From bc043828577a9570f985173fc4ddca75b785974d Mon Sep 17 00:00:00 2001
From: Julien Coloos <julien.coloos@gmail.com>
Date: Tue, 14 Jul 2020 16:22:54 +0200
Subject: [PATCH] Drop 'dsa' and add 'ed25519' private key support

Update README: dropbearconvert requires OpenSSH keys in PEM format.

Changed installation script to rely on variables, especially the list of
handled private key types, to that it automatically packages expected
private keys, instead of having to explicitely name/package them.
---
 ChangeLog                  |  7 +++++++
 PKGBUILD                   |  4 ++--
 README.md                  |  6 ++++--
 src/install/ssh-cryptsetup | 12 ++++++------
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 34e57bc..06ef43b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,15 @@
+2020-07-14 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.7-1
+        Dropped 'dsa' private key support; added 'ed25519' private key support
+
+
 2018-03-13 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.6-1
         Dropped '-m' option when calling dropbear (latest ArchLinux version does not handle it)
 
+
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.5-1
diff --git a/PKGBUILD b/PKGBUILD
index b9c40ec..b55d255 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.6
+pkgver=0.7
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('3fa8f5dd00a85b32025d01e5701e1407'
+md5sums=('260de3a8b8b22327264af12251ac9a5b'
          'ac60109d80e7bb2af0d66e69aaf178a6')
 
 package() {
diff --git a/README.md b/README.md
index c1492e6..0838489 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,9 @@ Either a new key can be generated with `dropbearkey`, e.g.:
 Or an existing OpenSSH key can be converted with `dropbearconvert` (useful so that the server fingerprint is the same with both), e.g.:
 
     dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/dropbear_ecdsa_host_key
-Note: `rsa` and `dss` (`dsa` in OpenSSH) types are also handled.
+Notes:
+   * `rsa` and `ed25519` types are also handled
+   * OpenSSH keys must be in `PEM` format for `dropbearconvert` to properly work
 
 
 ## Configuration
@@ -52,7 +54,7 @@ For example:
 ## Building notes
 1. Modify the sources (features in `src`, and/or package building files)
 2. If `src` was modified
-   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
+   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.7.tar.xz src`
    * upload the archive on the online repository (pointed by `PKGBUILD`)
 3. Update ChangeLog
 4. Update `PKGBUILD`
diff --git a/src/install/ssh-cryptsetup b/src/install/ssh-cryptsetup
index 28d7fd4..499be17 100644
--- a/src/install/ssh-cryptsetup
+++ b/src/install/ssh-cryptsetup
@@ -32,7 +32,7 @@ build() {
     local etc_crypttab="/etc/crypttab"
     local dropbear_authorized_keys="/etc/dropbear/initrd.authorized_keys"
     local sshcs_env="/etc/initcpio/sshcs_env"
-    local dropbear_key_types=( "dss" "rsa" "ecdsa" )
+    local dropbear_key_types=( "rsa" "ecdsa" "ed25519" )
     local dropbear_keyfile_prefix="/etc/dropbear/dropbear_"
     local dropbear_keyfile_suffix="_host_key"
     local openssh_keyfile_prefix="/etc/ssh/ssh_host_"
@@ -79,9 +79,9 @@ build() {
 
     # SSH-related files
     add_file "${dropbear_authorized_keys}" "/root/.ssh/authorized_keys"
-    add_file "/etc/dropbear/dropbear_rsa_host_key"
-    add_file "/etc/dropbear/dropbear_dss_host_key"
-    add_file "/etc/dropbear/dropbear_ecdsa_host_key"
+    for keytype in "${dropbear_key_types[@]}"; do
+        add_file "${dropbear_keyfile_prefix}${keytype}${dropbear_keyfile_suffix}"
+    done
 
     # cryptsetup-related files
     add_file "${etc_crypttab}"
@@ -113,8 +113,8 @@ initrd shell):
    - default (and minimum value): 2 minutes
    - negative value to deactivate
 
-Each SSH server key ('dropbear_rsa_host_key', 'dropbear_dss_host_key' and
-'dropbear_ecdsa_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
+Each SSH server key ('dropbear_rsa_host_key', 'dropbear_ecdsa_host_key' and
+'dropbear_ed25519_host_key' in '/etc/dropbear' folder) is imported from OpenSSH
 if present or generated if missing. Fingerprints are displayed upon building
 the initramfs image.
 EOF