fff7d1bc/better-initramfs

avahi/zeroconf support

Opened this issue · 7 comments

I tried to get a static build of avahi working in the initramfs, but gave up about a year ago. How hard do you think it would be to add?

It doesn't have to be avahi, but I'd really like to be able to advertize an ssh unlock service being available.

Right now when I want to find locked machines on my local subnet, I do:

nmap -p2222 10.0.0.1-255 --open -oG - | awk '/2222\/open/{print $2}'

I never tried to but that shouldn't be really hard, when you advertise host daemon you'd need to add ssh service and it should work. The name lookup might be issue, since musl that I use does not have thing like libnsswitch where you could hook avahi, but then there's https://github.com/LouisBrunner/avahi2dns to counter it.

What were the exact problem you faced?

My hot take on it is to simply configure router's dhcp to use IP's starting with 100, and then statically asign the IP below 100 to hosts so I know their addresses. Most routers also support dhcp address binding to mac address, perhaps that could be easier solution than avahi?

I use better-initramfs on my laptop(s), and may not be able to rely on them having a specific IP address assigned. Additionally, I actually do sometimes use better-initramfs via self assigned IP, and avahi would also be really helpful for that.

So having a stable or predictable hostname regardless of what network I am pugged into would be really helpful.

I'm not as concerned about doing mdns lookups from the initramfs, but I would love to be able to advertize that a computer is awaiting being unlocked.

And other metadata could even be stored in the service files which might be helpful.


<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<!-- See avahi.service(5) for more information about this configuration file -->
<service-group>
  <name replace-wildcards="yes">better-initramfs-%h</name>
  <service>
    <type>_ssh._tcp</type>
    <port>2222</port>
    <txt-record>key_id=something</txt-record>
  </service>
</service-group>

I will look into it if I will not ran out of motivation this weekend. Though patches and research/findings much welcome to help with it.

Cool. I wasn't able to get it to compile, but I got the feeling it wouldn't be too hard to have a static avahi-daemon added.

It was awhile ago, but I will see if I can find what I had.

I have avahi working, although I don't know if it is optimal. I've been researching a few different variants. I should be able to make a lebuild file for it.

I was thinking of a pretty simple invokation, without the need to generate xml service files or anything, like:

avahi-publish-service "better-initramfs-unlock" _ssh._tcp 2222 enc_root=$ENC_ROOT

Which would fit in nicely with my workflow.

However, it may make more sense to treat it as just part of the base networking packages, and include it as a busybox applet or something like that. I only wanted it for publishing the ssh mdns service, but if you're including it anyway, it could handle ip4ll.

Of course, I totally get if this is out of scope for you, I already have a private fork I've been using, I can just work from that.

Otherwise, I will try to share what I have tonight.

I do not think that busybox's zeroconf can do publish like this, so avahi seems like only way forward.

What concerns me is that looking at the dhcp, ssh and now avahi, I might need to integrate proper service manager like runit there, however building new Alpine sysroot fails due to signature errors so this is a bit blocked, especially that I have some rust things that I'd like to throw into better-initramfs, like replace askpass.c with rust implementation that I've done.

I'd like to encourage you to share what you have, even if it wouldn't ended up being merged in full, perhaps it could still share some code

Yeah, I agree that service management is something that should be avoided, but if an mdns service can be invoked with a single line and forked into the background, that would be good.

I have also been looking into some very small dns-sd like packages. So I will let you know.