sudo sed -e '/^configure_networking /s/ &$//' \
-i /usr/share/initramfs-tools/scripts/init-premount/dropbear
# NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
- sudo rm -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
( while IFS= read -r line
do case $line in (*" RSA") return 0; break;; esac
done; return 1 ) ||
+ {
+ sudo rm -f \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
+ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
sudo dropbearkey -t rsa -s 4096 -f \
/etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" DSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t dss -s 1024 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
+ }
+ # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins.
mk_dir mod=640 own=root:root \
/etc/initramfs-tools/root \
/etc/initramfs-tools/root/.ssh
done
done |
mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- local key
+ local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
do sudo gpg --import "$key"
done
sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
}
+rule_user_admin_configure () {
+ rule initramfs_configure
+ rule user_root_configure
+ }
rule_user_admin_add () { # SYNTAX: $user
local user=$1
id "$user" >/dev/null ||
sudo adduser "$user" sudo
mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \
<"$tool"/var/pub/ssh/"$user".key
- rule initramfs_configure
- rule user_root_configure
local key; local -; set +f
for key in "$tool"/var/pub/openpgp/*.key
do sudo -u "$user" gpg --import "$key"
done
+ rule user_admin_configure
}
rule_user_mail_format () {
mk_dir mod=770 own=root:adm /etc/skel/etc/procmail