diff options
author | Mauro Santos | 2015-11-18 19:18:38 +0000 |
---|---|---|
committer | Mauro Santos | 2015-11-18 19:18:38 +0000 |
commit | 3fca96f28d338fe545ab4e8a0e6241c3bff54fa9 (patch) | |
tree | d61754e15928b035a1327221993e830723b86e78 | |
parent | 2a9958aed5c09a50e6080d672fcd3469d82201ad (diff) | |
download | aur-3fca96f28d338fe545ab4e8a0e6241c3bff54fa9.tar.gz |
Add support for challenge-response with the yubikey.
Misc fixes and tweaks.
-rw-r--r-- | .SRCINFO | 10 | ||||
-rw-r--r-- | PKGBUILD | 10 | ||||
-rwxr-xr-x | linuxpba-arch | 16 | ||||
-rw-r--r-- | linuxpba.conf.etc | 7 | ||||
-rw-r--r-- | linuxpba.conf.lib | 5 | ||||
-rw-r--r-- | linuxpba.install | 6 |
6 files changed, 29 insertions, 25 deletions
@@ -1,7 +1,7 @@ pkgbase = sedutil pkgdesc = TCG OPAL 2.00 SED Management Program pkgver = 1.10 - pkgrel = 2 + pkgrel = 3 url = https://github.com/Drive-Trust-Alliance/sedutil install = sedutil.install arch = i686 @@ -25,11 +25,11 @@ pkgbase = sedutil sha256sums = 5ab7ef67fea0f4e370d8f0a4da87636a1df18e0edb0152d08f906f38280cc0e8 sha256sums = 77c725e4eee095dbede512d2bca13b8f2c139a67b9b87a11d98be94e6df0e1d7 sha256sums = c599c6066f23aa403cd7c4c43b9b9900079cdbb7bc0b97c79e70a2383864646f - sha256sums = 7b2ffee83e775f9225728f2457752e20792112148079490f95e7b3b72ee0db30 - sha256sums = b444dc45933db1ba893ad1a4c6a9a7405b2332ae11b5db8dc86c6dae45776948 - sha256sums = fb23e2697cb5d8e3240ed6cd9345c40606defd298405938020e7efffe9cbebed + sha256sums = 80a7bdea707a0935310adc3c88a2e0958767134315a2da284bc2afb0ed1b2135 + sha256sums = 6bf64faa4e413bac489e83518daf6963760cc4474ea2b848d0192402214c0efb + sha256sums = a110e6d6da0fd658412d8c79f7f2cbc58a9b0067c34c34c94c8f623801eecc78 sha256sums = d9a7b66d8365e7f4eb0233b30c0ab70b5e978f6554960bf12994a1f0910c1447 - sha256sums = b20ec0ee18cf8cbdad7e2154fdad3e0c4ba3b65471c750464c69f23318e4e80d + sha256sums = f31a0ba891dd705ef68174afeb651bdc3426a63202d058d98510907de43248f7 sha256sums = e94d011c98bd336f37d6d4923e5d63a22ebd10d8f2c6486b6bcd6617524d6484 pkgname = sedutil @@ -2,7 +2,7 @@ pkgname=sedutil pkgver=1.10 -pkgrel=2 +pkgrel=3 pkgdesc="TCG OPAL 2.00 SED Management Program" arch=('i686' 'x86_64') url="https://github.com/Drive-Trust-Alliance/sedutil" @@ -26,11 +26,11 @@ sha256sums=('31b1006a1f65b83fb419635f21a02bfb99bed8d4d6b351f566831af3682165dd' '5ab7ef67fea0f4e370d8f0a4da87636a1df18e0edb0152d08f906f38280cc0e8' '77c725e4eee095dbede512d2bca13b8f2c139a67b9b87a11d98be94e6df0e1d7' 'c599c6066f23aa403cd7c4c43b9b9900079cdbb7bc0b97c79e70a2383864646f' - '7b2ffee83e775f9225728f2457752e20792112148079490f95e7b3b72ee0db30' - 'b444dc45933db1ba893ad1a4c6a9a7405b2332ae11b5db8dc86c6dae45776948' - 'fb23e2697cb5d8e3240ed6cd9345c40606defd298405938020e7efffe9cbebed' + '80a7bdea707a0935310adc3c88a2e0958767134315a2da284bc2afb0ed1b2135' + '6bf64faa4e413bac489e83518daf6963760cc4474ea2b848d0192402214c0efb' + 'a110e6d6da0fd658412d8c79f7f2cbc58a9b0067c34c34c94c8f623801eecc78' 'd9a7b66d8365e7f4eb0233b30c0ab70b5e978f6554960bf12994a1f0910c1447' - 'b20ec0ee18cf8cbdad7e2154fdad3e0c4ba3b65471c750464c69f23318e4e80d' + 'f31a0ba891dd705ef68174afeb651bdc3426a63202d058d98510907de43248f7' 'e94d011c98bd336f37d6d4923e5d63a22ebd10d8f2c6486b6bcd6617524d6484') PKGEXT='.pkg.tar' CPPFLAGS="$CPPFLAGS -O2" diff --git a/linuxpba-arch b/linuxpba-arch index 83748caec088..7aea198d8f4f 100755 --- a/linuxpba-arch +++ b/linuxpba-arch @@ -22,12 +22,18 @@ then ykinfo -s &>/dev/null if [[ $? -eq 0 ]] then - echo "Press the Yubikey button if it is blinking." + if [[ "x$YKCHAL" = "x" ]] + then + echo -n "Enter the Yubikey challenge: " + YKCHAL="$(getpasswd)" + echo "" + fi + echo "Touch the Yubikey button if it is blinking." KEYFOB_PASSWD="$(ykchalresp -2 "$YKCHAL" 2>/dev/null)" fi fi - if [[ "x$KEYFOB_PASSWD" != "x" && "x$SED_PASSWD" = "x" ]] + if [[ "x$KEYFOB_PASSWD" != "x" ]] then echo -n "Unlocking keyring with yubikey password ... " echo -n "$KEYFOB_PASSWD" | cryptsetup --key-file - open --type luks \ @@ -68,12 +74,12 @@ then fi fi -while [[ "x$SED_PASSWD" = "x" ]] -do +if [[ "x$SED_PASSWD" = "x" ]] +then echo -n "Enter password to unlock the OPAL drives: " SED_PASSWD="$(getpasswd)" echo "" -done +fi ERRORS=0 diff --git a/linuxpba.conf.etc b/linuxpba.conf.etc index d70f596877e8..40f2ff9bda44 100644 --- a/linuxpba.conf.etc +++ b/linuxpba.conf.etc @@ -20,13 +20,14 @@ USE_SEDUTIL_PBA=1 # The challenge to send to the yubikey. The response will unlock the # keyring file. Use the challenge configured here as the challenge when -# creating your luks encrypted keyring file. -YKCHAL=GiveMeThePassword +# creating your luks encrypted keyring file. Alternatively leave the challenge +# blank to be prompted for the challenge when booting. +YKCHAL="GiveMeThePassword" # Keyfile name. Use an udev rule to create a single symlink to one of many # devices with the luks keys and add the rule file in the FILES array above, # or set this to /dev/disk/by-id of the device where you keep the keyfile. -KFNAME=/dev/cryptkey +KFNAME="/dev/cryptkey" # How many bytes to skip in the beginning of the keyfile device KFSKIP=524288 diff --git a/linuxpba.conf.lib b/linuxpba.conf.lib index f616a8a3fcac..da056bdb6f27 100644 --- a/linuxpba.conf.lib +++ b/linuxpba.conf.lib @@ -1,3 +1,6 @@ . /etc/linuxpba/linuxpba.conf -MODULES="$MODULES loop dm-crypt xts algif_skcipher af_alg" +if [[ "$USE_SEDUTIL_PBA" -eq 0 ]] +then + MODULES="$MODULES loop dm-crypt xts algif_skcipher" +fi diff --git a/linuxpba.install b/linuxpba.install index f76ce1d09c00..aac5d3662dd0 100644 --- a/linuxpba.install +++ b/linuxpba.install @@ -19,12 +19,6 @@ build () { add_binary "cryptsetup" add_binary "dmsetup" add_file "/etc/linuxpba/keyring.luks" - add_module loop - #add_all_modules '/crypto/' - add_module dm-crypt - add_module xts - add_module algif_skcipher - add_module af_alg add_file "/usr/lib/udev/rules.d/10-dm.rules" add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" |