Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/defaults/login-remote.sh
Commit message (Collapse)AuthorAgeFilesLines
* linuxrc: Move global variables to initrd.defaultsThomas Deutschmann2021-03-211-6/+2
| | | | Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* linuxrc: Use same $CRYPT_SILENT styleThomas Deutschmann2021-03-211-4/+4
| | | | Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* defaults/initrd.defaults: Rename $CRYPT_KEYFILE_{ROOT,SWAP} -> ↵Thomas Deutschmann2020-09-021-2/+2
| | | | | | $CRYPT_{ROOT,SWAP}_KEYFILE Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* Rework ZFS unlockThomas Deutschmann2020-01-111-0/+5
| | | | | | | | | | | | - Prompt for key when key is unavailable, not when key is available. - Check ZFS' keystatus property instead of return value to allow remote unlock. - Add unlock-zfs command to remote rescue shell. Closes: https://bugs.gentoo.org/705032 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* linuxrc: Log initramfs output/commandsThomas Deutschmann2019-08-071-2/+25
| | | | | | | | | | | | | | | | | | By default, any {bad,good,warn}_msg output and external command calls will now be logged to /tmp/init.log in initramfs. This can be turned off via gk.log.disabled={1,yes} kernel command-line argument. This is especially helpful when working with remote servers when you can access initramfs system through SSH. In addition, initramfs' log file can be preserved, i.e. copied to real system just before switch_root call. This can be controlled via gk.log.keep kernel command-line argument: When just enabled, initramfs will copy log to $NEWROOT/genkernel-boot.log. Keep in my that the file path must be accessible for initramfs and by default, initramfs will only mount / as $NEWROOT and no additional mountpoints. Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* login-remote.sh: Make shellcheck happyThomas Deutschmann2019-08-061-14/+14
| | | | Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* initrd.scripts: Move splash() function to initrd.scriptsThomas Deutschmann2019-08-061-4/+0
| | | | Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* linuxrc: Make shell startup output more beautiful and usefulThomas Deutschmann2019-08-061-6/+16
| | | | | | | | | | | | - Hide busybox version - Show genkernel version - Show running kernel version - Use emphasis (bold format) in text Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* Rework --ssh supportThomas Deutschmann2019-07-141-99/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - To enable sshd in initramfs user MUST now set "dosshd" kernel command-line parameter. - "gk.sshd.wait" kernel command-line parameter was added to interrupt boot process for X seconds to allow for remote login (can be used like an remote rescue shell). - For remote unlock of LUKS-encrypted root or swap device, user can still send unencrypted keyfile via SSH like $ cat ~/root.unencrypted.key | ssh root@<remote-host> -C post root or user can now just SSH into the remote host and call "unlock-luks" like remote rescueshell ~ # unlock-luks root to get a cryptsetup prompt. NOTE: When manually unlocking the encrypted LUKS device, user must call "resume-boot" afterwards to resume booting. - "--ssh-authorized-keys-file" parameter added which can be used to specify a different file than default "/etc/dropbear/authorized_keys" file. - "--ssh-host-keys" parameter added to control if in initramfs embedded sshd should create its own pair of hosts keys (which will be stored in "/etc/dropbear for re-use, default), use host keys from host system or should generate host keys at runtime on each boot. - "ip" kernel command-line parameter will now default to DHCP usage but does also support addr/CIDR notation to specify a static address. - "gk.net.iface" kernel command-line parameter was added to use a different interface than "eth0". You can either use an interface name or use a MAC address. - "gk.net.gw" kernel command-line parameter was added which will allow user to set specific gateway when DHCP isn't used. - "gk.net.routes" kernel command-line parameter was added which will allow user to set additional routes when DHCP isn't used. Please read manpage for additional parameters and more details. Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
* Fix init/login-remote logic so that init keeps going once disks are decryptedLouis Sautier2019-02-281-0/+3
| | | | | | | | | * Kill the cryptsetup process started by init, otherwise it will hang forever. * Make init check for an already-opened device before prompting the user, otherwise we have to wait for the prompt_user calls to time out. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* login-remote.sh: add a 3rd try which relies on user-submit passphraseLouis Sautier2019-02-281-0/+7
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* login-remote.sh: unnest second LUKS decryption tryLouis Sautier2019-02-281-12/+12
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* login-remote.sh: only try to decrypt key using GPG if binary existsLouis Sautier2019-02-281-1/+1
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* login-remote.sh: remove useless echo and sleepLouis Sautier2019-02-281-2/+0
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* login-remote.sh: set vim modeline to use tabsLouis Sautier2019-02-281-0/+1
| | | | Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
* FL-1476: Add support for remote decryption of luks devices via dropbearSebastian Bauer2017-01-071-0/+127
(cherry picked from commit 1886bbafecca1c225646e8d297bbb522caedfd9b) Closes: https://bugs.gentoo.org/show_bug.cgi?id=440126 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>