From e79ca4185947e867e8ea26521443413c2094a8c8 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Sat, 16 Sep 2017 00:26:28 +0200
Subject: update for recent keyring changes in systemd

With systemd v235 we will have new KeyringMode= for services. Setting
KeyringMode=shared allows to share secrets between services. Use that
for our services.

As udev is not started with a shared keyring we can not run the worker
directly. Instead always start the service.
---
 systemd/ykfde-2f.service     | 1 +
 systemd/ykfde-worker.service | 1 +
 systemd/ykfde.service        | 1 +
 udev/20-ykfde.rules          | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service
index b92e704..92c65b7 100644
--- a/systemd/ykfde-2f.service
+++ b/systemd/ykfde-2f.service
@@ -14,4 +14,5 @@ ConditionPathExists=/etc/ykfde.d/
 Type=oneshot
 RemainAfterExit=yes
 TimeoutSec=0
+KeyringMode=shared
 ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --id='ykfde-2f' --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!'
diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service
index 0d12514..4389bc4 100644
--- a/systemd/ykfde-worker.service
+++ b/systemd/ykfde-worker.service
@@ -13,4 +13,5 @@ After=ykfde-2f.service
 
 [Service]
 Type=oneshot
+KeyringMode=shared
 ExecStart=/usr/lib/ykfde/worker
diff --git a/systemd/ykfde.service b/systemd/ykfde.service
index 870529b..bbc918b 100644
--- a/systemd/ykfde.service
+++ b/systemd/ykfde.service
@@ -3,6 +3,7 @@ Description=Yubikey full disk encryption
 
 [Service]
 Type=oneshot
+KeyringMode=shared
 ExecStart=-/usr/bin/ykfde
 ExecStart=/usr/bin/ykfde-cpio
 ExecStop=/usr/bin/ykfde-cpio
diff --git a/udev/20-ykfde.rules b/udev/20-ykfde.rules
index 6973819..7328da3 100644
--- a/udev/20-ykfde.rules
+++ b/udev/20-ykfde.rules
@@ -25,4 +25,4 @@
 ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", \
 	ATTRS{idVendor}=="1050", \
 	ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
-	RUN+="/usr/lib/ykfde/worker"
+	RUN+="/usr/bin/systemctl start ykfde-worker.service"
-- 
cgit v1.2.3-54-g00ecf