From 40a0f31f1838d4774ebd960640bfb230dc562ea1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Sat, 16 Jan 2016 02:13:22 +0100 Subject: We have support for second factor. Yeah! --- systemd/ykfde-2f | 20 ++++++++++++++++++++ systemd/ykfde-2f.service | 16 ++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 systemd/ykfde-2f create mode 100644 systemd/ykfde-2f.service (limited to 'systemd') diff --git a/systemd/ykfde-2f b/systemd/ykfde-2f new file mode 100644 index 0000000..3aac298 --- /dev/null +++ b/systemd/ykfde-2f @@ -0,0 +1,20 @@ +#!/bin/sh + +# (C) 2016 by Christian Hesse +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. + +YKFDEFACTOR="$(systemd-ask-password --no-tty 'Please enter second factor for Yubikey full disk encryption!')" +YKFDESERIAL="$(keyctl 'add' 'user' 'ykfde-2f' "${YKFDEFACTOR}" '@u')" +keyctl 'timeout' "${YKFDESERIAL}" '150' + +if [ -s '/run/ykfde.pid' ]; then + kill -USR1 $(cat '/run/ykfde.pid') + # ykfde started from udev needs a moment to set up the key + # in store. It is out of systemd control, so wait a moment + # here. + sleep 0.2 +fi + +true diff --git a/systemd/ykfde-2f.service b/systemd/ykfde-2f.service new file mode 100644 index 0000000..acb6d67 --- /dev/null +++ b/systemd/ykfde-2f.service @@ -0,0 +1,16 @@ +# (C) 2016 by Christian Hesse +# +# This software may be used and distributed according to the terms +# of the GNU General Public License, incorporated herein by reference. + +[Unit] +Description=Get 2nd Factor for YKFDE +DefaultDependencies=no +Before=cryptsetup-pre.target +Wants=cryptsetup-pre.target + +[Service] +Type=oneshot +RemainAfterExit=yes +TimeoutSec=0 +ExecStart=/usr/lib/systemd/scripts/ykfde-2f -- cgit v1.2.3-70-g09d2