From 104a2e76f9033f49e8fb33817fbdd1d19e13c2a2 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Thu, 17 Apr 2014 12:46:23 +0200
Subject: get encrypted device from /etc/crypttab.initramfs

---
 README.md | 18 +++++++++---------
 bin/ykfde | 14 +++++---------
 2 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 8bb3307..083a19b 100644
--- a/README.md
+++ b/README.md
@@ -38,19 +38,19 @@ This will place files to their desired places in filesystem.
 Usage
 -----
 
-First prepare the key. Plug it in, make sure it is configured for
-`HMAC-SHA1`, then run:
-
-> ykfde -d /dev/`LUKS-device`
-
-This will store a challenge in `/etc/ykfde.d/` and add a new slot to
-your LUKS device. Make sure systemd knows about your encrypted device by
+Make sure systemd knows about your encrypted device by
 adding a line to `/etc/crypttab.initramfs`. It should read like:
 
 > `mapping-name` /dev/`LUKS-device` -
 
-Add `ykfde` to your hook list in `/etc/mkinitcpio.conf` and rebuild your
-initramfs with:
+`ykfde` will read its information from there. Then prepare the key. Plug
+it in, make sure it is configured for `HMAC-SHA1`. After that run:
+
+> ykfde
+
+This will store a challenge in `/etc/ykfde.d/` and add a new slot to
+your LUKS device. Last add `ykfde` to your hook list in
+`/etc/mkinitcpio.conf` and rebuild your initramfs with:
 
 > mkinitcpio -p linux
 
diff --git a/bin/ykfde b/bin/ykfde
index 7aa7a9f..484d1d4 100755
--- a/bin/ykfde
+++ b/bin/ykfde
@@ -6,13 +6,13 @@ function help() {
 	echo "where OPTIONS are:"
 	echo " -1         use Yubico key slot 1"
 	echo " -2         use Yubico key slot 2 (default)"
-	echo " -d DEVICE  add key to device DEVICE"
 	echo " -h         show this help"
 }
 
-TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)"
-SLOT="2"
+DEVICE="$(egrep -v '^(#|$)' /etc/crypttab.initramfs 2>/dev/null | head -n1 | sed 's/\s\+/:/g' | cut -d: -f2)"
 SERIAL="$(ykinfo -sq)"
+SLOT="2"
+TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)"
 
 while getopts "12d:h" opt; do
 	case ${opt} in
@@ -22,9 +22,6 @@ while getopts "12d:h" opt; do
 		2)
 			SLOT="2"
 			;;
-		d)
-			DEVICE="${OPTARG}"
-			;;
 		h)
 			help
 			exit 0
@@ -34,8 +31,7 @@ done
 
 # check we have all information
 if [ -z "${DEVICE}" ]; then
-	echo "No device given." >&2
-	help
+	echo "Failed to get device from /etc/crypttab.initramfs." >&2
 	exit 1
 elif [ ! -b "${DEVICE}" ]; then
 	echo "Device '${DEVICE}' does not exist or is not a block device." >&2
@@ -44,7 +40,7 @@ elif ! cryptsetup isLuks "${DEVICE}" 2>/dev/null; then
 	echo "Device '${DEVICE}' is not a LUKS device." >&2
 	exit 1
 elif [ -z "${SERIAL}" ]; then
-	echo "Did not get a serial number from key." >&2
+	echo "Did not get a serial number from key. Did you insert one?" >&2
 	exit 1
 fi
 
-- 
cgit v1.2.3-54-g00ecf