summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2017-09-16 00:26:28 +0200
committerGravatar Christian Hesse <mail@eworm.de>2017-09-16 00:33:48 +0200
commite79ca4185947e867e8ea26521443413c2094a8c8 (patch)
tree413c9fe61d88ce5777a3caf8cc6d2bae7c5627ab
parentef6bd91f17777736a919727d16ed4696f5e14fcd (diff)
downloadmkinitcpio-ykfde-e79ca4185947e867e8ea26521443413c2094a8c8.tar.gz
mkinitcpio-ykfde-e79ca4185947e867e8ea26521443413c2094a8c8.tar.zst
update for recent keyring changes in systemdsystemd-v235
With systemd v235 we will have new KeyringMode= for services. Setting KeyringMode=shared allows to share secrets between services. Use that for our services. As udev is not started with a shared keyring we can not run the worker directly. Instead always start the service.
-rw-r--r--systemd/ykfde-2f.service1
-rw-r--r--systemd/ykfde-worker.service1
-rw-r--r--systemd/ykfde.service1
-rw-r--r--udev/20-ykfde.rules2
4 files changed, 4 insertions, 1 deletions
diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
index b92e704..92c65b7 100644
--- a/systemd/ykfde-2f.service
+++ b/systemd/ykfde-2f.service
@@ -14,4 +14,5 @@ ConditionPathExists=/etc/ykfde.d/
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
+KeyringMode=shared
ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --id='ykfde-2f' --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!'
diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service
index 0d12514..4389bc4 100644
--- a/systemd/ykfde-worker.service
+++ b/systemd/ykfde-worker.service
@@ -13,4 +13,5 @@ After=ykfde-2f.service
[Service]
Type=oneshot
+KeyringMode=shared
ExecStart=/usr/lib/ykfde/worker
diff --git a/systemd/ykfde.service b/systemd/ykfde.service
index 870529b..bbc918b 100644
--- a/systemd/ykfde.service
+++ b/systemd/ykfde.service
@@ -3,6 +3,7 @@ Description=Yubikey full disk encryption
[Service]
Type=oneshot
+KeyringMode=shared
ExecStart=-/usr/bin/ykfde
ExecStart=/usr/bin/ykfde-cpio
ExecStop=/usr/bin/ykfde-cpio
diff --git a/udev/20-ykfde.rules b/udev/20-ykfde.rules
index 6973819..7328da3 100644
--- a/udev/20-ykfde.rules
+++ b/udev/20-ykfde.rules
@@ -25,4 +25,4 @@
ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
ATTRS{idVendor}=="1050", \
ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
- RUN+="/usr/lib/ykfde/worker"
+ RUN+="/usr/bin/systemctl start ykfde-worker.service"