You are not logged in.

#1 2015-07-23 00:40:36

grazzolini
Developer
Registered: 2014-12-18
Posts: 6

Splitting the dropbear_initrd_encrypt into 3 new packages

The dropbear_initrd_encrypt has been split into three new packages:

    mkinitcpio-netconf - for early userspace network configuration.
    mkinitcpio-dropbear - standalone installation of the dropbear daemon into the initramfs.
    mkinitcpio-utils - Collection of utilities to improve mkinitcpio. Right now has the encryptssh hook

The reason for the split was that the all in one approach, make it harder to create new features, or to correct bugs. The mkinitcpio-netconf package does what the name implies, it configure a network interface, right now in the same way (and with the same problems) as the dropbear_initrd_encrypt package. You can use it not only for dropbear, but for general early userspace network configuration. The next version will probably have support for systemd network configuration in early userspace using systemd-networkd, in initramfs's that are using systemd.

The mkinitcpio-dropbear package, following suit, simply install and run the dropbear daemon on the initramfs. It can be used without the mkinitcpio-netconf hook, since there are other ways of early userspace networking (see mkinitcpio-ppp). This package can be replaced with another ssh solution (such as tinyssh). There is already an early userspace tinyssh package, but it hasn't been migrated to the AUR4 yet.

And, finally, the mkinitcpio-utils package was created to include all solutions that are small and won't require their own package. Right now it has only the encryptssh hook and the cryptsetup_shell (which was separated from the hook). I have plans to add other shells and hooks to it. Contributions are welcome: https://github.com/grazzolini/mkinitcpio-utils.

The wiki Dm-crypt/Specialties page regarding dropbear_initrd_encrypt is also being changed to reflect the package split.

Last edited by grazzolini (2015-07-24 14:43:59)

Offline

#2 2015-07-27 09:09:41

pezz
Member
From: Geelong, Australia
Registered: 2010-05-23
Posts: 53

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

Thanks for this, tested on 2 boxes so far, working as good as the old version.

Just a side note, people should vote and / or sign up for comments on AUR4 for now, right?

Offline

#3 2015-07-27 14:45:17

grazzolini
Developer
Registered: 2014-12-18
Posts: 6

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

Yes. The comments on the old AUR will be deleted on Aug 8th. So it's better to just comment on AUR4.

Offline

#4 2015-07-28 18:57:56

viq
Member
Registered: 2014-11-26
Posts: 2

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

I arrived here after not being able to unlock my system after updating kernel to linux-grsec 4.1.3.201507261932-1. I've been running grsec for a while, and upgrades and reboots have been painless so far, but this time I got key fingerprint from the server, and then nothing. It's a dedicated server somewhere off in the world, so I booted from their rescue image, chrooted and replaced dropbear_initrd_encrypt with mkinitcpio-{netconf,dropbear,utils}, added netcof before dropbear in hooks and ran mkinitcpio -p linux-grsec, but getting same result. Any ideas what's going on and how to fix this?

Offline

#5 2015-07-29 01:14:46

thestinger
Trusted User (TU)
From: Toronto, Canada
Registered: 2010-01-23
Posts: 478

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

viq wrote:

I arrived here after not being able to unlock my system after updating kernel to linux-grsec 4.1.3.201507261932-1. I've been running grsec for a while, and upgrades and reboots have been painless so far, but this time I got key fingerprint from the server, and then nothing. It's a dedicated server somewhere off in the world, so I booted from their rescue image, chrooted and replaced dropbear_initrd_encrypt with mkinitcpio-{netconf,dropbear,utils}, added netcof before dropbear in hooks and ran mkinitcpio -p linux-grsec, but getting same result. Any ideas what's going on and how to fix this?

It might be this issue:

https://bugs.archlinux.org/task/45807

Offline

#6 2015-07-29 10:33:52

viq
Member
Registered: 2014-11-26
Posts: 2

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

That was it indeed, thank you, works now.

Offline

#7 2015-07-29 14:08:04

grazzolini
Developer
Registered: 2014-12-18
Posts: 6

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

viq wrote:

I arrived here after not being able to unlock my system after updating kernel to linux-grsec 4.1.3.201507261932-1. I've been running grsec for a while, and upgrades and reboots have been painless so far, but this time I got key fingerprint from the server, and then nothing. It's a dedicated server somewhere off in the world, so I booted from their rescue image, chrooted and replaced dropbear_initrd_encrypt with mkinitcpio-{netconf,dropbear,utils}, added netcof before dropbear in hooks and ran mkinitcpio -p linux-grsec, but getting same result. Any ideas what's going on and how to fix this?

Also, it's worth mentioning that, as of now, these hooks don't add nor change any functionality from the dropbear_initrd_encrypt hook.

Offline

#8 2015-08-01 22:03:50

OlafLostViking
Member
From: Lost
Registered: 2013-01-30
Posts: 56

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

At least the problems with the PaX kernel lead me to the AUR to see the package got seperated ;-). Will further updates to these (now three) very useful and great packages (thank you very much for your work!) be posted in this thread?

Offline

#9 2015-08-03 14:34:13

grazzolini
Developer
Registered: 2014-12-18
Posts: 6

Re: Splitting the dropbear_initrd_encrypt into 3 new packages

Sure, if I can remember to, I'll post here about updates. I'm currently working on a tinyssh hook and also in improving the netconf hook to be able to configure wifi interfaces and also correct a long standing problem with it, which is dhcp configured interfaces. There is also the need for improving them to work with systemd.

Offline

Board footer

Powered by FluxBB