-rule__user_root_init () {
- mk_dir mod=750 own=root:root /root/etc
- mk_dir mod=750 own=root:root /root/etc/ssh
- mk_dir mod=750 own=root:root /root/etc/gpg
- mk_lnk etc/gpg /root/.gnupg
- mk_lnk etc/ssh /root/.ssh
- getent group sudo |
- while test -n "$users" && IFS=: read -r group x x users
- do while IFS=, read -r user users <<-EOF
- $users
- EOF
- do eval local home\; home="~$user"
- cat "$home"/etc/ssh/authorized_keys
- done
- done |
- mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
- local key
- for key in "$tool"/var/pub/openpgp/*.key
- do sudo gpg --import "$key"
- done
- }
-rule__initramfs_init () {
- mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF
- MODULES=most
- BUSYBOX=y
- KEYMAP=y
- COMPRESS=gzip
- DEVICE=eth0
- EOF
- mk_reg mod=644 own=root:root /etc/modprobe.d/xen-pv.conf <<-EOF
- alias eth0 xennet
- alias scsi_hostadapter xenblk
- EOF
- mk_reg mod=644 own=root:root /etc/modules <<-EOF
- sha1_generic
- sha256_generic
- sha512_generic
- aes-x86_64
- xts
- # NOTE: pour Xen en mode HVM :
- #modprobe xen-platform-pci
- EOF
- mk_reg mod=644 own=root:root /etc/initramfs-tools/modules <<-EOF
- EOF
- sudo sed -e '/^configure_networking /s/ &$//' \
- -i /usr/share/initramfs-tools/scripts/init-premount/dropbear
- # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
- sudo rm -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" RSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t rsa -s 4096 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
- ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
- ( while IFS= read -r line
- do case $line in (*" DSA") return 0; break;; esac
- done; return 1 ) ||
- sudo dropbearkey -t dss -s 1024 -f \
- /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
- mk_dir mod=640 own=root:root \
- /etc/initramfs-tools/root \
- /etc/initramfs-tools/root/.ssh
- getent group sudo |
- while IFS=: read -r group x x users
- do while test -n "$users" && IFS=, read -r user users <<-EOF
- $users
- EOF
- do eval local home\; home="~$user"
- cat "$home"/etc/ssh/authorized_keys
- done
- done |
- mk_reg mod=644 own=root:root /etc/initramfs-tools/root/.ssh/authorized_keys
- sudo rm -f \
- /etc/initramfs-tools/root/.ssh/id_rsa.dropbear \
- /etc/initramfs-tools/root/.ssh/id_rsa.pub \
- /etc/initramfs-tools/root/.ssh/id_rsa
- # NOTE: clefs générées par Debian
- sudo update-initramfs -u
- }
-rule__boot_init () {
- sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé !
- mk_dir mod=644 own=root:root /boot/grub
- sudo apt-get install --reinstall linux-image-$vm_arch
- mk_reg mod=644 own=root:root /etc/default/grub <<-EOF
- GRUB_DEFAULT=0
- GRUB_TIMEOUT=5
- GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
- GRUB_CMDLINE_LINUX_DEFAULT="quiet"
- GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 ip=$vm_ipv4::$vm_ipv4:255.255.255.254:$vm:eth0:off resume=/dev/mapper/${vm}_swap_deciphered"
- GRUB_DISABLE_RECOVERY="true"
- #GRUB_PRELOAD_MODULES="lvm"