Configurable timeout before automatic poweroff

master
Julien Coloos 2014-05-20 22:39:32 +02:00
parent 3b3cf4b944
commit 9443a3bb6b
3 changed files with 56 additions and 4 deletions

View File

@ -14,8 +14,16 @@ As explained upon installation, the following things need to be done:
The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`. The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.
The SSH listening port (22 by default) can be changed by setting the `sshcs_opt_listen` option in `/etc/dropbear/initrd.env` (file is sourced in initrd shell).
Some options can be set in `/etc/dropbear/initrd.env` (file is sourced in initrd shell):
* `sshcs_opt_listen`: SSH listening port
- default: 22
* `sshcs_opt_timeout_poweroff`: time (in seconds) to unlock devices before automatic powering off
- default (and minimum value): 2 minutes
- negative value to deactivate
For example: For example:
sshcs_opt_listen=2222 sshcs_opt_listen=2222
sshcs_opt_timeout_poweroff=-1

View File

@ -36,7 +36,41 @@ sshcs_net_start() {
[ -n "${net_address}" ] [ -n "${net_address}" ]
} }
sshcs_trapped_timeout() {
err "Timeout reached! Powering off."
poweroff -f
exit
}
sshcs_trap_timeout() {
local pid_init=$$
if [ ${sshcs_opt_timeout_poweroff} -gt 0 ]; then
echo ""
echo "WARNING! Automatic poweroff will be triggered in ${sshcs_opt_timeout_poweroff}s"
echo "To deactivate, please unlock devices"
echo ""
trap sshcs_trapped_timeout SIGALRM
(
sleep ${sshcs_opt_timeout_poweroff}
kill -SIGALRM ${pid_init}
# Signal is not processed if cryptsetup is waiting for the password
killall cryptsetup > /dev/null 2>&1
) &
pid_timeout=$!
fi
}
sshcs_untrap_timeout() {
[ -z "${pid_timeout}" ] && return 0
kill ${pid_timeout}
trap - SIGALRM
msg "Timeout cleared."
}
sshcs_dropbear_unlock() { sshcs_dropbear_unlock() {
local timeout_poweroff_min=120
local pid_timeout=
local dev_pts_mounted=0 local dev_pts_mounted=0
local listen= local listen=
@ -81,14 +115,20 @@ EOF
[ -e "${dropbear_env}" ] && . "${dropbear_env}" [ -e "${dropbear_env}" ] && . "${dropbear_env}"
[ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}" [ -n "${sshcs_opt_listen}" ] && sshcs_opt_listen="-p ${sshcs_opt_listen}"
[ -z "${sshcs_opt_timeout_poweroff}" ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
[ ${sshcs_opt_timeout_poweroff} -ge 0 ] && [ ${sshcs_opt_timeout_poweroff} -lt ${timeout_poweroff_min} ] && sshcs_opt_timeout_poweroff=${timeout_poweroff_min}
msg "Starting dropbear ..." msg "Starting dropbear ..."
dropbear -Emsgjk -P "${path_dropbear_pid}" ${sshcs_opt_listen} dropbear -Emsgjk -P "${path_dropbear_pid}" ${sshcs_opt_listen}
sshcs_trap_timeout
# actual script (shared with SSH login) unlocking encrypted devices # actual script (shared with SSH login) unlocking encrypted devices
. "${dropbear_cryptsetup_script}" . "${dropbear_cryptsetup_script}"
sshcs_untrap_timeout
# cleanup dropbear # cleanup dropbear
if [ -f "${path_dropbear_pid}" ]; then if [ -f "${path_dropbear_pid}" ]; then
msg "Stopping dropbear ..." msg "Stopping dropbear ..."
@ -178,7 +218,6 @@ EOF
fi fi
} }
run_hook() { run_hook() {
local etc_crypttab="/etc/crypttab" local etc_crypttab="/etc/crypttab"
local dropbear_env="/etc/dropbear/initrd.env" local dropbear_env="/etc/dropbear/initrd.env"

View File

@ -101,8 +101,13 @@ Network is configured with 'ip=' kernel parameter (see 'mkinitcpio-nfs-utils').
Authorized SSH key(s) must be present in '/etc/dropbear/initrd.authorized_keys'. Authorized SSH key(s) must be present in '/etc/dropbear/initrd.authorized_keys'.
LUKS encrypted devices to unlock are derived from '/etc/crypttab', which must LUKS encrypted devices to unlock are derived from '/etc/crypttab', which must
be present. be present.
Listening port (if not 22) can be set with the option 'sshcs_opt_listen' in Some options can be set in '/etc/dropbear/initrd.env' (file is sourced in
'/etc/dropbear/initrd.env' (file is sourced in initrd shell). initrd shell):
* 'sshcs_opt_listen': listening port (22 by default)
* 'sshcs_opt_timeout_poweroff': time (s) to unlock devices before automatic
powering off
- default (and minimum value): 2 minutes
- negative value to deactivate
Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and
'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH 'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH