-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debian/Ubuntu support #88
base: master
Are you sure you want to change the base?
Debian/Ubuntu support #88
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx again. I left some initial comments
src/debian/key-script
Outdated
@@ -0,0 +1,70 @@ | |||
#! /bin/sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess you are aware this script needs rewrite as right now it's a copy-paste hybrid from two projects.
I think you have to start from the Arch version then cut-out everything that isn't related to generating secrets (nfc, luks options,trails,timeout, etc.). End result should resemble what debian version does (check if yubikey is available, ask for user secret or read it from config, send to yubikey, print response) but it needs to be consistent with arch version code syntax.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, this took a little longer than I thought, but I just finished modifying the Arch Linux version to work with Debian/Ubuntu. I left in the commented out lines from the original for now so it's easier to see what's different between the Arch and Debian versions. I confirmed that it works for both when the Yubikey is present and when there is no Yubikey present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see you still left some things like nfc (there is no support for it in debian), trials/timeouts (do the work?) and unused variables:
$ shellcheck -x key-script
In key-script line 8:
YKFDE_DISK_UUID=""
^-------------^ SC2034 (warning): YKFDE_DISK_UUID appears unused. Verify use (or export if used externally).
In key-script line 9:
YKFDE_LUKS_NAME=""
^-------------^ SC2034 (warning): YKFDE_LUKS_NAME appears unused. Verify use (or export if used externally).
In key-script line 10:
YKFDE_LUKS_DEV=""
^------------^ SC2034 (warning): YKFDE_LUKS_DEV appears unused. Verify use (or export if used externally).
In key-script line 11:
YKFDE_LUKS_OPTIONS=""
^----------------^ SC2034 (warning): YKFDE_LUKS_OPTIONS appears unused. Verify use (or export if used externally).
In key-script line 17:
YKFDE_SLEEP_AFTER_SUCCESSFUL_CRYPTSETUP=""
^-- SC2034 (warning): YKFDE_SLEEP_AFTER_SUCCESSFUL_CRYPTSETUP appears unused. Verify use (or export if used externally).
In key-script line 32:
local cryptopt cryptoptions
^------^ SC2034 (warning): cryptopt appears unused. Verify use (or export if used externally).
^----------^ SC2034 (warning): cryptoptions appears unused. Verify use (or export if used externally).
In key-script line 37:
. "$YKFDE_CONFIG_FILE" || {
^------------------^ SC1091 (info): Not following: ../ykfde.conf: openBinaryFile: does not exist (No such file or directory)
For more information:
https://www.shellcheck.net/wiki/SC2034 -- YKFDE_DISK_UUID appears unused. V...
https://www.shellcheck.net/wiki/SC1091 -- Not following: ../ykfde.conf: ope...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just removed the commented sections of code, along with the NFC code and unused variables.
As far as the trials and timeout goes, I have confirmed that they work. After the given number of trials, the prompt no longer accepts challenges or passphrases. After the given timeout, the prompt switches from asking for the challenge to asking for a passphrase.
The only issue I've come across is that I was unable to get the messages working. If there is no YubiKey present, the message saying > Waiting x for YubiKey
does not appear. Also, I believe the message saying Remember to touch the device if necessary.
does not appear.
Other than the lack of messages, everything else appears to be working correctly.
Hi, Is this still work in progress or not a active project anymore? |
@lukas-fichtner The project is active but this support never left draft mode. |
Oh that's too bad :( In fact, I was lucky and it was due to a different problem. I only had to adjust the power setting "sleep state" in the BIOS and change it to Linux. Now the suspend mode works perfectly on my Lenovo. |
This is a very good hint as my T14s is due on the 13th but yes, sounds off-topic to this specific MR. |
Initial support for Debian/Ubuntu based systems. Based on discussion in #61, I restructured the repository files to separate the packaging files from the src files. The new file structure is shown at the bottom of this post.
A few notes:
testrun.sh
does not run automatically after installing, but passes all tests when run by itself