shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

move config into etc
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
shimunn
2019-10-06 22:22:02 +02:00
committed by Shimun
parent fbcfdea96b
commit 6e53449ff6
6 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -20,10 +20,10 @@ git clone https://github.com/shimunn/fido2luks.git && cd fido2luks
#Alternativly cargo build --release && sudo cp target/release/fido2luks /usr/bin/ #Alternativly cargo build --release && sudo cp target/release/fido2luks /usr/bin/
CARGO_INSTALL_ROOT=/usr sudo -E cargo install -f --path . CARGO_INSTALL_ROOT=/usr sudo -E cargo install -f --path .
echo FIDO2LUKS_CREDENTIAL_ID=$(fido2luks credential) >> fido2luks.conf echo FIDO2LUKS_CREDENTIAL_ID=$(fido2luks credential) >> dracut/96luks-2fa/fido2luks.conf
set -a set -a
. fido2luks.conf . dracut/96luks-2fa/fido2luks.conf
#Repeat for each luks volume #Repeat for each luks volume
sudo -E fido2luks -i add-key /dev/disk/by-uuid/<DISK_UUID> sudo -E fido2luks -i add-key /dev/disk/by-uuid/<DISK_UUID>
@@ -56,7 +56,7 @@ I'd also recommend to copy the executable onto /boot so that it is accessible in
``` ```
mkdir /boot/fido2luks/ mkdir /boot/fido2luks/
cp /usr/bin/fido2luks /boot/fido2luks/ cp /usr/bin/fido2luks /boot/fido2luks/
cp fido2luks.conf /boot/fido2luks/ cp /etc/fido2luks.conf /boot/fido2luks/
``` ```
## Test ## Test

3
dracut/96luks-2fa/fido2luks.conf Normal file
View File

@@ -0,0 +1,3 @@
FIDO2LUKS_SALT=Ask
FIDO2LUKS_PASSWORD_HELPER=/usr/bin/systemd-ask-password Please enter second factor for LUKS disk encryption

2
dracut/96luks-2fa/luks-2fa-generator.sh
View File

@@ -32,7 +32,7 @@ generate_service () {
printf -- "\n\n[Service]" printf -- "\n\n[Service]"
printf -- "\nType=oneshot" printf -- "\nType=oneshot"
printf -- "\nRemainAfterExit=yes" printf -- "\nRemainAfterExit=yes"
printf -- "\nEnvironmentFile='%s'" "/etc/luks-2fa.conf" printf -- "\nEnvironmentFile=%s" "/etc/fido2luks.conf"
printf -- "\nEnvironment=FIDO2LUKS_CREDENTIAL_ID='%s'" "$credential_id" printf -- "\nEnvironment=FIDO2LUKS_CREDENTIAL_ID='%s'" "$credential_id"
printf -- "\nKeyringMode=%s" "shared" printf -- "\nKeyringMode=%s" "shared"
printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text \"${CON_MSG}\"" printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text \"${CON_MSG}\""

1
dracut/96luks-2fa/luks-2fa.conf
View File

@@ -1 +0,0 @@
FIDO2LUKS_SALT=Ask

2
dracut/96luks-2fa/module-setup.sh
View File

@@ -18,7 +18,7 @@ depends () {
install () { install () {
inst "$moddir/luks-2fa-generator.sh" "/etc/systemd/system-generators/luks-2fa-generator.sh" inst "$moddir/luks-2fa-generator.sh" "/etc/systemd/system-generators/luks-2fa-generator.sh"
inst_simple "/usr/bin/fido2luks" "/usr/bin/fido2luks" inst_simple "/usr/bin/fido2luks" "/usr/bin/fido2luks"
inst_simple "$moddir/luks-2fa.conf" "/etc/luks-2fa.conf" inst_simple "/etc/fido2luks.conf" "/etc/fido2luks.conf"
inst "$systemdutildir/systemd-cryptsetup" inst "$systemdutildir/systemd-cryptsetup"
mkdir -p "$initdir/luks-2fa" mkdir -p "$initdir/luks-2fa"

1
dracut/Makefile
View File

@@ -15,6 +15,7 @@ help:
install: install:
cp ${MODULE_CONF_D}/${MODULE_CONF} ${DRACUT_CONF_D}/ cp ${MODULE_CONF_D}/${MODULE_CONF} ${DRACUT_CONF_D}/
cp -r ${MODULE_DIR} ${DRACUT_MODULES_D}/ cp -r ${MODULE_DIR} ${DRACUT_MODULES_D}/
cp ${MODULE_DIR}/fido2luks.conf /etc/fido2luks.conf
dracut -fv dracut -fv
clean: clean:
rm ${DRACUT_CONF_D}/${MODULE_CONF} rm ${DRACUT_CONF_D}/${MODULE_CONF}