diff --git a/ChangeLog b/ChangeLog index 34e57bc..06ef43b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,15 @@ +2020-07-14 Julien Coloos + + * v0.7-1 + Dropped 'dsa' private key support; added 'ed25519' private key support + + 2018-03-13 Julien Coloos * v0.6-1 Dropped '-m' option when calling dropbear (latest ArchLinux version does not handle it) + 2017-06-25 Julien Coloos * v0.5-1 diff --git a/PKGBUILD b/PKGBUILD index b9c40ec..b55d255 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -1,6 +1,6 @@ # Maintainer: Julien Coloos pkgname=initrd-ssh-cryptsetup -pkgver=0.6 +pkgver=0.7 pkgrel=1 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH" arch=('any') @@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2') install=$pkgname.install changelog='ChangeLog' source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install") -md5sums=('3fa8f5dd00a85b32025d01e5701e1407' +md5sums=('260de3a8b8b22327264af12251ac9a5b' 'ac60109d80e7bb2af0d66e69aaf178a6') package() { diff --git a/README.md b/README.md index c1492e6..0838489 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,9 @@ Either a new key can be generated with `dropbearkey`, e.g.: Or an existing OpenSSH key can be converted with `dropbearconvert` (useful so that the server fingerprint is the same with both), e.g.: dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/dropbear_ecdsa_host_key -Note: `rsa` and `dss` (`dsa` in OpenSSH) types are also handled. +Notes: + * `rsa` and `ed25519` types are also handled + * OpenSSH keys must be in `PEM` format for `dropbearconvert` to properly work ## Configuration @@ -52,7 +54,7 @@ For example: ## Building notes 1. Modify the sources (features in `src`, and/or package building files) 2. If `src` was modified - * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src` + * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.7.tar.xz src` * upload the archive on the online repository (pointed by `PKGBUILD`) 3. Update ChangeLog 4. Update `PKGBUILD` diff --git a/src/install/ssh-cryptsetup b/src/install/ssh-cryptsetup index 28d7fd4..499be17 100644 --- a/src/install/ssh-cryptsetup +++ b/src/install/ssh-cryptsetup @@ -32,7 +32,7 @@ build() { local etc_crypttab="/etc/crypttab" local dropbear_authorized_keys="/etc/dropbear/initrd.authorized_keys" local sshcs_env="/etc/initcpio/sshcs_env" - local dropbear_key_types=( "dss" "rsa" "ecdsa" ) + local dropbear_key_types=( "rsa" "ecdsa" "ed25519" ) local dropbear_keyfile_prefix="/etc/dropbear/dropbear_" local dropbear_keyfile_suffix="_host_key" local openssh_keyfile_prefix="/etc/ssh/ssh_host_" @@ -79,9 +79,9 @@ build() { # SSH-related files add_file "${dropbear_authorized_keys}" "/root/.ssh/authorized_keys" - add_file "/etc/dropbear/dropbear_rsa_host_key" - add_file "/etc/dropbear/dropbear_dss_host_key" - add_file "/etc/dropbear/dropbear_ecdsa_host_key" + for keytype in "${dropbear_key_types[@]}"; do + add_file "${dropbear_keyfile_prefix}${keytype}${dropbear_keyfile_suffix}" + done # cryptsetup-related files add_file "${etc_crypttab}" @@ -113,8 +113,8 @@ initrd shell): - default (and minimum value): 2 minutes - negative value to deactivate -Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and -'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH +Each SSH server key ('dropbear_rsa_host_key', 'dropbear_ecdsa_host_key' and +'dropbear_ed25519_host_key' in '/etc/dropbear' folder) is imported from OpenSSH if present or generated if missing. Fingerprints are displayed upon building the initramfs image. EOF