Rework --ssh support

- To enable sshd in initramfs user MUST now set "dosshd" kernel
  command-line parameter.

- "gk.sshd.wait" kernel command-line parameter was added to interrupt
  boot process for X seconds to allow for remote login (can be used like
  an remote rescue shell).

- For remote unlock of LUKS-encrypted root or swap device, user can still
  send unencrypted keyfile via SSH like

    $ cat ~/root.unencrypted.key | ssh root@<remote-host> -C post root

  or user can now just SSH into the remote host and call "unlock-luks"
  like

    remote rescueshell ~ # unlock-luks root

  to get a cryptsetup prompt.

  NOTE: When manually unlocking the encrypted LUKS device, user must call
  "resume-boot" afterwards to resume booting.

- "--ssh-authorized-keys-file" parameter added which can be used to
  specify a different file than default "/etc/dropbear/authorized_keys"
  file.

- "--ssh-host-keys" parameter added to control if in initramfs embedded
  sshd should create its own pair of hosts keys (which will be stored in
  "/etc/dropbear for re-use, default), use host keys from host system or
  should generate host keys at runtime on each boot.

- "ip" kernel command-line parameter will now default to DHCP usage but
  does also support addr/CIDR notation to specify a static address.

- "gk.net.iface" kernel command-line parameter was added to use a
  different interface than "eth0". You can either use an interface name
  or use a MAC address.

- "gk.net.gw" kernel command-line parameter was added which will allow
  user to set specific gateway when DHCP isn't used.

- "gk.net.routes" kernel command-line parameter was added which will allow
  user to set additional routes when DHCP isn't used.

Please read manpage for additional parameters and more details.

Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

1 files changed, 68 insertions, 0 deletions

diff --git a/gkbuilds/dropbear.gkbuild b/gkbuilds/dropbear.gkbuild
new file mode 100644
index 00000000..e6a43f64
--- /dev/null
+++ b/gkbuilds/dropbear.gkbuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+src_prepare() {
+	default
+
+	# Disable DSS support
+	echo "#define DROPBEAR_DSS 0" > localoptions.h || die "Failed to disable DSS support"
+}
+
+src_configure() {
+	local myconf=(
+		--enable-static
+		--disable-pam
+		--disable-syslog
+		--with-zlib="${BROOT}/usr"
+	)
+
+	gkconf "${myconf[@]}"
+}
+
+src_compile() {
+	local MYMAKEOPTS=( "V=1" )
+	MYMAKEOPTS+=( "MULTI=1" )
+	MYMAKEOPTS+=( "PROGRAMS='dropbear dropbearkey dropbearconvert scp'" )
+	gkmake "${MYMAKEOPTS[@]}"
+}
+
+src_install() {
+	local mydir=
+	for mydir in \
+		etc/dropbear \
+		usr/bin \
+		usr/sbin \
+		root/.ssh \
+		var/log \
+		var/run \
+	; do
+		mkdir -p "${D}"/${mydir} || die "Failed to create '${D}/${mydir}'!"
+	done
+
+	cp -a dropbearmulti "${D}"/usr/bin/ \
+		|| die "Failed to copy '${S}/dropbearmulti' to '${D}/usr/bin/'!"
+
+	"${STRIP}" --strip-all "${D}"/usr/bin/dropbearmulti \
+		|| die "Failed to strip '${D}/usr/bin/dropbearmulti'!"
+
+	ln -s ../bin/dropbearmulti "${D}"/usr/sbin/dropbear \
+		|| die "Failed to symlink '${D}/usr/sbin/dropbear' to '${D}/usr/bin/dropbearmulti'!"
+
+	ln -s dropbearmulti "${D}"/usr/bin/dropbearconvert \
+		|| die "Failed to symlink '${D}/usr/bin/dropbearconvert' to '${D}/usr/bin/dropbearmulti'!"
+
+	ln -s dropbearmulti "${D}"/usr/bin/dropbearkey \
+		|| die "Failed to symlink '${D}/usr/bin/dropbearkey' to '${D}/usr/bin/dropbearmulti'!"
+
+	ln -s dropbearmulti "${D}"/usr/bin/scp \
+		|| die "Failed to symlink '${D}/usr/bin/scp' to '${D}/usr/bin/dropbearmulti'!"
+
+	chmod 0700 "${D}"/root/.ssh \
+		|| die "Failed to chmod of '${D}/root/.ssh'!"
+
+	mkfifo "${D}"/etc/dropbear/fifo_root \
+		|| die "Failed to create '${D}/etc/dropbear/fifo_root'!"
+
+	mkfifo "${D}"/etc/dropbear/fifo_swap \
+		|| die "Failed to create '${D}/etc/dropbear/fifo_swap'!"
+}