local/initramfs-configure

   1 #!/bin/sh -eu
   2 tool=$(readlink -e "${0%/*}/..")
   3 . "$tool"/local/lib.sh
   4
   5 sudo install -m 644 -o root -g root /dev/stdin \
   6  /etc/initramfs-tools/initramfs.conf <<-EOF
   7         MODULES=most
   8         BUSYBOX=y
   9         KEYMAP=y
  10         COMPRESS=gzip
  11         DEVICE=eth0
  12         EOF
  13 sudo install -m 644 -o root -g root /dev/stdin \
  14  /etc/modprobe.d/xen-pv.conf <<-EOF
  15         alias eth0 xennet
  16         alias scsi_hostadapter xenblk
  17         EOF
  18 sudo install -m 644 -o root -g root /dev/stdin \
  19  /etc/modules <<-EOF
  20         sha1_generic
  21         sha256_generic
  22         sha512_generic
  23         aes-x86_64
  24         xts
  25         # NOTE: pour Xen en mode HVM :
  26         #modprobe xen-platform-pci
  27         EOF
  28 sudo install -m 644 -o root -g root /dev/stdin \
  29  /etc/initramfs-tools/modules <<-EOF
  30         EOF
  31 sudo sed -e '/^configure_networking /s/ &$//' \
  32  -i /usr/share/initramfs-tools/scripts/init-premount/dropbear
  33  # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
  34 ssh-keygen -F "init.$local_fqdn" -f "$tool"/etc/ssh/known_hosts |
  35 ( while IFS= read -r line
  36  do case $line in (*" RSA") return 0; break;; esac
  37  done; return 1 ) ||
  38  {
  39 sudo rm -f \
  40  /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
  41  /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
  42 sudo dropbearkey -t rsa -s 4096 -f \
  43  /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
  44  }
  45 # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins.
  46 sudo install -d -m 640 -o root -g root \
  47  /etc/initramfs-tools/root \
  48  /etc/initramfs-tools/root/.ssh
  49 getent group sudo |
  50 while IFS=: read -r group x x users
  51  do while test -n "$users" && IFS=, read -r user users <<-EOF
  52                 $users
  53                 EOF
  54          do eval home="~$user"
  55                 sudo cat "$home"/etc/ssh/authorized_keys
  56          done
  57  done |
  58 sudo install -m 644 -o root -g root /dev/stdin \
  59  /etc/initramfs-tools/root/.ssh/authorized_keys
  60 sudo rm -f \
  61  /etc/initramfs-tools/root/.ssh/id_rsa.dropbear \
  62  /etc/initramfs-tools/root/.ssh/id_rsa.pub \
  63  /etc/initramfs-tools/root/.ssh/id_rsa
  64  # NOTE: clefs générées par Debian
  65 sudo update-initramfs -u