From edaa1930936502e71a976a785a495cf007c2e0aa Mon Sep 17 00:00:00 2001 From: zephyr Date: Sun, 29 Mar 2020 15:06:48 +0200 Subject: [PATCH 1/3] Add private key convertion to PEM format as Dropbear does not support default format --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index f34306c..5487abc 100644 --- a/README.md +++ b/README.md @@ -344,6 +344,8 @@ apt-get install -y dropbear ~~~~~ rm -f /etc/dropbear-initramfs/dropbear_*_host_key for hash in rsa ecdsa; do \ + # Convert private key to PEM as dropbear do not support the default format + ssh-keygen -m PEM -p -N "" -f /etc/ssh/ssh_host_${hash}_key \ /usr/lib/dropbear/dropbearconvert openssh dropbear \ /etc/ssh/ssh_host_${hash}_key \ /etc/dropbear-initramfs/dropbear_${hash}_host_key ; done From 4f60b521517f990f6d0783ccd34069100fb5d6f2 Mon Sep 17 00:00:00 2001 From: zephyr Date: Sun, 29 Mar 2020 15:07:38 +0200 Subject: [PATCH 2/3] Add start_dm_crypt as force_command of Dropbear --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 5487abc..bfe5230 100644 --- a/README.md +++ b/README.md @@ -456,6 +456,13 @@ EOF chmod a+x /etc/initramfs-tools/hooks/install_start_dm_crypt ~~~~ +### Add `start_dm_crypt` script as default command + +~~~~ +sed -e "s/^\(#\)\?\(DROPBEAR_OPTIONS=\)'\?\([^']*\)'\?.*$/\2'\3 -c \/sbin\/start_dm_crypt'/g" \ + -i /etc/dropbear-initramfs/config +~~~~ + ### Install some usefull stuff (optional) ~~~~ From 0141bc304415cbdad89a9deae495d37748850baf Mon Sep 17 00:00:00 2001 From: zephyr Date: Sun, 29 Mar 2020 15:11:28 +0200 Subject: [PATCH 3/3] Update to Buster and use online mirrors --- README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index bfe5230..3608a04 100644 --- a/README.md +++ b/README.md @@ -133,8 +133,9 @@ mount /dev/mapper/sda3_crypt /data ### Do a fresh install on new encrypted root ~~~~~ -debian_mirror=http://http.debian.net/debian -debian_codename=stretch # change with target distribution +#debian_mirror=http://http.debian.net/debian +debian_mirror=http://mirrors.online.net/debian +debian_codename=buster # change with target distribution debootstrap_base_url=${debian_mirror}/pool/main/d/debootstrap debootstrap_version=\ $(wget ${debootstrap_base_url} -q -O - |\ @@ -175,19 +176,19 @@ export LC_ALL=C.UTF-8 ~~~~~ cat < /etc/apt/sources.list -deb http://deb.debian.org/debian/ stretch main contrib non-free -#deb-src http://deb.debian.org/debian/ stretch main contrib non-free +deb http://mirrors.online.net/debian/ buster main contrib non-free +#deb-src http://mirrors.online.net/debian/ buster main contrib non-free -#deb http://security.debian.org/ stretch/updates main contrib non-free -#deb-src http://security.debian.org/ stretch/updates main contrib non-free +#deb http://security.debian.org/ buster/updates main contrib non-free +#deb-src http://security.debian.org/ buster/updates main contrib non-free -# stretch-updates, previously known as 'volatile' -#deb http://deb.debian.org/debian/ stretch-updates main contrib non-free -#deb-src http://deb.debian.org/debian/ stretch-updates main contrib non-free +# buster-updates, previously known as 'volatile' +#deb http://deb.debian.org/debian/ buster-updates main contrib non-free +#deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free -# stretch-backports, previously on backports.debian.org -#deb http://deb.debian.org/debian/ stretch-backports main contrib non-free -#deb-src http://deb.debian.org/debian/ stretch-backports main contrib non-free +# buster-backports, previously on backports.debian.org +#deb http://deb.debian.org/debian/ buster-backports main contrib non-free +#deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free EOF cat < /etc/apt/apt.conf.d/30disable-recommends-and-suggests APT::Install-Recommends "0";