2024-11-03 15:27:01 +00:00
# Alpine Initramfs Dropbear
2024-11-03 15:17:34 +00:00
This script took a huge references from:
* [https://github.com/Deeplerg/fork-alpine-initramfs-dropbear ](https://github.com/Deeplerg/fork-alpine-initramfs-dropbear )
* [https://github.com/mk-f/alpine-initramfs-dropbear ](https://github.com/mk-f/alpine-initramfs-dropbear )
* [https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in ](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in )
This script is modified from [alpine/mkinitfs - initramfs-init.in ](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/master/initramfs-init.in )
significant changes:
* Add dropbear
2024-11-03 17:39:03 +00:00
* After unlocked, kill all remainings dropbear and nlplug-findfs process, so no struck process reached the system.
2024-11-03 15:17:34 +00:00
Please install `dropbear` before continuing
1. copy `dropbear/unlock_disk` to `/etc/dropbear/unlock_disk`
2. copy `authorized_keys` to `/etc/dropbear/authorized_keys`
3. copy `features.d` to /`etc/mkinitfs/features.d`
2024-11-03 15:36:01 +00:00
Note:
* if you're using Deeplerg/mk-f scripts before don't forget to change `unlock_disk` as i modified that one too.
* If you're using `grub` make sure to install `syslinux` and possibly checkout `/etc/default/grub` and commented CMDLINE that's conflicted with `update-extlinux` like `GRUB_CMDLINE_LINUX_DEFAULT` and `default_kernel_opts` after that `grub-mkconfig -o /boot/grub/grub.cfg`
2024-11-03 15:17:34 +00:00
### /etc/mkinitfs.conf
2024-11-03 15:27:01 +00:00
```
features="ata base ide scsi usb virtio ext4 cryptsetup keymap dropbear network"
```
2024-11-03 15:17:34 +00:00
* features+= `dropbear` `network`
### /etc/update-extlinux.conf
2024-11-03 15:27:01 +00:00
```
modules=sd-mod,usb-storage,ext4,ata_piix,virtio_net,e1000e,virtio_pci
```
2024-11-03 15:17:34 +00:00
* if network is not working (/sys/class/net/*/address not found etc.) try adding `e1000e` or `virtio_net` `virtio_pci`
2024-11-03 15:27:01 +00:00
```
default_kernel_opts="cryptroot=UUID=xxx cryptdm=root quiet rootfstype=ext4 dropbear=< dropbear_port > ip=< ip > >"
```
2024-11-03 15:17:34 +00:00
* ip= can be both static and dhcp(if supported) `ip=<ip>::<gw>:<mask>::<interface>` `ip=dhcp`
2024-11-03 15:27:01 +00:00
```
update-extlinux
```
2024-11-03 15:17:34 +00:00
2024-11-03 15:27:01 +00:00
```
mkinitfs -i path/to/initramfs-dropbear < Kernel Version ( from / lib / modules ) incase in emergency CD >
```
2024-11-03 15:17:34 +00:00
## Full Diff:
```diff
2024-11-03 17:41:49 +00:00
325a326,340
2024-11-03 15:17:34 +00:00
> setup_dropbear() {
2024-12-04 08:54:09 +00:00
> local port="${KOPT_dropbear}"
> local keys=""
2024-11-03 15:17:34 +00:00
>
2024-12-04 08:54:09 +00:00
> # set the unlock_disc script as shell for root
> sed -i 's|\(root:x:0:0:root:/root:\).*$|\1/etc/dropbear/unlock_disk|' /etc/passwd
> echo '/etc/dropbear/unlock_disk' > /etc/shells
2024-11-03 15:17:34 +00:00
>
2024-12-04 08:54:09 +00:00
> # transfer authorized_keys
> mkdir /root/.ssh
> cp /etc/dropbear/authorized_keys /root/.ssh/authorized_keys
2024-11-03 15:17:34 +00:00
>
2024-12-04 08:54:09 +00:00
> dropbear -R -E -s -j -k -p $port
2024-11-03 15:17:34 +00:00
> }
>
2024-12-04 08:54:09 +00:00
512a528
> dropbear
641c657,665
2024-11-03 15:17:34 +00:00
< if [ -n " $ KOPT_cryptroot " ] ; then
---
> if [ -n "$KOPT_dropbear" ]; then
2024-12-04 08:54:09 +00:00
> if [ -n "$KOPT_cryptroot" ]; then
> configure_ip
> setup_dropbear
> fi
2024-11-03 15:17:34 +00:00
> fi
>
> # Add Workaround for dropbear
> if [ -n "$KOPT_cryptroot" ] && [ ! -b /dev/mapper/"${KOPT_cryptdm}" ]; then
2024-12-04 08:54:09 +00:00
705a730,733
> # Kill all struck nlplug-findfs jobs and dropbear
> killall -9 nlplug-findfs
> killall -9 dropbear
2024-11-03 17:41:49 +00:00
>
2024-12-04 08:54:09 +00:00
781a810,813
2024-11-03 17:41:49 +00:00
>
2024-12-04 08:54:09 +00:00
> # Kill all struck nlplug-findfs jobs and dropbear
> killall -9 nlplug-findfs
> killall -9 dropbear
2024-11-03 15:17:34 +00:00
```