Correction : vm_hosted : rule_initramfs_configure : clés de dropbear.

diff --git a/etc/openssh/known_hosts b/etc/openssh/known_hosts
index ece8292..29f803c 100644 (file)
--- a/etc/openssh/known_hosts
+++ b/etc/openssh/known_hosts
@@ -1,4 +1,3 @@
 rouf.grenode.net,91.216.110.98 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWolyL7ErNN/uHTAoQFIylOOC9sixbd4i0CNxAcGN0Ht7Z7HpquzwAmRj4JHNgRRTkUFnW0GBOB/E3Py5ckU1CZ8SBZyqt3zrBwO0xybZ6ZWNlzebdgiMU3Ke2p9WfZsAd0HKG9oJjeNJFDVATI/ez0IT8pKFR0AT5wO1u5HHDX3szPl19F5Blk8S3XYc//ZypVTokpH7EDgq+tj8FPERAuwIYl3qAJesR0omwn5Gro87pUhTgqK+9mkXcWacUYsLA6m0uR+1DhdTIHwcsHFoVI+DjwOGmfeI5ZallbgRdmoeTUi1lf1RVu5myoBl6eRob9dLWCtp+7zjp0fmPEDaJ root@rouf
-init.ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAmQZqrcEum8Ixy6kKU6AhENis9EmHOg8z0IPjCrF9glZjet66PLTPCulYcPdiBFhPJjxBFiKKp+bY/qiiVphSO7LXYutgzcbH9dKn681w4vsiAxTYIkgQao0AhrmsIMgoY+PZs3spoKt/E8GQq7SLXb9v7VuRcvQbkKIxp+HIc5uvaf8pZnhT2ODJLW1MiYlyIlJp+ZjvrBKd8/2TZaLOAW6P3XUqNQKCocngnDwDJQnq6EbVhrBjfU4CuFPXk9QY5dJjvSdyb5oCXDabHcQNymZwIYFsfdSjswpoDQH/bzqN0LhlvKYTauUoZNvMQ6FhHb5eiSBOv4vfJM8bJ/EftcT+Lz27u3KD7RePZudNJen75rB99UPWfcc1HkWS6I7pX4wzKtd9cUyx7qqpN7wn9G1RLYDbZ2Zo7AFJeHGdkIZ+SBEdFXuPc7W7p33A7VoRG1U/2Cq8DAiD6FpBYYYscFiacW2oGr913sYKWbSF1QxzmHHIefyio6+GthNHXebXkj3mS7DZGhEDtMq5WO5yhd3kGKsA5z67K0tdf5yte9ACOIVPJ7Ttg/adDHYVKM9Hr8PLX1OpCEuZu4CtX3F+BBH0dn3mLkBFpnHlXdN5mGNw/FDHFSO63t61xSJjM7PJG2/KOREr/5naYhEypG4FwLrbvjFq7dCwcywh+A0a4t6w98=
 ateliers.heureux-cyclage.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==
 91.216.110.42 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCs2PjhfXSTUryiFfbzB3Qc5lF2bvMR56tzDTmrKGtBFXifzQuAltftPAgKTFeuFohOl1jXD3KzeZS6EAk8iZ7hUzBCbPGx5nrIizw9Kak8Jvy477uHzRNuCSbdgxzpwRr8nOKkohwARxFgkRQxM08rKBZyuSYU8N+Z9OSEwMQqv+uU+/NUHWZC0JVfWwfBunwc9mQBmxzt5Y+zhKk3qzEu2Iqu4ilr8FolAwGkWp60ruffrQrnJYFpIwFGsE+k/WAd4RgGyASclCPA5upVLKiSnwx5vnyXggYX0mXNrch3Uak99rrOVH/0YpGUy1dJY91UT+BESWyvMFDbK8fQWTR39kCnESS02F8/FnVTB9tP1XRPBWWUMtavOQIL0BxsgmvbM8rJEHImiRfLCwH/6oXP5JkPQnKQZlu++WPjWxuMraPNwvFsrqBdfPuYY97L4cXiI4loea5/eEBhEyz5RVBSHXoy3BUceSsXloGH1/2iC50k5IpZJIRthYi+OJ9ZjDBLk0YioVsf4TjADythqLu2zOT+ota63trJ/AMEV2tGX1mPGiFJgJ69cHN5CIsSDJH6VcbswPWxGa3n9r/b1Wnzadp4wiNFODoe5a20qbvLg3jrOJldxowKhNHExZpgPXuEKA/gSBKnyvhnZBerFwAGBKqaQOmfDMlknQtzg1fGyQ==

diff --git a/vm_hosted b/vm_hosted
index a92477c..81dec85 100755 (executable)
--- a/vm_hosted
+++ b/vm_hosted
@@ -163,23 +163,18 @@ rule_initramfs_configure () {
        sudo sed -e '/^configure_networking /s/ &$//' \
         -i /usr/share/initramfs-tools/scripts/init-premount/dropbear
         # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré..
-       sudo rm -f \
-        /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \
-        /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \
-        /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
-        /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
        ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
        ( while IFS= read -r line
         do case $line in (*" RSA") return 0; break;; esac
         done; return 1 ) ||
+        {
+       sudo rm -f \
+        /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \
+        /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub
        sudo dropbearkey -t rsa -s 4096 -f \
         /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
-       ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts |
-       ( while IFS= read -r line
-        do case $line in (*" DSA") return 0; break;; esac
-        done; return 1 ) ||
-       sudo dropbearkey -t dss -s 1024 -f \
-        /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
+        }
+       # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins.
        mk_dir mod=640 own=root:root \
         /etc/initramfs-tools/root \
         /etc/initramfs-tools/root/.ssh
@@ -425,7 +420,7 @@ rule_user_root_configure () {
                 done
         done |
        mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys
-       local key
+       local key; local -; set +f
        for key in "$tool"/var/pub/openpgp/*.key
         do sudo gpg --import "$key"
         done
@@ -449,6 +444,10 @@ rule_disk_key_change () {
        sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root
  }
 
+rule_user_admin_configure () {
+       rule initramfs_configure
+       rule user_root_configure
+ }
 rule_user_admin_add () { # SYNTAX: $user
        local user=$1
        id "$user" >/dev/null ||
@@ -458,12 +457,11 @@ rule_user_admin_add () { # SYNTAX: $user
        sudo adduser "$user" sudo
        mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \
         <"$tool"/var/pub/ssh/"$user".key
-       rule initramfs_configure
-       rule user_root_configure
        local key; local -; set +f
        for key in "$tool"/var/pub/openpgp/*.key
         do sudo -u "$user" gpg --import "$key"
         done
+       rule user_admin_configure
  }
 rule_user_mail_format () {
        mk_dir mod=770 own=root:adm /etc/skel/etc/procmail