public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/luksroot: allow to enter passphrase from another console

Browse Source
This commit is contained in:
Nikolay Amiantov 2015-10-18 13:50:36 +03:00
parent 1bd3d9de2a
commit 12fcfe39db
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/system/boot/luksroot.nix
View File

@ -32,9 +32,12 @@ let
''} ''}
open_normally() { open_normally() {
cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \ echo luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
${optionalString (header != null) "--header=${header}"} \ ${optionalString (header != null) "--header=${header}"} \
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
> /.luksopen_args
cryptsetup-askpass
rm /.luksopen_args
} }
${optionalString (luks.yubikeySupport && (yubikey != null)) '' ${optionalString (luks.yubikeySupport && (yubikey != null)) ''
@ -418,6 +421,18 @@ in
boot.initrd.extraUtilsCommands = '' boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup
cat > $out/bin/cryptsetup-askpass <<EOF
#!$out/bin/sh -e
if [ -e /.luksopen_args ]; then
cryptsetup \$(cat /.luksopen_args)
killall cryptsetup
else
echo "Passphrase is not requested now"
exit 1
fi
EOF
chmod +x $out/bin/cryptsetup-askpass
${optionalString luks.yubikeySupport '' ${optionalString luks.yubikeySupport ''
copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp
copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo