Drop '-m' option when calling dropbear

Latest ArchLinux versions does not handle it. Boot fs is unlikely to have motd anyway. v0.6-1
README: don't forget to update ChangeLog when necessary
2025-12-16 01:28:57 +03:00 · 2018-03-13 22:20:27 +01:00 · 2018-03-13 22:17:19 +01:00 · 2017-09-03 21:34:10 +02:00 · 2017-07-09 16:17:19 +02:00
4 changed files with 30 additions and 9 deletions
--- a/5
+++ b/5
@@ -1,3 +1,8 @@
+2018-03-13 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.6-1
+        Dropped '-m' option when calling dropbear (latest ArchLinux version does not handle it)
+
 2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>

        * v0.5-1
--- a/4
+++ b/4
@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.5
+pkgver=0.6
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('d87a35adbef55db89f32a89f4966a27a'
+md5sums=('3fa8f5dd00a85b32025d01e5701e1407'
         'ac60109d80e7bb2af0d66e69aaf178a6')

 package() {
--- a/README.md
+++ b/README.md
@@ -1,16 +1,31 @@
-Personal ArchLinux package combining dropbear and cryptsetup in initrd for unlocking LUKS-encrypted devices either locally (boot console) or remotely over SSH.
-The code was reworked from [dropbear_initrd_encrypt](https://aur.archlinux.org/packages/dropbear_initrd_encrypt/).
+Personal ArchLinux package combining dropbear and cryptsetup in initrd for unlocking LUKS-encrypted devices either locally (boot console) or remotely over SSH.  
+The code was reworked from legacy dropbear_initrd_encrypt AUR package.


 ## Installation
-After cloning the repo, installation is done as for an AUR package.
+After cloning the repo, installation is done as for an AUR package, e.g.:
+
+    makepkg -sri
+
+
+## Dropbear
+SSH server key need to be generated for `dropbear`.  
+Either a new key can be generated with `dropbearkey`, e.g.:
+
+    dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
+Or an existing OpenSSH key can be converted with `dropbearconvert` (useful so that the server fingerprint is the same with both), e.g.:
+
+    dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/dropbear_ecdsa_host_key
+Note: `rsa` and `dss` (`dsa` in OpenSSH) types are also handled.


 ## Configuration
 As explained upon installation, the following things need to be done:
-   * add the SSH public key to `/etc/dropbear/initrd.authorized_keys`
+   * add the authorized SSH public key to `/etc/dropbear/initrd.authorized_keys`
   * add the `ip=` kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net)
+      - e.g. with `grub`: add `ip=:::::eth0:dhcp` to `GRUB_CMDLINE_LINUX_DEFAULT` in `/etc/default/grub`, and re-generate the configuration with `grub-mkconfig -o /boot/grub/grub.cfg`
   * in the `HOOKS` section of `/etc/mkinitcpio.conf`, add `ssh-cryptsetup` before `filesystems`; then rebuild the initramfs: `mkinitcpio -p linux`
+      - when using a non-standard keyboard layout, it is also useful to add the `keymap` hook before `ssh-cryptsetup`, and also move `keyboard` before `keymap`

 The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.

@@ -39,7 +54,8 @@ For example:
 2. If `src` was modified
   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
   * upload the archive on the online repository (pointed by `PKGBUILD`)
-3. Update `PKGBUILD`
+3. Update ChangeLog
+4. Update `PKGBUILD`
   * bump `pkgver` if `src` was modified, or `pkgrel` if building files were modified
   * refresh `md5sums` if necessary (based on `md5sum initrd-ssh-cryptsetup-*.tar.xz initrd-ssh-cryptsetup.install` output)
-4. Delete generated archive file if any
+5. Delete generated archive file if any
--- a/src/hooks/ssh-cryptsetup
+++ b/src/hooks/ssh-cryptsetup
@@ -163,7 +163,7 @@ EOF
    touch "/var/log/lastlog"

    msg "Starting dropbear ..."
-    dropbear -Emsgjk -P "${path_dropbear_pid}" ${sshcs_opt_listen}
+    dropbear -Esgjk -P "${path_dropbear_pid}" ${sshcs_opt_listen}

    # Actual unlocking
    sshcs_unlock
Author	SHA1	Message	Date
Julien Coloos	e47043f3a1	Drop '-m' option when calling dropbear Latest ArchLinux versions does not handle it. Boot fs is unlikely to have motd anyway. v0.6-1	2018-03-13 22:20:27 +01:00
Julien Coloos	4c1a7741d6	README: don't forget to update ChangeLog when necessary	2018-03-13 22:17:19 +01:00
Julien Coloos	6167cbc9cd	More details on installation and configuration Mention dropbear SSH key generation (or conversion from OpenSSH). Give example to setup IP with grub. Some fixes/details.	2017-09-03 21:34:10 +02:00
Julien Coloos	a13fecf645	Add comment about keymap HOOK when using non-standard keyboard layout	2017-07-09 16:17:19 +02:00