Hi! Thanks for your interest. And generally for your mentoring work :-) On Fri, 25 Sep 2015 at 12:11:54 +0000, Gianfranco Costamagna wrote: >> I don't mind either way :-) But why would you swap the addresses? >> (Yes I read section 3.3 of the policy, it didn't help me >> understanding.) > > for two reasons, don't make people upset, and because he is a DD :) Making people upset was certainly not my intention. And it's precisely because I don't have upload rights that I didn't put my name in the Uploaders fields. Anyway I don't care either way, so if it's less controversial to swap the addresses I'll do that. >> GPL vs MIT is not my choice, as debian/initramfs/* was originally >> contributed by <debian@x.ray.net> under GPL-2+. Anyway upstream >> could as well GPL-license the remote cryptroot unlocking feature, but >> AFAIK they are not interested in merging it. > well, I tried to install on an Ubuntu machine: > sudo dpkg -i ../dropbear_2015.68-1_all.deb ../dropbear-initramfs_2015.68-1_amd64.deb ../dropbear-run_2015.68-1_amd64.deb ../dropbear-bin_2015.68-1_amd64.deb > dpkg: regarding .../dropbear-initramfs_2015.68-1_amd64.deb containing dropbear-initramfs: > dropbear-initramfs conflicts with plymouth > plymouth (version 0.9.0-0ubuntu9) is present and installed. Yes, remote cryptroot unlocking doesn't work with plymouth because unlike /lib/cryptsetup/askpass it doesn't create a FIFO on which to dump the passphrase. A bug has been opened on laundpad (#733268), but in the meantime I made dropbear-initramfs conflict with plymouth to avoid bad surprises ;-) > Converting existing OpenSSH DSA host key to Dropbear format. > Key is a ssh-dss key > Wrote key to '/etc/dropbear/dropbear_dss_host_key' > 1024 mykey /etc/dropbear/dropbear_dss_host_key (DSA) > […] > Converting existing OpenSSH RSA host key to Dropbear format. > Key is a ssh-rsa key > Wrote key to '/etc/dropbear/dropbear_rsa_host_key' > […] > Converting existing OpenSSH ECDSA host key to Dropbear format. > Key is a ecdsa-sha2-nistp256 key > Wrote key to '/etc/dropbear/dropbear_ecdsa_host_key' Yes this is normal. dropbear's post-install script has done that for years for RSA and DSA. As mentioned in the changelog, I added ECDSA conversion and ACSII art (via ssh-keygen) to dropbear-run's post-install script. > OpenSSH appears to be installed. Setting /etc/default/dropbear so that > Dropbear will not start by default. Edit this file to change this behaviour. Again this is inherited from dropbear ≤2014.65. (Both OpenSSH and dropbear want to listen on port 22.) It's weird to install two SSH severs, but I did that myself as I put dropbear to the initramfs and use OpenSSH otherwise. (With the split I would not install dropbear-run to avoid the above messages.) > also piuparts seems to be not really happy > > http://debomatic-amd64.debian.net/distribution#unstable/dropbear/2015.68-1/piuparts I don't know about the broken-symlink /etc/dropbear/log/main → /var/log/dropbear . It has been there for years and might have to do with runit, so I just left it there. Thanks for pointing the untracked file and directory. I've now added debian/dropbear-initramfs.dirs debian/dropbear-run.default > and I can't upgrade from a jessie machine > trying to overwrite /usr/share/initramfs-tools/conf-hooks.d/dropbear which is also in package dropbear 2015.68-1 Hmm. dpkg -c on the the 4 deb files tells me this file is only shipped by dropbear-initramfs, not dropbear. Could that be because it was marked by dropbear 2014.64 and 2014.65 as a configuration file? I ceased to do so as it violates the Debian Policy Manual section 10.7.2. Cheers, -- Guilhem.
Attachment:
signature.asc
Description: PGP signature