From 4a3b6f8e23c3601571cc0a549ebf4aea04be853f Mon Sep 17 00:00:00 2001 From: shimunn Date: Sat, 21 Sep 2019 01:10:09 +0200 Subject: [PATCH] integrate connected func --- dracut/96luks-2fa/fido2-connected.service | 10 ---------- dracut/96luks-2fa/luks-2fa-generator.sh | 12 ++++++------ dracut/96luks-2fa/module-setup.sh | 3 --- 3 files changed, 6 insertions(+), 19 deletions(-) delete mode 100644 dracut/96luks-2fa/fido2-connected.service diff --git a/dracut/96luks-2fa/fido2-connected.service b/dracut/96luks-2fa/fido2-connected.service deleted file mode 100644 index a150e33..0000000 --- a/dracut/96luks-2fa/fido2-connected.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Wait for a FIDO2 device to be connected - -[Service] -Type=oneshot -Environment=CON_MSG="Please connect your authenicator" -ExecStartPre=/usr/bin/plymouth display-message --text "${CON_MSG}" -ExecStart=/bin/bash -c 'while ! /usr/bin/fido2luks connected; do /usr/bin/sleep 1; done' -ExecStopPost=/usr/bin/plymouth hide-message --text "${CON_MSG}" - diff --git a/dracut/96luks-2fa/luks-2fa-generator.sh b/dracut/96luks-2fa/luks-2fa-generator.sh index e38b8af..c8d1a7d 100755 --- a/dracut/96luks-2fa/luks-2fa-generator.sh +++ b/dracut/96luks-2fa/luks-2fa-generator.sh @@ -9,7 +9,8 @@ XXD="/usr/bin/xxd" MOUNT=$(command -v mount) UMOUNT=$(command -v umount) -TIMEOUT=30 +TIMEOUT=120 +CON_MSG="Please connect your authenicator" generate_service () { local credential_id=$1 target_uuid=$2 timeout=$3 sd_dir=${4:-$NORMAL_DIR} @@ -23,7 +24,7 @@ generate_service () { printf -- "[Unit]" printf -- "\nDescription=%s" "2fa for luks" printf -- "\nBindsTo=%s" "$target_dev" - printf -- "\nAfter=%s cryptsetup-pre.target systemd-journald.socket" "$target_dev" #TODO: create service to wait or authenicator + printf -- "\nAfter=%s cryptsetup-pre.target systemd-journald.socket" "$target_dev" printf -- "\nBefore=%s umount.target luks-2fa.target" "$crypto_target_service" printf -- "\nConflicts=umount.target" printf -- "\nDefaultDependencies=no" @@ -36,11 +37,10 @@ generate_service () { printf -- "\nEnvironment=FIDO2LUKS_SALT='%s'" "Ask" printf -- "\nEnvironment=FIDO2LUKS_PASSWORD_HELPER='%s'" "/usr/bin/systemd-ask-password \"Disk 2fa password\"" printf -- "\nKeyringMode=%s" "shared" - #printf -- "\nExecStart=${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' 'none'" "$keyfile_uuid" "$keyfile_uuid" #LUKS on USB - #printf -- "\nExecStart=${MOUNT} '/dev/mapper/luks-%s' %s" "$keyfile_uuid" "$keyfile_mountpoint" #Mount keyfile + printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text ${CON_MSG}" + printf -- "\nExecStartPre=-/bin/bash -c \"while ! ${FIDO2LUKS} connected; do /usr/bin/sleep 1; done\"" + printf -- "\nExecStartPre=-/usr/bin/plymouth hide-message --text ${CON_MSG}" printf -- "\nExecStart=/bin/bash -c \"${FIDO2LUKS} print-secret --bin | ${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' '/dev/stdin'\"" "$target_uuid" "$target_uuid" - #printf -- "\nExecStart=${UMOUNT} '%s'" "$keyfile_mountpoint" - #printf -- "\nExecStart=${CRYPTSETUP} detach 'luks-%s'" "$keyfile_uuid" printf -- "\nExecStop=${CRYPTSETUP} detach 'luks-%s'" "$target_uuid" } > "$sd_service" diff --git a/dracut/96luks-2fa/module-setup.sh b/dracut/96luks-2fa/module-setup.sh index e957be6..d3eb8b0 100755 --- a/dracut/96luks-2fa/module-setup.sh +++ b/dracut/96luks-2fa/module-setup.sh @@ -24,9 +24,6 @@ install () { inst "$moddir/luks-2fa.target" "/etc/systemd/system/luks-2fa.target" mkdir -p "$initdir/etc/systemd/system/luks-2fa.target.wants" - inst "$moddir/fido2-connected.service" "/etc/systemd/system/fido2-connected.service" - mkdir -p "$initdir/etc/systemd/system/sysinit.target.wants" ln -sf "/etc/systemd/system/luks-2fa.target" "$initdir/etc/systemd/system/sysinit.target.wants/" - ln -sf "/etc/systemd/system/fido2-connected.service" "$initdir/etc/systemd/system/sysinit.target.wants/" }