summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile1
-rw-r--r--conf/ykfde.conf4
-rw-r--r--mkinitcpio/ykfde14
-rw-r--r--mkinitcpio/ykfde-2f14
4 files changed, 16 insertions, 17 deletions
diff --git a/Makefile b/Makefile
index 1683ea1..f12db62 100644
--- a/Makefile
+++ b/Makefile
@@ -55,7 +55,6 @@ install-doc: README.html README-mkinitcpio.html README-dracut.html
install-mkinitcpio: install-bin install-doc
$(INSTALL) -D -m0644 mkinitcpio/ykfde $(DESTDIR)/usr/lib/initcpio/install/ykfde
- $(INSTALL) -D -m0644 mkinitcpio/ykfde-2f $(DESTDIR)/usr/lib/initcpio/install/ykfde-2f
$(INSTALL) -D -m0644 udev/20-ykfde.rules $(DESTDIR)/usr/lib/initcpio/udev/20-ykfde.rules
install-dracut: install-bin install-doc
diff --git a/conf/ykfde.conf b/conf/ykfde.conf
index 0525053..7c25314 100644
--- a/conf/ykfde.conf
+++ b/conf/ykfde.conf
@@ -10,6 +10,10 @@ yk slot = 2
# /etc/crypttab.initramfs.
device name = crypt
+# Do we use second factor? This setting controls wheter or not
+# support is added to initramfs.
+second factor = yes
+
# For every Yubikey in use add a section here.
# * 'yk slot' is optional and only required for keys differing
# from system default.
diff --git a/mkinitcpio/ykfde b/mkinitcpio/ykfde
index d811c09..3545def 100644
--- a/mkinitcpio/ykfde
+++ b/mkinitcpio/ykfde
@@ -1,13 +1,23 @@
#!/bin/sh
build() {
- # install files to initramfs
+ # install basic files to initramfs
add_binary /usr/lib/udev/ykfde
add_file /usr/lib/initcpio/udev/20-ykfde.rules /usr/lib/udev/rules.d/20-ykfde.rules
add_file /etc/ykfde.conf
+
+ # this is required for second factor
+ if egrep -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then
+ add_systemd_unit cryptsetup-pre.target
+ add_systemd_unit ykfde-2f.service
+ add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service ../ykfde-2f.service
+ add_file /usr/lib/systemd/scripts/ykfde-2f
+ add_binary keyctl
+ add_binary systemd-ask-password
+ fi
}
help() {
echo "This hook adds support for opening LUKS devices with Yubico key."
- echo "Please use command 'ykfde' to prepare."
+ echo "Read the documentation for additional steps to set this up."
}
diff --git a/mkinitcpio/ykfde-2f b/mkinitcpio/ykfde-2f
deleted file mode 100644
index 5e09dd9..0000000
--- a/mkinitcpio/ykfde-2f
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-build() {
- add_systemd_unit cryptsetup-pre.target
- add_systemd_unit ykfde-2f.service
- add_symlink "/usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service" "../ykfde-2f.service"
- add_file /usr/lib/systemd/scripts/ykfde-2f
- add_binary keyctl
- add_binary systemd-ask-password
-}
-
-help() {
- echo "This hook adds 2nd factor support for Yubikey full disk encryption."
-}