diff options
| author |  Christian Hesse <mail@eworm.de> | 2014-04-17 12:46:23 +0200 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2014-04-17 12:46:23 +0200 |
| commit | 104a2e76f9033f49e8fb33817fbdd1d19e13c2a2 (patch) | |
| tree | de75bfbfd4f4c3ad83051790abe28fca589db0e0 | |
| parent | 09a783e4ca5026efc458ca4f3495c494ebfffc44 (diff) | |
| download | mkinitcpio-ykfde-104a2e76f9033f49e8fb33817fbdd1d19e13c2a2.tar.gz mkinitcpio-ykfde-104a2e76f9033f49e8fb33817fbdd1d19e13c2a2.tar.zst | |
get encrypted device from /etc/crypttab.initramfs
| -rw-r--r-- | README.md | 18 | ||||
| -rwxr-xr-x | bin/ykfde | 14 |
2 files changed, 14 insertions, 18 deletions
@@ -38,19 +38,19 @@ This will place files to their desired places in filesystem. Usage ----- -First prepare the key. Plug it in, make sure it is configured for -`HMAC-SHA1`, then run: - -> ykfde -d /dev/`LUKS-device` - -This will store a challenge in `/etc/ykfde.d/` and add a new slot to -your LUKS device. Make sure systemd knows about your encrypted device by +Make sure systemd knows about your encrypted device by adding a line to `/etc/crypttab.initramfs`. It should read like: > `mapping-name` /dev/`LUKS-device` - -Add `ykfde` to your hook list in `/etc/mkinitcpio.conf` and rebuild your -initramfs with: +`ykfde` will read its information from there. Then prepare the key. Plug +it in, make sure it is configured for `HMAC-SHA1`. After that run: + +> ykfde + +This will store a challenge in `/etc/ykfde.d/` and add a new slot to +your LUKS device. Last add `ykfde` to your hook list in +`/etc/mkinitcpio.conf` and rebuild your initramfs with: > mkinitcpio -p linux @@ -6,13 +6,13 @@ function help() { echo "where OPTIONS are:" echo " -1 use Yubico key slot 1" echo " -2 use Yubico key slot 2 (default)" - echo " -d DEVICE add key to device DEVICE" echo " -h show this help" } -TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)" -SLOT="2" +DEVICE="$(egrep -v '^(#|$)' /etc/crypttab.initramfs 2>/dev/null | head -n1 | sed 's/\s\+/:/g' | cut -d: -f2)" SERIAL="$(ykinfo -sq)" +SLOT="2" +TMPDIR="$(mktemp --directory --tmpdir=/tmp/ .$(basename ${0})-${$}-XXXXXX)" while getopts "12d:h" opt; do case ${opt} in @@ -22,9 +22,6 @@ while getopts "12d:h" opt; do 2) SLOT="2" ;; - d) - DEVICE="${OPTARG}" - ;; h) help exit 0 @@ -34,8 +31,7 @@ done # check we have all information if [ -z "${DEVICE}" ]; then - echo "No device given." >&2 - help + echo "Failed to get device from /etc/crypttab.initramfs." >&2 exit 1 elif [ ! -b "${DEVICE}" ]; then echo "Device '${DEVICE}' does not exist or is not a block device." >&2 @@ -44,7 +40,7 @@ elif ! cryptsetup isLuks "${DEVICE}" 2>/dev/null; then echo "Device '${DEVICE}' is not a LUKS device." >&2 exit 1 elif [ -z "${SERIAL}" ]; then - echo "Did not get a serial number from key." >&2 + echo "Did not get a serial number from key. Did you insert one?" >&2 exit 1 fi |