tranquil moth
I'm trying to install dracut-crypt-ssh (https://github.com/dracut-crypt-ssh/dracut-crypt-ssh) but am failing at the last step. Running run0 dracut --force gives me this error:
dracut[F]: Can't write to /boot/efi/c1daf846e7ec42c2a53e9cd52d98d0c9/6.15.9-201.fc42.x86_64: Directory /boot/efi/c1daf846e7ec42c2a53e9cd52d98d0c9/6.15.9-201.fc42.x86_64 does not exist or is not accessible.
Does anyone know if what I'm trying to do is possible on secureblue?
- name: Install dracut-crypt-ssh
ansible.builtin.shell: |
set -o pipefail
set -e
if [ -f /root/dracut-crypt-ssh-keys/ssh_dracut_ed25519_key ]; then exit 0; fi
wget -nv https://copr.fedorainfracloud.org/coprs/uriesk/dracut-crypt-ssh/repo/fedora-42/uriesk-dracut-crypt-ssh-fedora-42.repo -O /etc/yum.repos.d/dracut-crypt-ssh.repo
rpm-ostree refresh-md
if ! rpm-ostree status | grep dracut-crypt-ssh; then
rpm-ostree install --apply-live --assumeyes dracut-crypt-ssh
fi
if ! rpm-ostree kargs | grep -q neednet; then
rpm-ostree kargs --append "rd.neednet=1 ip=dhcp"
fi
sed -i '/^#[[:space:]]*install_items/s/^#[[:space:]]*//' /etc/dracut.conf.d/crypt-ssh.conf
sed -i 's/"222"/"22"/g' /etc/dracut.conf.d/crypt-ssh.conf
umask 0077
mkdir -p /root/dracut-crypt-ssh-keys
ssh-keygen -t rsa -m PEM -f /root/dracut-crypt-ssh-keys/ssh_dracut_rsa_key -N ""
ssh-keygen -t ecdsa -m PEM -f /root/dracut-crypt-ssh-keys/ssh_dracut_ecdsa_key -N ""
ssh-keygen -t ed25519 -m PEM -f /root/dracut-crypt-ssh-keys/ssh_dracut_ed25519_key -N ""
sed -i 's/# dropbear_ed25519_key="GENERATE"/dropbear_ed25519_key="\/root\/dracut-crypt-ssh-keys\/ssh_dracut_ed25519_key"/g' /etc/dracut.conf.d/crypt-ssh.conf
sed -i 's/# dropbear_rsa_key="GENERATE"/dropbear_rsa_key="\/root\/dracut-crypt-ssh-keys\/ssh_dracut_rsa_key"/g' /etc/dracut.conf.d/crypt-ssh.conf
sed -i 's/# dropbear_ecdsa_key="GENERATE"/dropbear_ecdsa_key="\/root\/dracut-crypt-ssh-keys\/ssh_dracut_ecdsa_key"/g' /etc/dracut.conf.d/crypt-ssh.conf
if [ -f /home/{{ username_on_the_host.stdout }}/.ssh/authorized_keys ]; then cp /home/{{ username_on_the_host.stdout }}/.ssh/authorized_keys /root/.ssh/; fi
dracut --force
^ My full setup script for reference (part of an Ansible playbook).
tranquil moth
Okay, I ran the enable command but still don't see anything in /boot/initramfs-*
How do I verify that it was generated or view the contents?
frank crown
Okay, I ran the enable command but still don't see anything in `/boot/initramfs-...
it will regenerate on rpm-ostree operations now
tranquil moth
Not sure if the package I'm trying to add is actually being added (lsinitrd shows a file list that does not include certain files I expect to see but it also outputs a bunch of unsupported format errors so maybe that's it). I'll need to actually verify if I can SSH in during boot. But at the very least this is a path forward. Thanks!