Try to print network devices information when interface setup fails

Useful to check interfaces name and MAC address.

v0.9-1

ChangeLog

@@ -1,3 +1,15 @@
+2021-10-24 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.9-1
+        Try to print network devices information when interface setup fails
+
+
+2021-08-15 Julien Coloos <julien.coloos [at] gmail [dot] com>
+
+        * v0.8-1
+        Include 'libgcc_s.so.1' which is necessary for (at least) proper LUKS v2 handling
+
+
 2020-07-14 Julien Coloos <julien.coloos [at] gmail [dot] com>
 
         * v0.7-1

PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
 pkgname=initrd-ssh-cryptsetup
-pkgver=0.7
+pkgver=0.9
 pkgrel=1
 pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
 arch=('any')
@@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
 install=$pkgname.install
 changelog='ChangeLog'
 source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
-md5sums=('260de3a8b8b22327264af12251ac9a5b'
+md5sums=('c94a905ca91f7afe2c0f771bd5182cb2'
          'ac60109d80e7bb2af0d66e69aaf178a6')
 
 package() {

README.md

@@ -20,12 +20,17 @@ Notes:
    * `rsa` and `ed25519` types are also handled
    * OpenSSH keys must be in `PEM` format for `dropbearconvert` to properly work
 
+If necessary an existing key file can be converted to `PEM` format using `ssh-keygen`:
+
+    ssh-keygen -A -p -m PEM -f /etc/ssh/ssh_host_ecdsa_key
+
 
 ## Configuration
 As explained upon installation, the following things need to be done:
    * add the authorized SSH public key to `/etc/dropbear/initrd.authorized_keys`
    * add the `ip=` kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net)
       - e.g. with `grub`: add `ip=:::::eth0:dhcp` to `GRUB_CMDLINE_LINUX_DEFAULT` in `/etc/default/grub`, and re-generate the configuration with `grub-mkconfig -o /boot/grub/grub.cfg`
+      - also see https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig
    * in the `HOOKS` section of `/etc/mkinitcpio.conf`, add `ssh-cryptsetup` before `filesystems`; then rebuild the initramfs: `mkinitcpio -p linux`
       - when using a non-standard keyboard layout, it is also useful to add the `keymap` hook before `ssh-cryptsetup`, and also move `keyboard` before `keymap`
 
@@ -54,7 +59,7 @@ For example:
 ## Building notes
 1. Modify the sources (features in `src`, and/or package building files)
 2. If `src` was modified
-   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.7.tar.xz src`
+   * archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.9.tar.xz src`
    * upload the archive on the online repository (pointed by `PKGBUILD`)
 3. Update ChangeLog
 4. Update `PKGBUILD`

src/hooks/ssh-cryptsetup

@@ -40,9 +40,12 @@ sshcs_net_start() {
 
     echo ""
     echo "Configuring IP (timeout = ${sshcs_opt_timeout_ipconfig}s) ..."
+    # ipconfig manual: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig
     ipconfig_out=$(ipconfig -t "${sshcs_opt_timeout_ipconfig}" "ip=${ip}")
     if [ $? -ne 0 ]; then
         err "IP configuration timeout!"
+        echo "Devices probing:"
+        ipconfig -n -t 5 -c none all
         return 1
     fi
 

src/install/ssh-cryptsetup

@@ -53,6 +53,9 @@ build() {
     sshcs_check_keys
 
     add_checked_modules "/drivers/net/"
+    # Note: parts of this script (modules/binaries added) are the same than the
+    # 'encrypt' install script (/usr/lib/initcpio/install/encrypt) which is the
+    # nominal one to deal with encrypted volumes at boot time.
     add_module dm-crypt
     # Note: crypto modules are necessary
     if [ -n "${CRYPTO_MODULES}" ]; then
@@ -90,6 +93,11 @@ build() {
     add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
     add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
 
+    # At least with LUKS v2 volumes, cryptsetup calls pthread_cancel(), which
+    # dlopen()s libgcc_s.so.1.
+    # See the nominal 'encrypt' module, and similar/related bug reports (e.g.
+    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950254).
+    add_binary "/usr/lib/libgcc_s.so.1"
 
     add_runscript
 }