shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

typos
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-22 20:58:43 +02:00
parent bd97e25dd8
commit 94fa5555e0
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -26,7 +26,7 @@ set -a
. fido2luks.conf . fido2luks.conf
#Repeat for each luks volume #Repeat for each luks volume
sudo -E fido2luks -i addkey /dev/disk/by-uuid/<DISK_UUID> sudo -E fido2luks -i add-key /dev/disk/by-uuid/<DISK_UUID>
#Test(only works if the luks container isn't active) #Test(only works if the luks container isn't active)
sudo -E fido2luks -i open /dev/disk/by-uuid/<DISK_UUID> luks-<DISK_UUID> sudo -E fido2luks -i open /dev/disk/by-uuid/<DISK_UUID> luks-<DISK_UUID>

14
dracut/96luks-2fa/luks-2fa-generator.sh
View File

@ -1,11 +1,10 @@
#!/bin/bash #!/bin/bash
NORMAL_DIR="/tmp//run/systemd/system" NORMAL_DIR="/run/systemd/system"
LUKS_2FA_WANTS="/etc/systemd/system/luks-2fa.target.wants" LUKS_2FA_WANTS="/etc/systemd/system/luks-2fa.target.wants"
CRYPTSETUP="/usr/lib/systemd/systemd-cryptsetup" CRYPTSETUP="/usr/lib/systemd/systemd-cryptsetup"
FIDO2LUKS="/usr/bin/fido2luks" FIDO2LUKS="/usr/bin/fido2luks"
XXD="/usr/bin/xxd"
MOUNT=$(command -v mount) MOUNT=$(command -v mount)
UMOUNT=$(command -v umount) UMOUNT=$(command -v umount)
@ -35,11 +34,11 @@ generate_service () {
printf -- "\nRemainAfterExit=yes" printf -- "\nRemainAfterExit=yes"
printf -- "\nEnvironment=FIDO2LUKS_CREDENTIAL_ID='%s'" "$credential_id" printf -- "\nEnvironment=FIDO2LUKS_CREDENTIAL_ID='%s'" "$credential_id"
printf -- "\nEnvironment=FIDO2LUKS_SALT='%s'" "Ask" printf -- "\nEnvironment=FIDO2LUKS_SALT='%s'" "Ask"
printf -- "\nEnvironment=FIDO2LUKS_PASSWORD_HELPER='%s'" "/usr/bin/systemd-ask-password \"Disk 2fa password\"" printf -- "\nEnvironment=FIDO2LUKS_PASSWORD_HELPER='%s'" "/usr/bin/systemd-ask-password Disk 2fa password"
printf -- "\nKeyringMode=%s" "shared" printf -- "\nKeyringMode=%s" "shared"
printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text ${CON_MSG}" printf -- "\nExecStartPre=-/usr/bin/plymouth display-message --text \"${CON_MSG}\""
printf -- "\nExecStartPre=-/bin/bash -c \"while ! ${FIDO2LUKS} connected; do /usr/bin/sleep 1; done\"" printf -- "\nExecStartPre=-/bin/bash -c \"while ! ${FIDO2LUKS} connected; do /usr/bin/sleep 1; done\""
printf -- "\nExecStartPre=-/usr/bin/plymouth hide-message --text ${CON_MSG}" printf -- "\nExecStartPre=-/usr/bin/plymouth hide-message --text \"${CON_MSG}\""
printf -- "\nExecStart=/bin/bash -c \"${FIDO2LUKS} print-secret --bin | ${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' '/dev/stdin'\"" "$target_uuid" "$target_uuid" printf -- "\nExecStart=/bin/bash -c \"${FIDO2LUKS} print-secret --bin | ${CRYPTSETUP} attach 'luks-%s' '/dev/disk/by-uuid/%s' '/dev/stdin'\"" "$target_uuid" "$target_uuid"
printf -- "\nExecStop=${CRYPTSETUP} detach 'luks-%s'" "$target_uuid" printf -- "\nExecStop=${CRYPTSETUP} detach 'luks-%s'" "$target_uuid"
} > "$sd_service" } > "$sd_service"
@ -50,7 +49,7 @@ generate_service () {
printf -- "\nConditionPathExists=!/dev/mapper/luks-%s" "$target_uuid" printf -- "\nConditionPathExists=!/dev/mapper/luks-%s" "$target_uuid"
} > "${sd_dir}/${crypto_target_service}.d/drop-in.conf" } > "${sd_dir}/${crypto_target_service}.d/drop-in.conf"
# ln -sf "$sd_service" "${LUKS_2FA_WANTS}/" ln -sf "$sd_service" "${LUKS_2FA_WANTS}/"
} }
parse_cmdline () { parse_cmdline () {
@ -81,5 +80,4 @@ generate_from_cmdline () {
done done
} }
#generate_from_cmdline generate_from_cmdline
generate_service CRED UUID $timeout