From e79ca4185947e867e8ea26521443413c2094a8c8 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Sat, 16 Sep 2017 00:26:28 +0200 Subject: update for recent keyring changes in systemd With systemd v235 we will have new KeyringMode= for services. Setting KeyringMode=shared allows to share secrets between services. Use that for our services. As udev is not started with a shared keyring we can not run the worker directly. Instead always start the service. --- systemd/ykfde-2f.service | 1 + systemd/ykfde-worker.service | 1 + systemd/ykfde.service | 1 + 3 files changed, 3 insertions(+) (limited to 'systemd') diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service index b92e704..92c65b7 100644 --- a/systemd/ykfde-2f.service +++ b/systemd/ykfde-2f.service @@ -14,4 +14,5 @@ ConditionPathExists=/etc/ykfde.d/ Type=oneshot RemainAfterExit=yes TimeoutSec=0 +KeyringMode=shared ExecStart=/usr/bin/systemd-ask-password --no-tty --no-output --id='ykfde-2f' --keyname='ykfde-2f' 'Please enter second factor for Yubikey full disk encryption!' diff --git a/systemd/ykfde-worker.service b/systemd/ykfde-worker.service index 0d12514..4389bc4 100644 --- a/systemd/ykfde-worker.service +++ b/systemd/ykfde-worker.service @@ -13,4 +13,5 @@ After=ykfde-2f.service [Service] Type=oneshot +KeyringMode=shared ExecStart=/usr/lib/ykfde/worker diff --git a/systemd/ykfde.service b/systemd/ykfde.service index 870529b..bbc918b 100644 --- a/systemd/ykfde.service +++ b/systemd/ykfde.service @@ -3,6 +3,7 @@ Description=Yubikey full disk encryption [Service] Type=oneshot +KeyringMode=shared ExecStart=-/usr/bin/ykfde ExecStart=/usr/bin/ykfde-cpio ExecStop=/usr/bin/ykfde-cpio -- cgit v1.2.3-54-g00ecf