
fi >"$home/.ssh/authorized_keys"

if ! grep -qE '^([^#]+ )?(ssh-(dss|rsa)|ecdsa-sha2-nistp(256|384|521)) ' "$home/.ssh/authorized_keys"; then
    dropbear_warn "Invalid authorized_keys file, remote unlocking of cryptroot via SSH won't work!"
fi