blob: c2e3065ea9fc136c7de765d98dd0df36c061b4d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/usr/bin/bash
build() {
add_binary '/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so'
for FILE in /usr/lib/libp11-kit.so* /usr/lib/libpcsclite.so* /usr/lib/libpcsclite_real.so*; do
if [[ -L "${FILE}" ]]; then
add_symlink "${FILE}"
else
add_binary "${FILE}"
fi
done
printf 'module: librtpkcs11ecp.so\n' | add_file - '/usr/share/p11-kit/modules/rutoken.module' 644
add_binary '/usr/lib/pkcs11/librtpkcs11ecp.so'
printf '%s\n' \
'[Unit]' \
'Description=PC/SC Smart Card Daemon' \
'DefaultDependencies=no' \
'Requires=pcscd.socket' \
'[Service]' \
'ExecStart=/usr/bin/pcscd --foreground --disable-polkit' \
'ExecReload=/usr/bin/pcscd --hotplug' \
'RuntimeDirectory=pcscd' \
'RuntimeDirectoryPreserve=true' \
'PIDFile=/run/pcscd/pcscd.pid' \
| add_file - '/usr/lib/systemd/system/pcscd.service' 644
add_binary '/usr/bin/pcscd'
printf '%s\n' \
'[Unit]' \
'Description=PC/SC Smart Card Daemon Activation Socket' \
'DefaultDependencies=no' \
'[Socket]' \
'ListenStream=/run/pcscd/pcscd.comm' \
| add_file - '/usr/lib/systemd/system/pcscd.socket' 644
# pcscd.socket -> cryptsetup-pre.target -> systemd-cryptsetup@.service -> cryptsetup.target
add_systemd_unit 'cryptsetup-pre.target'
add_symlink '/usr/lib/systemd/system/cryptsetup-pre.target.wants/pcscd.socket' '/usr/lib/systemd/system/pcscd.socket'
add_symlink '/usr/lib/systemd/system/cryptsetup.target.wants/cryptsetup-pre.target' '/usr/lib/systemd/system/cryptsetup-pre.target'
add_file '/usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist'
add_binary '/usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so'
}
help() {
cat <<HELPEOF
This hook allows systemd to unlock LUKS2 volumes with the RuToken PKCS#11 module.
HELPEOF
}
|