diff options
author | Alex Wilson | 2019-08-25 19:51:16 +1000 |
---|---|---|
committer | Alex Wilson | 2019-08-25 19:51:16 +1000 |
commit | dd068d3a8334d769fa6466dce0210002fde02854 (patch) | |
tree | c2ca1bf16d7445383c820c989915a296fa9bd014 | |
parent | 656a0fb2343157088851889ff80358ff10b69815 (diff) | |
download | aur-dd068d3a8334d769fa6466dce0210002fde02854.tar.gz |
Use mini-pcsc in initramfs for better reliability
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | PKGBUILD | 20 | ||||
-rw-r--r-- | zfs-pivy.hook | 47 | ||||
-rw-r--r-- | zfs-pivy.install | 16 |
4 files changed, 58 insertions, 37 deletions
@@ -1,7 +1,7 @@ pkgbase = pivy pkgdesc = Tools for using PIV smartcards/Yubikeys with ssh-agent and disk encryption pkgver = 0.3.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/arekinath/pivy arch = x86 arch = x86_64 @@ -19,10 +19,12 @@ pkgbase = pivy source = zfs-pivy.install source = https://github.com/arekinath/pivy/archive/v0.3.0.tar.gz source = https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz - md5sums = d93eb0df79e3700e316903eefc13b669 - md5sums = 682ea42ea2f4ea193e72c7ec332782a7 - md5sums = 15fc9fbdf780d05e093474a9a7faec23 - md5sums = 94ce8f4cdbb6b57565da61e380d63045 + source = https://github.com/arekinath/mini-pcsc/archive/v0.1.0.tar.gz + sha256sums = 404e1ba4ab21e030f1661898d21c6a64a7dda5ad12cee678e33ad77856557f1b + sha256sums = 44b5a004a06ffe214df2810bb2d58a3ecb2bdcf1c892411a8d574afac935f678 + sha256sums = f29ae879030bcd72a04df71b1854d1cf9ecda130825efc80ab7fe3b74d3735b8 + sha256sums = 1e3a9fada06c1c060011470ad0ff960de28f9a0515277d7336f7e09362517da6 + sha256sums = aff68661c77bde91d67bfe3a132fab1bfa6e445281c7362caa59e5238b228e66 pkgname = pivy @@ -1,7 +1,7 @@ # Maintainer: Alex Wilson <alex at cooperi dot net> pkgname=pivy pkgver=0.3.0 -pkgrel=1 +pkgrel=2 pkgdesc="Tools for using PIV smartcards/Yubikeys with ssh-agent and disk encryption" url="https://github.com/arekinath/pivy" license=('MPL2') @@ -9,16 +9,18 @@ source=( "zfs-pivy.hook" "zfs-pivy.install" "https://github.com/arekinath/pivy/archive/v$pkgver.tar.gz" - "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz") + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4.tar.gz" + "https://github.com/arekinath/mini-pcsc/archive/v0.1.0.tar.gz") arch=(x86 x86_64) depends=(libbsd pcsclite libedit) optdepends=('cryptsetup: LUKS encrypted disk support (pivy-luks)' 'zfs-utils: ZFS encrypted pool/fs support (pivy-zfs)') makedepends=(pkgconf cryptsetup zfs-utils json-c) -md5sums=('d93eb0df79e3700e316903eefc13b669' - '682ea42ea2f4ea193e72c7ec332782a7' - '15fc9fbdf780d05e093474a9a7faec23' - '94ce8f4cdbb6b57565da61e380d63045') +sha256sums=('404e1ba4ab21e030f1661898d21c6a64a7dda5ad12cee678e33ad77856557f1b' + '44b5a004a06ffe214df2810bb2d58a3ecb2bdcf1c892411a8d574afac935f678' + 'f29ae879030bcd72a04df71b1854d1cf9ecda130825efc80ab7fe3b74d3735b8' + '1e3a9fada06c1c060011470ad0ff960de28f9a0515277d7336f7e09362517da6' + 'aff68661c77bde91d67bfe3a132fab1bfa6e445281c7362caa59e5238b228e66') prepare() { mv "libressl-2.7.4" "$pkgname-$pkgver/libressl" @@ -27,12 +29,18 @@ prepare() { build() { cd "$pkgname-$pkgver" make prefix=/usr USE_ZFS=yes USE_LUKS=yes + cd "../mini-pcsc-0.1.0" + make } package() { cd "$pkgname-$pkgver" make prefix=/usr DESTDIR="$pkgdir/" USE_ZFS=yes USE_LUKS=yes install + cd "../mini-pcsc-0.1.0" + install -o root -g root -m 0755 -d "${pkgdir}/usr/lib" + install -o root -g root -m 0755 libminipcsc.so "${pkgdir}/usr/lib/libminipcsc.so" + cd "$srcdir" hookdir="${pkgdir}/usr/lib/initcpio/hooks" hookinsdir="${pkgdir}/usr/lib/initcpio/install" diff --git a/zfs-pivy.hook b/zfs-pivy.hook index 39bc0a9a9391..dd5bd3506211 100644 --- a/zfs-pivy.hook +++ b/zfs-pivy.hook @@ -135,27 +135,28 @@ run_hook() { # Wait 15 seconds for ZFS devices to show up [ "${zfs_wait}" = "" ] && ZFS_WAIT="15" || ZFS_WAIT="${zfs_wait}" - # Start pcscd, in case we want it for pivy-zfs - msg ":: starting pcscd" - pcscd --force-reader-polling --foreground & - while [[ ! -f /run/pcscd/pcscd.pid ]]; do - sleep 0.2 - done - pcscd_pid=$(cat /run/pcscd/pcscd.pid) - kill_pcscd() { - if [[ -n "$pcscd_pid" ]]; then - kill $pcscd_pid - fi - pcscd_pid= - } - trap kill_pcscd EXIT - msg ":: waiting for smartcard devices..." - sleep 5 - udevadm trigger & - sleep 1 - pcscd --hotplug - pivy-tool list >/dev/null 2>/dev/null & - sleep 2 + if [[ -f /usr/bin/pcscd ]]; then + # Start pcscd, in case we want it for pivy-zfs + msg ":: starting pcscd" + pcscd --force-reader-polling --foreground & + while [[ ! -f /run/pcscd/pcscd.pid ]]; do + sleep 0.2 + done + pcscd_pid=$(cat /run/pcscd/pcscd.pid) + kill_pcscd() { + if [[ -n "$pcscd_pid" ]]; then + kill $pcscd_pid + fi + pcscd_pid= + } + msg ":: waiting for smartcard devices..." + sleep 5 + udevadm trigger & + sleep 1 + pcscd --hotplug + pivy-tool list >/dev/null 2>/dev/null & + sleep 2 + fi case ${root} in # root=zfs @@ -210,7 +211,9 @@ run_hook() { sleep 1 done kill $pid > /dev/null 2>&1 - kill_pcscd + if [[ -f /usr/bin/pcscd ]]; then + kill_pcscd + fi } run_latehook () { diff --git a/zfs-pivy.install b/zfs-pivy.install index 7b8fd045a074..698b59a8ea29 100644 --- a/zfs-pivy.install +++ b/zfs-pivy.install @@ -9,6 +9,18 @@ build() { zfs \ spl + if [[ -f /usr/lib/libminipcsc.so ]]; then + map add_file /usr/lib/libminipcsc.so + ln -sf libminipcsc.so "${BUILDROOT}/usr/lib/libpcsclite.so.1" + else + map add_file \ + /etc/libccid_Info.plist \ + /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist \ + /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so \ + /usr/lib/libpcsclite.so.1 + map add_binary pcscd + fi + map add_binary \ fsck.zfs \ mount.zfs \ @@ -23,7 +35,6 @@ build() { /lib/udev/vdev_id \ /lib/udev/zvol_id \ findmnt \ - pcscd \ pivy-zfs \ pivy-box \ pivy-tool @@ -33,9 +44,6 @@ build() { /lib/udev/rules.d/69-vdev.rules \ /lib/udev/rules.d/90-zfs.rules \ /lib/libgcc_s.so.1 \ - /etc/libccid_Info.plist \ - /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist \ - /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so \ /usr/lib/libfl.so.2 \ /usr/lib/libusb-1.0.so.0 |