This repository has been archived by the owner on May 8, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
dracut-crypt-ssh.spec
107 lines (80 loc) · 2.96 KB
/
dracut-crypt-ssh.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
%define dracutlibdir %{_prefix}/lib/dracut
Name: dracut-crypt-ssh
Version: 1.0.7
Release: 1%{?dist}
Summary: A dracut module that adds ssh to the boot image (also known as earlyssh)
%if 0%{?fedora} || 0%{?rhel}
Group: System Environment/Base
%endif
%if 0%{?suse_version}
Group: System/Base
%endif
License: GPLv2+
URL: https://github.com/dracut-crypt-ssh/dracut-crypt-ssh
Source0: https://github.com/dracut-crypt-ssh/%{name}/archive/v%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: dracut
BuildRequires: gcc
BuildRequires: libblkid-devel
Requires: dropbear
Requires: dracut
Requires: dracut-network
Requires: openssh
%description
Dracut initramfs module to start dropbear sshd on early boot to enter
encryption passphrase from across the internets or just connect and debug
whatever stuff there.
Idea is to use the thing on remote VDS servers, where full-disk encryption is
still desirable (if only to avoid data leaks when disks will be decomissioned
and sold by VDS vendor) but rather problematic due to lack of KVM or whatever
direct console access.
Authenticates users strictly by provided authorized_keys ("dropbear_acl"
option) file.
See dropbear(8) manpage for full list of supported restrictions there
(which are fairly similar to openssh).
Please read the README and configuration parameters in
/etc/dracut.conf.d/crypt-ssh.conf before use.
%prep
%setup -q -n %{name}-%{version}
%build
%configure
make %{?_smp_mflags}
%install
%if 0%{?fedora} || 0%{?rhel}
rm -rf -- $RPM_BUILD_ROOT
%endif
make %{?_smp_mflags} install DESTDIR=$RPM_BUILD_ROOT
%clean
rm -rf -- $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%doc README.md
%license COPYING COPYRIGHT
%config(noreplace) %{_sysconfdir}/dracut.conf.d/crypt-ssh.conf
%dir %{dracutlibdir}/modules.d/60crypt-ssh
%dir %{dracutlibdir}/modules.d/60crypt-ssh/helper
%{dracutlibdir}/modules.d/60crypt-ssh/module-setup.sh
%{dracutlibdir}/modules.d/60crypt-ssh/dropbear-start.sh
%{dracutlibdir}/modules.d/60crypt-ssh/dropbear-stop.sh
%{dracutlibdir}/modules.d/60crypt-ssh/50-udev-pty.rules
%{dracutlibdir}/modules.d/60crypt-ssh/helper/console_peek.sh
%{dracutlibdir}/modules.d/60crypt-ssh/helper/unlock
%{dracutlibdir}/modules.d/60crypt-ssh/helper/console_auth
%{dracutlibdir}/modules.d/60crypt-ssh/helper/unlock-reap-success.sh
%changelog
* Thu Apr 26 2018 rbu <[email protected]> - 1.0.7-1
- Update to 1.0.7
* Thu Mar 08 2018 rbu <[email protected]> - 1.0.6-1
- Update to 1.0.6
* Thu Mar 08 2018 rbu <[email protected]> - 1.0.5-1
- Update to 1.0.5
* Thu Mar 08 2018 rbu <[email protected]> - 1.0.4-2
- Update to 1.0.4
* Sun Mar 06 2016 Robert Buchholz <[email protected]> - 1.0.3-1
- Upgrade to 1.0.3
* Sat Feb 27 2016 Robert Buchholz <[email protected]> - 1.0.2-7
- Rename project to crypt-ssh
- Clean up, use variables consistent with dracut spec
- Initial changelog entry, spec file based on Philippe Kueck and
Michael Curtis, licensed under the "DO WHAT THE FUCK YOU WANT TO
PUBLIC LICENSE"