From 104a2e76f9033f49e8fb33817fbdd1d19e13c2a2 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 17 Apr 2014 12:46:23 +0200 Subject: get encrypted device from /etc/crypttab.initramfs --- README.md | 18 +++++++++--------- bin/ykfde | 14 +++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 8bb3307..083a19b 100644 --- a/README.md +++ b/README.md @@ -38,19 +38,19 @@ This will place files to their desired places in filesystem. Usage ----- -First prepare the key. Plug it in, make sure it is configured for -`HMAC-SHA1`, then run: - -> ykfde -d /dev/`LUKS-device` - -This will store a challenge in `/etc/ykfde.d/` and add a new slot to -your LUKS device. Make sure systemd knows about your encrypted device by +Make sure systemd knows about your encrypted device by adding a line to `/etc/crypttab.initramfs`. It should read like: > `mapping-name` /dev/`LUKS-device` - -Add `ykfde` to your hook list in `/etc/mkinitcpio.conf` and rebuild your -initramfs with: +`ykfde` will read its information from there. Then prepare the key. Plug +it in, make sure it is configured for `HMAC-SHA1`. After that run: + +> ykfde + +This will store a challenge in `/etc/ykfde.d/` and add a new slot to +your LUKS device. Last add `ykfde` to your hook list in +`/etc/mkinitcpio.conf` and rebuild your initramfs with: > mkinitcpio -p linux diff --git a/bin/ykfde b/bin/ykfde index 7aa7a9f..484d1d4 100755 --- a/bin/ykfde +++ b/bin/ykfde @@ -6,13 +6,13 @@ function help() { echo "where OPTIONS are:" echo " -1 use Yubico key slot 1" echo " -2 use Yubico key slot 2 (default)" - echo " -d DEVICE add key to device DEVICE" echo " -h show this help" } -TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)" -SLOT="2" +DEVICE="$(egrep -v '^(#|$)' /etc/crypttab.initramfs 2>/dev/null | head -n1 | sed 's/\s\+/:/g' | cut -d: -f2)" SERIAL="$(ykinfo -sq)" +SLOT="2" +TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)" while getopts "12d:h" opt; do case ${opt} in @@ -22,9 +22,6 @@ while getopts "12d:h" opt; do 2) SLOT="2" ;; - d) - DEVICE="${OPTARG}" - ;; h) help exit 0 @@ -34,8 +31,7 @@ done # check we have all information if [ -z "${DEVICE}" ]; then - echo "No device given." >&2 - help + echo "Failed to get device from /etc/crypttab.initramfs." >&2 exit 1 elif [ ! -b "${DEVICE}" ]; then echo "Device '${DEVICE}' does not exist or is not a block device." >&2 @@ -44,7 +40,7 @@ elif ! cryptsetup isLuks "${DEVICE}" 2>/dev/null; then echo "Device '${DEVICE}' is not a LUKS device." >&2 exit 1 elif [ -z "${SERIAL}" ]; then - echo "Did not get a serial number from key." >&2 + echo "Did not get a serial number from key. Did you insert one?" >&2 exit 1 fi -- cgit v1.2.3-70-g09d2