shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

integrate connected func
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-21 01:10:09 +02:00
parent afcb48110b
commit 4a3b6f8e23
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
3 changed files with 6 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dracut/96luks-2fa/fido2-connected.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=Wait for a FIDO2 device to be connected
[Service]
Type=oneshot
Environment=CON_MSG="Please connect your authenicator"
ExecStartPre=/usr/bin/plymouth display-message --text "${CON_MSG}"
ExecStart=/bin/bash -c 'while ! /usr/bin/fido2luks connected; do /usr/bin/sleep 1; done'
ExecStopPost=/usr/bin/plymouth hide-message --text "${CON_MSG}"

12
dracut/96luks-2fa/luks-2fa-generator.sh
View File

@ -9,7 +9,8 @@ XXD="/usr/bin/xxd"
MOUNT=$(command -v mount)
UMOUNT=$(command -v umount)
TIMEOUT=30
TIMEOUT=120
CON_MSG="Please connect your authenicator"
generate_service () {
local credential_id=$1 target_uuid=$2 timeout=$3 sd_dir=${4:-$NORMAL_DIR}
@ -23,7 +24,7 @@ generate_service () {
printf -- "[Unit]"
printf -- "\nDescription=%s" "2fa for luks"
printf -- "\nBindsTo=%s" "$target_dev"
printf -- "\nAfter=%s cryptsetup-pre.target systemd-journald.socket" "$target_dev" #TODO: create service to wait or authenicator
printf -- "\nAfter=%s cryptsetup-pre.target systemd-journald.socket" "$target_dev"
printf -- "\nBefore=%s umount.target luks-2fa.target" "$crypto_target_service"
printf -- "\nConflicts=umount.target"
printf -- "\nDefaultDependencies=no"
@ -36,11 +37,10 @@ generate_service () {
printf -- "\nEnvironment=FIDO2LUKS_SALT='%s'" "Ask"
printf -- "\nEnvironment=FIDO2LUKS_PASSWORD_HELPER='%s'" "/usr/bin/systemd-ask-password \"Disk 2fa password\""
printf -- "\nKeyringMode=%s" "shared"
#printf -- "\nExecStart=${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' 'none'" "$keyfile_uuid" "$keyfile_uuid" #LUKS on USB
#printf -- "\nExecStart=${MOUNT} '/dev/mapper/luks-%s' %s" "$keyfile_uuid" "$keyfile_mountpoint" #Mount keyfile
printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text ${CON_MSG}"
printf -- "\nExecStartPre=-/bin/bash -c \"while ! ${FIDO2LUKS} connected; do /usr/bin/sleep 1; done\""
printf -- "\nExecStartPre=-/usr/bin/plymouth hide-message --text ${CON_MSG}"
printf -- "\nExecStart=/bin/bash -c \"${FIDO2LUKS} print-secret --bin | ${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' '/dev/stdin'\"" "$target_uuid" "$target_uuid"
#printf -- "\nExecStart=${UMOUNT} '%s'" "$keyfile_mountpoint"
#printf -- "\nExecStart=${CRYPTSETUP} detach 'luks-%s'" "$keyfile_uuid"
printf -- "\nExecStop=${CRYPTSETUP} detach 'luks-%s'" "$target_uuid"
} > "$sd_service"

3
dracut/96luks-2fa/module-setup.sh
View File

@ -24,9 +24,6 @@ install () {
inst "$moddir/luks-2fa.target" "/etc/systemd/system/luks-2fa.target"
mkdir -p "$initdir/etc/systemd/system/luks-2fa.target.wants"
inst "$moddir/fido2-connected.service" "/etc/systemd/system/fido2-connected.service"
mkdir -p "$initdir/etc/systemd/system/sysinit.target.wants"
ln -sf "/etc/systemd/system/luks-2fa.target" "$initdir/etc/systemd/system/sysinit.target.wants/"
ln -sf "/etc/systemd/system/fido2-connected.service" "$initdir/etc/systemd/system/sysinit.target.wants/"
}