summaryrefslogtreecommitdiffstats
path: root/systemd
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2017-09-16 00:26:28 +0200
committerGravatar Christian Hesse <mail@eworm.de>2017-09-16 00:33:48 +0200
commite79ca4185947e867e8ea26521443413c2094a8c8 (patch)
tree413c9fe61d88ce5777a3caf8cc6d2bae7c5627ab /systemd
parentef6bd91f17777736a919727d16ed4696f5e14fcd (diff)
downloadmkinitcpio-ykfde-e79ca4185947e867e8ea26521443413c2094a8c8.tar.gz
mkinitcpio-ykfde-e79ca4185947e867e8ea26521443413c2094a8c8.tar.zst
update for recent keyring changes in systemdsystemd-v235
With systemd v235 we will have new KeyringMode= for services. Setting KeyringMode=shared allows to share secrets between services. Use that for our services. As udev is not started with a shared keyring we can not run the worker directly. Instead always start the service.
Diffstat (limited to 'systemd')
-rw-r--r--systemd/ykfde-2f.service1
-rw-r--r--systemd/ykfde-worker.service1
-rw-r--r--systemd/ykfde.service1
3 files changed, 3 insertions, 0 deletions
diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
index b92e704..92c65b7 100644
--- a/systemd/ykfde-2f.service
+++ b/systemd/ykfde-2f.service
@@ -14,4 +14,5 @@ ConditionPathExists=/etc/ykfde.d/
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
+KeyringMode=shared
ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --id='ykfde-2f' --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!'
diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service
index 0d12514..4389bc4 100644
--- a/systemd/ykfde-worker.service
+++ b/systemd/ykfde-worker.service
@@ -13,4 +13,5 @@ After=ykfde-2f.service
[Service]
Type=oneshot
+KeyringMode=shared
ExecStart=/usr/lib/ykfde/worker
diff --git a/systemd/ykfde.service b/systemd/ykfde.service
index 870529b..bbc918b 100644
--- a/systemd/ykfde.service
+++ b/systemd/ykfde.service
@@ -3,6 +3,7 @@ Description=Yubikey full disk encryption
[Service]
Type=oneshot
+KeyringMode=shared
ExecStart=-/usr/bin/ykfde
ExecStart=/usr/bin/ykfde-cpio
ExecStop=/usr/bin/ykfde-cpio