diff options
author | Alex Wilson | 2021-03-10 16:28:08 +1000 |
---|---|---|
committer | Alex Wilson | 2021-03-10 16:28:08 +1000 |
commit | 14eb7308203ad6a648be5bafe2a5f4825136d8ee (patch) | |
tree | 0fca06a95d2d2fafe714cea77fb38dc3ccf0cd42 | |
parent | ef28e3a1858176eb2d25d0f7ff725f04d494aaf2 (diff) | |
download | aur-14eb7308203ad6a648be5bafe2a5f4825136d8ee.tar.gz |
Add implicit rekey after unlock in initcpio hook
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 4 | ||||
-rw-r--r-- | zfs-pivy.hook | 3 |
3 files changed, 7 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = pivy pkgdesc = Tools for using PIV smartcards/Yubikeys with ssh-agent and disk encryption pkgver = 0.8.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/arekinath/pivy arch = x86 arch = x86_64 @@ -22,7 +22,7 @@ pkgbase = pivy source = https://github.com/arekinath/pivy/archive/v0.8.0.tar.gz source = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.0.tar.gz source = https://github.com/arekinath/mini-pcsc/archive/v0.2.0.tar.gz - sha256sums = dbabe4001bfc204ea82bff22fd40cc5526f74398fb067af6816ac3c7025664dd + sha256sums = 7925467b71227ae835cc5bf5ebf0b74ea6d740738af5d13be05e0416a78f8acc sha256sums = 44b5a004a06ffe214df2810bb2d58a3ecb2bdcf1c892411a8d574afac935f678 sha256sums = c32b008a730ddc8661e4b0542408b30d46868ee66890612b7f1cbc84803eaf57 sha256sums = f91aad0c8fb9cbc67c910ad6dcffb401a819b4fd122007ea7f978638db044cf6 @@ -1,7 +1,7 @@ # Maintainer: Alex Wilson <alex at cooperi dot net> pkgname=pivy pkgver=0.8.0 -pkgrel=1 +pkgrel=2 pkgdesc="Tools for using PIV smartcards/Yubikeys with ssh-agent and disk encryption" url="https://github.com/arekinath/pivy" license=('MPL2') @@ -17,7 +17,7 @@ optdepends=('cryptsetup: LUKS encrypted disk support (pivy-luks)' 'zfs-utils: ZFS encrypted pool/fs support (pivy-zfs)' 'pam: PAM plugin (pam_pivy.so)') makedepends=(pkgconf cryptsetup zfs-utils json-c pam) -sha256sums=('dbabe4001bfc204ea82bff22fd40cc5526f74398fb067af6816ac3c7025664dd' +sha256sums=('7925467b71227ae835cc5bf5ebf0b74ea6d740738af5d13be05e0416a78f8acc' '44b5a004a06ffe214df2810bb2d58a3ecb2bdcf1c892411a8d574afac935f678' 'c32b008a730ddc8661e4b0542408b30d46868ee66890612b7f1cbc84803eaf57' 'f91aad0c8fb9cbc67c910ad6dcffb401a819b4fd122007ea7f978638db044cf6' diff --git a/zfs-pivy.hook b/zfs-pivy.hook index b5b8b75f2cb0..b78c4df92f31 100644 --- a/zfs-pivy.hook +++ b/zfs-pivy.hook @@ -52,6 +52,9 @@ zfs_decrypt_fs() { ! eval pivy-zfs unlock "${encryptionroot}"; do sleep 2 done + # do an implicit re-key after unlock, so that the exchange we had with + # the yubikey is not replayable + pivy-zfs rekey "${encryptionroot}" fi # loop until we get the correct password or key is unlocked by another vector (SSH for instance) |