summaryrefslogtreecommitdiffstats
path: root/systemd
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2016-01-16 02:13:22 +0100
committerGravatar Christian Hesse <mail@eworm.de>2016-01-16 02:26:21 +0100
commit40a0f31f1838d4774ebd960640bfb230dc562ea1 (patch)
treed2997424c305efd41a210432f1fad8aa9f6d88ee /systemd
parentf4c501575f6c6119acc8177406612bdfafab3cb3 (diff)
downloadmkinitcpio-ykfde-40a0f31f1838d4774ebd960640bfb230dc562ea1.tar.gz
mkinitcpio-ykfde-40a0f31f1838d4774ebd960640bfb230dc562ea1.tar.zst
We have support for second factor. Yeah!
Diffstat (limited to 'systemd')
-rw-r--r--systemd/ykfde-2f20
-rw-r--r--systemd/ykfde-2f.service16
2 files changed, 36 insertions, 0 deletions
diff --git a/systemd/ykfde-2f b/systemd/ykfde-2f
new file mode 100644
index 0000000..3aac298
--- /dev/null
+++ b/systemd/ykfde-2f
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# (C) 2016 by Christian Hesse <mail@eworm.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+YKFDEFACTOR="$(systemd-ask-password --no-tty 'Please enter second factor for Yubikey full disk encryption!')"
+YKFDESERIAL="$(keyctl 'add' 'user' 'ykfde-2f' "${YKFDEFACTOR}" '@u')"
+keyctl 'timeout' "${YKFDESERIAL}" '150'
+
+if [ -s '/run/ykfde.pid' ]; then
+ kill -USR1 $(cat '/run/ykfde.pid')
+ # ykfde started from udev needs a moment to set up the key
+ # in store. It is out of systemd control, so wait a moment
+ # here.
+ sleep 0.2
+fi
+
+true
diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
new file mode 100644
index 0000000..acb6d67
--- /dev/null
+++ b/systemd/ykfde-2f.service
@@ -0,0 +1,16 @@
+# (C) 2016 by Christian Hesse <mail@eworm.de>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+
+[Unit]
+Description=Get 2nd Factor for YKFDE
+DefaultDependencies=no
+Before=cryptsetup-pre.target
+Wants=cryptsetup-pre.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+TimeoutSec=0
+ExecStart=/usr/lib/systemd/scripts/ykfde-2f