1 files changed, 46 insertions, 0 deletions

diff --git a/pkcs11_install b/pkcs11_install
new file mode 100644
index 000000000000..d69385a7cf87
--- /dev/null
+++ b/pkcs11_install
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+build() {
+
+    # CCID
+    add_file /etc/libccid_Info.plist
+    add_file /etc/reader.conf.d/libccidtwin
+    add_file /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
+    add_binary /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
+    add_binary /usr/lib/pcsc/drivers/serial/libccidtwin.so
+
+    # OPENSC
+    add_file /etc/opensc.conf
+    add_binary /usr/lib/libopensc.so.8
+    add_binary /usr/lib/libopensc.so.8.0.0
+    add_binary /usr/lib/opensc-pkcs11.so
+    add_binary /usr/lib/pkcs11/opensc-pkcs11.so
+
+    # PCSCLITE
+    add_binary /usr/lib/libpcsclite.so
+    add_binary /usr/lib/libpcsclite.so.1
+    add_binary /usr/lib/libpcsclite.so.1.0.0
+
+
+    # PCSCD at boot before cryptsetup
+    add_systemd_unit pcscd.service
+    add_systemd_unit pcscd.socket
+    add_symlink /usr/lib/systemd/system/cryptsetup.target.wants/pcscd.socket ../pcscd.socket
+
+    # MISC
+    add_binary /usr/bin/p11tool
+    # cat /etc/pkcs11/modules/opensc.module
+    # module: opensc-pkcs11.so
+    add_file /etc/pkcs11/modules/opensc.module
+
+}
+
+help() {
+    cat <<HELPEOF
+Add and early start (ie before cryptsetup) the pcscd socket service. This
+allow cryptsetup "pkcs11-uri=auto" to find yubikey piv based token. Required
+package are: ccid opensc and pcsclite. Use with systemd and sd-encrypt hook.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et: