/usr/share/initramfs-tools/hooks/dropbear is in dropbear-initramfs 2016.74-5+deb9u1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #!/bin/sh
PREREQ=""
prereqs() {
echo "$PREREQ"
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
dropbear_warn() {
echo "dropbear: WARNING:" "$@" >&2
}
for conf in "$CONFDIR/initramfs.conf" "$CONFDIR/conf-hooks.d/dropbear"; do
# XXX backward compatibility; remove once Stretch is the current stable
if [ -f "$conf" ] && grep -q ^DROPBEAR= "$conf"; then
dropbear_warn "Setting DROPBEAR in $conf is deprecated and will be ignored in a future release"
. "$conf"
if [ "$DROPBEAR" = n ]; then
dropbear_warn "Uninstall dropbear-initramfs instead to disable the dropbear initramfs boot script"
exit 0
fi
fi
done
if grep -q ^DROPBEAR_ "$CONFDIR/initramfs.conf" || grep -q ^PKGOPTION_dropbear_ "$CONFDIR/initramfs.conf"; then
# XXX backward compatibility; remove once Stretch is the current stable
dropbear_warn "Setting DROPBEAR_* or PKGOPTION_dropbear_* in $CONFDIR/initramfs.conf is deprecated and will be ignored in a future release"
dropbear_warn "Use /etc/dropbear-initramfs/config instead"
fi
[ -r /etc/crypttab ] || exit 0
copy_exec /usr/sbin/dropbear /sbin
LIBC_DIR=$(ldd /usr/sbin/dropbear | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')
find -L "$LIBC_DIR" -maxdepth 1 -name 'libnss_files.*' -type f | while read so; do
copy_exec "$so"
done
home=$(mktemp -d "$DESTDIR/root-XXXXXX")
chmod 0700 "$home"
for x in passwd group; do echo "$x: files"; done >"$DESTDIR/etc/nsswitch.conf"
echo "root:*:0:0::${home#$DESTDIR}:/bin/sh" >"$DESTDIR/etc/passwd"
echo "root:!:0:" >"$DESTDIR/etc/group"
# Copy config and host keys
mkdir -p "$DESTDIR/etc/dropbear"
if [ -e /etc/dropbear-initramfs/config ]; then
cp -p "/etc/dropbear-initramfs/config" "$DESTDIR/etc/dropbear/"
fi
for keytype in dss rsa ecdsa; do
hostkey="/etc/dropbear-initramfs/dropbear_${keytype}_host_key"
[ -f "$hostkey" ] && cp -p "$hostkey" "$DESTDIR/etc/dropbear/"
done
if [ -z "$(find "$DESTDIR/etc/dropbear" -maxdepth 1 -name 'dropbear_*_host_key')" ]; then
dropbear_warn "Missing host keys, remote unlocking of cryptroot via SSH won't work!"
fi
# Copy authorized_keys
mkdir -m0700 "$home/.ssh"
if [ -e /etc/dropbear-initramfs/authorized_keys ]; then
cat /etc/dropbear-initramfs/authorized_keys
else
for keytype in dsa rsa ecdsa; do
pubkey="/etc/dropbear-initramfs/id_${keytype}.pub"
[ -e "$pubkey" ] && cat "$pubkey"
done
fi >"$home/.ssh/authorized_keys"
if ! grep -qE '^([^#]+ )?(ssh-(dss|rsa)|ecdsa-sha2-nistp(256|384|521)) ' "$home/.ssh/authorized_keys"; then
dropbear_warn "Invalid authorized_keys file, remote unlocking of cryptroot via SSH won't work!"
fi
|