diff options
| author |  Christian Hesse <mail@eworm.de> | 2016-05-28 23:25:25 +0200 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2016-05-28 23:25:25 +0200 |
| commit | ca67c46edf1c0543ce58bd075c565e1cb9a5a926 (patch) | |
| tree | d5c026c4113960d8828695e99a7e40e2482c162d | |
| parent | b6cc20e9c27ddf4b4ca8a58ef7aa990885229157 (diff) | |
| parent | 21075238bba7c633fc84657322391664f1770368 (diff) | |
| download | mkinitcpio-ykfde-ca67c46edf1c0543ce58bd075c565e1cb9a5a926.tar.gz mkinitcpio-ykfde-ca67c46edf1c0543ce58bd075c565e1cb9a5a926.tar.zst | |
Merge branch 'systemd-units'
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | README-mkinitcpio.md | 4 | ||||
| -rw-r--r-- | mkinitcpio/ykfde | 12 | ||||
| -rw-r--r-- | systemd/ykfde-2f | 18 | ||||
| -rw-r--r-- | systemd/ykfde-2f.service | 2 | ||||
| -rw-r--r-- | systemd/ykfde-notify.service | 22 |
6 files changed, 31 insertions, 29 deletions
@@ -42,7 +42,7 @@ install-bin: bin/ykfde udev/ykfde $(INSTALL) -D -m0755 grub/09_linux $(DESTDIR)/etc/grub.d/09_linux $(INSTALL) -D -m0644 systemd/ykfde.service $(DESTDIR)/usr/lib/systemd/system/ykfde.service $(INSTALL) -D -m0644 systemd/ykfde-2f.service $(DESTDIR)/usr/lib/systemd/system/ykfde-2f.service - $(INSTALL) -D -m0755 systemd/ykfde-2f $(DESTDIR)/usr/lib/systemd/scripts/ykfde-2f + $(INSTALL) -D -m0644 systemd/ykfde-notify.service $(DESTDIR)/usr/lib/systemd/system/ykfde-notify.service $(INSTALL) -d -m0700 $(DESTDIR)/etc/ykfde.d/ install-doc: README.html README-mkinitcpio.html README-dracut.html diff --git a/README-mkinitcpio.md b/README-mkinitcpio.md index 9f2ee4a..1d1833a 100644 --- a/README-mkinitcpio.md +++ b/README-mkinitcpio.md @@ -13,8 +13,10 @@ To compile and use yubikey full disk encryption you need: * [iniparser](http://ndevilla.free.fr/iniparser/) * [systemd](http://www.freedesktop.org/wiki/Software/systemd/) * [cryptsetup](http://code.google.com/p/cryptsetup/) -* keyutils and linux with `CONFIG_KEYS` +* keyutils and linux with `CONFIG_KEYS` enabled * [mkinitcpio](https://projects.archlinux.org/mkinitcpio.git/) +* sleep (from [coreutils](http://www.gnu.org/software/coreutils)) and + pkill (from [procps-ng](https://gitlab.com/procps-ng/procps)) * [markdown](http://daringfireball.net/projects/markdown/) (HTML documentation) * [libarchive](http://www.libarchive.org/) (Update challenge on boot) diff --git a/mkinitcpio/ykfde b/mkinitcpio/ykfde index 5a407f5..4932dfd 100644 --- a/mkinitcpio/ykfde +++ b/mkinitcpio/ykfde @@ -11,15 +11,11 @@ build() { add_systemd_unit cryptsetup-pre.target add_systemd_unit ykfde-2f.service add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service ../ykfde-2f.service - add_file /usr/lib/systemd/scripts/ykfde-2f + add_systemd_unit ykfde-notify.service + add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-notify.service ../ykfde-notify.service add_binary systemd-ask-password - - # shell and commands - local applet - add_binary /usr/lib/initcpio/busybox /usr/bin/busybox - for applet in cat kill sh sleep; do - add_symlink "/usr/bin/${applet}" busybox - done + add_binary pkill + add_binary sleep fi } diff --git a/systemd/ykfde-2f b/systemd/ykfde-2f deleted file mode 100644 index c34bde8..0000000 --- a/systemd/ykfde-2f +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -# (C) 2016 by Christian Hesse <mail@eworm.de> -# -# This software may be used and distributed according to the terms -# of the GNU General Public License, incorporated herein by reference. - -systemd-ask-password --no-tty --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!' >/dev/null - -if [ -s '/run/ykfde.pid' ]; then - kill -USR1 $(cat '/run/ykfde.pid') - # ykfde started from udev needs a moment to set up the key - # in store. It is out of systemd control, so wait a moment - # here. - sleep 0.2 -fi - -true diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service index cfdab43..33f034f 100644 --- a/systemd/ykfde-2f.service +++ b/systemd/ykfde-2f.service @@ -14,4 +14,4 @@ ConditionPathExists=/etc/ykfde.d/ Type=oneshot RemainAfterExit=yes TimeoutSec=0 -ExecStart=/usr/lib/systemd/scripts/ykfde-2f +ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!' diff --git a/systemd/ykfde-notify.service b/systemd/ykfde-notify.service new file mode 100644 index 0000000..04a4d46 --- /dev/null +++ b/systemd/ykfde-notify.service @@ -0,0 +1,22 @@ +# (C) 2016 by Christian Hesse <mail@eworm.de> +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. + +[Unit] +Description=Notify ykfde about key +DefaultDependencies=no +Before=cryptsetup-pre.target +Wants=cryptsetup-pre.target +Requires=ykfde-2f.service +After=ykfde-2f.service +ConditionPathExists=/run/ykfde.pid + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/pkill -USR1 --pidfile /run/ykfde.pid +# ykfde started from udev needs a moment to set up the key +# in store. It is out of systemd control, so wait a moment +# here. +ExecStart=/usr/bin/sleep 0.2 |