mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-24 03:43:53 +03:00
nixos/luksroot: allow to enter passphrase from another console
This commit is contained in:
parent
1bd3d9de2a
commit
12fcfe39db
@ -32,9 +32,12 @@ let
|
||||
''}
|
||||
|
||||
open_normally() {
|
||||
cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
|
||||
echo luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
|
||||
${optionalString (header != null) "--header=${header}"} \
|
||||
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"}
|
||||
${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"} \
|
||||
> /.luksopen_args
|
||||
cryptsetup-askpass
|
||||
rm /.luksopen_args
|
||||
}
|
||||
|
||||
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
|
||||
@ -418,6 +421,18 @@ in
|
||||
boot.initrd.extraUtilsCommands = ''
|
||||
copy_bin_and_libs ${pkgs.cryptsetup}/bin/cryptsetup
|
||||
|
||||
cat > $out/bin/cryptsetup-askpass <<EOF
|
||||
#!$out/bin/sh -e
|
||||
if [ -e /.luksopen_args ]; then
|
||||
cryptsetup \$(cat /.luksopen_args)
|
||||
killall cryptsetup
|
||||
else
|
||||
echo "Passphrase is not requested now"
|
||||
exit 1
|
||||
fi
|
||||
EOF
|
||||
chmod +x $out/bin/cryptsetup-askpass
|
||||
|
||||
${optionalString luks.yubikeySupport ''
|
||||
copy_bin_and_libs ${pkgs.ykpers}/bin/ykchalresp
|
||||
copy_bin_and_libs ${pkgs.ykpers}/bin/ykinfo
|
||||
|
Loading…
Reference in New Issue
Block a user