Drop 'dsa' and add 'ed25519' private key support

Update README: dropbearconvert requires OpenSSH keys in PEM format.

Changed installation script to rely on variables, especially the list of
handled private key types, to that it automatically packages expected
private keys, instead of having to explicitely name/package them.

ChangeLog

@@ -1,8 +1,15 @@
+2020-07-14 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.7-1
+        Dropped 'dsa' private key support; added 'ed25519' private key support
+
+
 2018-03-13 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.6-1
         Dropped '-m' option when calling dropbear (latest ArchLinux version does not handle it)
 
+
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.5-1

PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.6
+pkgver=0.7
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('3fa8f5dd00a85b32025d01e5701e1407'
+md5sums=('260de3a8b8b22327264af12251ac9a5b'
          'ac60109d80e7bb2af0d66e69aaf178a6')
 
 package() {

README.md

@@ -16,7 +16,9 @@ Either a new key can be generated with `dropbearkey`, e.g.:
 Or an existing OpenSSH key can be converted with `dropbearconvert` (useful so that the server fingerprint is the same with both), e.g.:
 
     dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/dropbear_ecdsa_host_key
-Note: `rsa` and `dss` (`dsa` in OpenSSH) types are also handled.
+Notes:
+   * `rsa` and `ed25519` types are also handled
+   * OpenSSH keys must be in `PEM` format for `dropbearconvert` to properly work
 
 
 ## Configuration
@@ -52,7 +54,7 @@ For example:
 ## Building notes
 1. Modify the sources (features in `src`, and/or package building files)
 2. If `src` was modified
-   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
+   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.7.tar.xz src`
    * upload the archive on the online repository (pointed by `PKGBUILD`)
 3. Update ChangeLog
 4. Update `PKGBUILD`

src/install/ssh-cryptsetup

@@ -32,7 +32,7 @@ build() {
     local etc_crypttab="/etc/crypttab"
     local dropbear_authorized_keys="/etc/dropbear/initrd.authorized_keys"
     local sshcs_env="/etc/initcpio/sshcs_env"
-    local dropbear_key_types=( "dss" "rsa" "ecdsa" )
+    local dropbear_key_types=( "rsa" "ecdsa" "ed25519" )
     local dropbear_keyfile_prefix="/etc/dropbear/dropbear_"
     local dropbear_keyfile_suffix="_host_key"
     local openssh_keyfile_prefix="/etc/ssh/ssh_host_"
@@ -79,9 +79,9 @@ build() {
 
     # SSH-related files
     add_file "${dropbear_authorized_keys}" "/root/.ssh/authorized_keys"
-    add_file "/etc/dropbear/dropbear_rsa_host_key"
-    add_file "/etc/dropbear/dropbear_dss_host_key"
-    add_file "/etc/dropbear/dropbear_ecdsa_host_key"
+    for keytype in "${dropbear_key_types[@]}"; do
+        add_file "${dropbear_keyfile_prefix}${keytype}${dropbear_keyfile_suffix}"
+    done
 
     # cryptsetup-related files
     add_file "${etc_crypttab}"
@@ -113,8 +113,8 @@ initrd shell):
    - default (and minimum value): 2 minutes
    - negative value to deactivate
 
-Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and
-'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
+Each SSH server key ('dropbear_rsa_host_key', 'dropbear_ecdsa_host_key' and
+'dropbear_ed25519_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
 if present or generated if missing. Fingerprints are displayed upon building
 the initramfs image.
 EOF