1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#! /bin/sh
#
# This is /sbin/ykluks-keyscript, which gets called when unlocking the disk
#
set -e
message()
{
if [ -x /bin/plymouth ] && plymouth --ping; then
plymouth message --text="$@"
else
echo "$@" >&2
fi
return 0
}
check_yubikey_present() {
ykchalresp -2 AreYouThere > /dev/null 2>%1
return $?
}
udevadm settle || true
# source for log_*_msg() functions, see LP: #272301
. /scripts/functions
if [ -z "$cryptkeyscript" ]; then
cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then
cryptkeyscript="plymouth ask-for-password --prompt"
cryptkey=$(printf "$cryptkey")
else
cryptkeyscript="/lib/cryptsetup/askpass"
fi
fi
PW="$($cryptkeyscript "Please insert yubikey and press enter or enter a valid passphrase")"
if check_yubikey_present; then
message "Accessing yubikey..."
R="$(ykchalresp -2 "$PW" 2>/dev/null || true)"
message "Retrieved the response from the Yubikey"
echo -n "$R"
else
echo -n "$PW"
fi
exit 0
|
