shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

use full device path
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-17 21:55:31 +02:00
parent c9d8d24eec
commit 80c100d584
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dracut/fido2luks.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
LUKS_UUIDS="$(getargs rd.fido2luks.uuid | tr ' ' '\n'| cut -d '-' -f 2-)"
LUKS_DEVICES="$(getargs rd.fido2luks.devices | tr ' ' '\n'| cut -d '-' -f 2-)"
CREDENTIAL_ID="$(getargs rd.fido2luks.credentialid)"
SALT="$(getargs rd.fido2luks.salt)"
@ -21,7 +21,7 @@ hide_msg () {
plymouth hide-message --text="$MSG" &
}
handle_authenticator () {
handle_authenticator() {
while ! /bin/f2l connected; do
display_msg_timeout "Please connect your authenicator"
@ -31,15 +31,19 @@ handle_authenticator () {
export FIDO2LUKS_CREDENTIAL_ID="$CREDENTIAL_ID"
export FIDO2LUKS_SALT="${SALT:-Ask}"
export FIDO2LUKS_PASSWORD_HELPER="/usr/bin/systemd-ask-password --no-tty 'Disk 2fa password'"
for UUID in $LUKS_UUIDS ; do
export FIDO2LUKS_UUID="$UUID"
export FIDO2LUKS_MAPPER_NAME="${MAPPER_NAME:-luks-$FIDO2LUKS_UUID}"
for DEV in $LUKS_DEVICES ; do
export FIDO2LUKS_DEVICE="$DEV"
export FIDO2LUKS_MAPPER_NAME="${MAPPER_NAME:-luks-$DEV}"
display_msg_timeout "Watch your authenicator"
ERR="$(/bin/f2l open -e 2>&1)"
if [ "$?" -eq 1 ]; then
display_msg_timeout "Failed to unlock: $ERR"
sleep 15
sleep 5
else
exit 1
fi
done
}
handle_authenticator

4
src/config.rs
View File

@ -14,7 +14,7 @@ use std::process::Command;
#[derive(Debug, Deserialize, Serialize)]
pub struct EnvConfig {
credential_id: String,
uuid: String,
device: String,
salt: String,
mapper_name: String,
password_helper: String,
@ -24,7 +24,7 @@ impl Into<Config> for EnvConfig {
fn into(self) -> Config {
Config {
credential_id: self.credential_id,
device: format!("/dev/disk/by-uuid/{}", self.uuid).into(),
device: self.device.into(),
mapper_name: self.mapper_name,
password_helper: PasswordHelper::Script(self.password_helper),
input_salt: if PathBuf::from(&self.salt).exists() {