From 7a91821f13b63e3efd0822fcf3c7bc47592cd730 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 18 Jan 2016 21:07:33 +0100 Subject: merge mkinitcpio hooks --- Makefile | 1 - conf/ykfde.conf | 4 ++++ mkinitcpio/ykfde | 14 ++++++++++++-- mkinitcpio/ykfde-2f | 14 -------------- 4 files changed, 16 insertions(+), 17 deletions(-) delete mode 100644 mkinitcpio/ykfde-2f diff --git a/Makefile b/Makefile index 1683ea1..f12db62 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,6 @@ install-doc: README.html README-mkinitcpio.html README-dracut.html install-mkinitcpio: install-bin install-doc $(INSTALL) -D -m0644 mkinitcpio/ykfde $(DESTDIR)/usr/lib/initcpio/install/ykfde - $(INSTALL) -D -m0644 mkinitcpio/ykfde-2f $(DESTDIR)/usr/lib/initcpio/install/ykfde-2f $(INSTALL) -D -m0644 udev/20-ykfde.rules $(DESTDIR)/usr/lib/initcpio/udev/20-ykfde.rules install-dracut: install-bin install-doc diff --git a/conf/ykfde.conf b/conf/ykfde.conf index 0525053..7c25314 100644 --- a/conf/ykfde.conf +++ b/conf/ykfde.conf @@ -10,6 +10,10 @@ yk slot = 2 # /etc/crypttab.initramfs. device name = crypt +# Do we use second factor? This setting controls wheter or not +# support is added to initramfs. +second factor = yes + # For every Yubikey in use add a section here. # * 'yk slot' is optional and only required for keys differing # from system default. diff --git a/mkinitcpio/ykfde b/mkinitcpio/ykfde index d811c09..3545def 100644 --- a/mkinitcpio/ykfde +++ b/mkinitcpio/ykfde @@ -1,13 +1,23 @@ #!/bin/sh build() { - # install files to initramfs + # install basic files to initramfs add_binary /usr/lib/udev/ykfde add_file /usr/lib/initcpio/udev/20-ykfde.rules /usr/lib/udev/rules.d/20-ykfde.rules add_file /etc/ykfde.conf + + # this is required for second factor + if egrep -qi 'second factor = (yes|true|1)' /etc/ykfde.conf; then + add_systemd_unit cryptsetup-pre.target + add_systemd_unit ykfde-2f.service + add_symlink /usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service ../ykfde-2f.service + add_file /usr/lib/systemd/scripts/ykfde-2f + add_binary keyctl + add_binary systemd-ask-password + fi } help() { echo "This hook adds support for opening LUKS devices with Yubico key." - echo "Please use command 'ykfde' to prepare." + echo "Read the documentation for additional steps to set this up." } diff --git a/mkinitcpio/ykfde-2f b/mkinitcpio/ykfde-2f deleted file mode 100644 index 5e09dd9..0000000 --- a/mkinitcpio/ykfde-2f +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -build() { - add_systemd_unit cryptsetup-pre.target - add_systemd_unit ykfde-2f.service - add_symlink "/usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service" "../ykfde-2f.service" - add_file /usr/lib/systemd/scripts/ykfde-2f - add_binary keyctl - add_binary systemd-ask-password -} - -help() { - echo "This hook adds 2nd factor support for Yubikey full disk encryption." -} -- cgit v1.2.3-70-g09d2