update for recent keyring changes in systemdsystemd-v235

With systemd v235 we will have new KeyringMode= for services. Setting
KeyringMode=shared allows to share secrets between services. Use that
for our services.

As udev is not started with a shared keyring we can not run the worker
directly. Instead always start the service.

4 files changed, 4 insertions, 1 deletions

diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
index b92e704..92c65b7 100644
--- a/systemd/ykfde-2f.service
+++ b/systemd/ykfde-2f.service
@@ -14,4 +14,5 @@ ConditionPathExists=/etc/ykfde.d/
 Type=oneshot
 RemainAfterExit=yes
 TimeoutSec=0
+KeyringMode=shared
 ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --id='ykfde-2f' --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!'
diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service
index 0d12514..4389bc4 100644
--- a/systemd/ykfde-worker.service
+++ b/systemd/ykfde-worker.service
@@ -13,4 +13,5 @@ After=ykfde-2f.service
 
 [Service]
 Type=oneshot
+KeyringMode=shared
 ExecStart=/usr/lib/ykfde/worker
diff --git a/systemd/ykfde.service b/systemd/ykfde.service
index 870529b..bbc918b 100644
--- a/systemd/ykfde.service
+++ b/systemd/ykfde.service
@@ -3,6 +3,7 @@ Description=Yubikey full disk encryption
 
 [Service]
 Type=oneshot
+KeyringMode=shared
 ExecStart=-/usr/bin/ykfde
 ExecStart=/usr/bin/ykfde-cpio
 ExecStop=/usr/bin/ykfde-cpio
diff --git a/udev/20-ykfde.rules b/udev/20-ykfde.rules
index 6973819..7328da3 100644
--- a/udev/20-ykfde.rules
+++ b/udev/20-ykfde.rules
@@ -25,4 +25,4 @@
 ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
 	ATTRS{idVendor}=="1050", \
 	ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
-	RUN+="/usr/lib/ykfde/worker"
+	RUN+="/usr/bin/systemctl start ykfde-worker.service"