125 lines
3.4 KiB
Bash
Executable File
125 lines
3.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# Why not use "openct-tool rwait" instead of polling opensc-tool exit status?
|
|
# Well openct daemon has to be running which interferes with pcscd since both
|
|
# implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't
|
|
# work with the CCID driver in openct, however it does work with pcscd.
|
|
|
|
# Why not use "opensc-tool --wait" instead of polling opensc-tool exit status?
|
|
# Although opensc-tool --help reports that there is a --wait option, it doesn't
|
|
# seem to be implemented.
|
|
|
|
check_plymouth() {
|
|
plymouth=0
|
|
if [ -x /bin/plymouth ] && plymouth --ping > /dev/null ; then
|
|
plymouth=1
|
|
fi
|
|
}
|
|
|
|
check_osk_sdl() {
|
|
osk_sdl=0
|
|
if [ -f /usr/bin/osk-sdl ] ; then
|
|
osk_sdl=1
|
|
export ETNA_MESA_DEBUG=no_supertile
|
|
export SDL_VIDEODRIVER=kmsdrm
|
|
fi
|
|
}
|
|
|
|
check_card() {
|
|
cardfound=0
|
|
if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
|
|
cardfound=1
|
|
fi
|
|
}
|
|
|
|
log_message() {
|
|
if [ $plymouth = 1 ] ; then
|
|
plymouth display-message --text="$@" 2>/dev/null
|
|
else
|
|
echo "$@" >&2
|
|
fi
|
|
}
|
|
|
|
fallback() {
|
|
log_message 'Asking for passphrase'
|
|
if [ $plymouth = 1 ] ; then
|
|
if [ $osk_sdl = 1 ] ; then
|
|
plymouth hide-splash 2>/dev/null
|
|
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|
|
|| panic "Failure running osk-sdl. Good luck."
|
|
plymouth show-splash 2>/dev/null
|
|
else
|
|
plymouth ask-for-password --prompt "Try LUKS password for $CRYPTTAB_NAME: " 2>/dev/null
|
|
exit 0
|
|
fi
|
|
else
|
|
if [ $osk_sdl = 1 ] ; then
|
|
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|
|
|| panic "Failure running osk-sdl. Good luck."
|
|
else
|
|
echo </dev/console 2>/dev/console
|
|
exit 0
|
|
fi
|
|
|
|
fi
|
|
exit $?
|
|
}
|
|
|
|
wait_card() {
|
|
check_card
|
|
if [ $cardfound = 0 ] ; then
|
|
log_message "Waiting for Smart Card..."
|
|
tries=0
|
|
while [ $cardfound = 0 ] && [ $tries -lt 15 ] ; do
|
|
sleep 1
|
|
check_card
|
|
tries=$(($tries + 1))
|
|
done
|
|
if [ $cardfound = 0 ] ; then
|
|
log_message 'Failed to find Smart Card card!'
|
|
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
|
|
log_message 'Already decrypted'
|
|
exit 0
|
|
else
|
|
fallback
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
|
|
check_plymouth
|
|
check_osk_sdl
|
|
|
|
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
|
|
log_message 'Already decrypted'
|
|
exit 0
|
|
fi
|
|
|
|
wait_card
|
|
|
|
if [ $plymouth = 1 ] ; then
|
|
if [ $osk_sdl = 1 ] ; then
|
|
# Get pin number from osk_sdl
|
|
plymouth hide-splash 2>/dev/null
|
|
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
|
|
--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
|
|
plymouth show-splash 2>/dev/null
|
|
else
|
|
# Get pin number from plymouth
|
|
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
|
|
--pin "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
|
|
fi
|
|
else
|
|
if [ $osk_sdl = 1 ] ; then
|
|
# Get pin number from osk_sdl
|
|
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
|
|
--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
|
|
else
|
|
# Get pin number from console
|
|
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw </dev/console 2>/dev/console
|
|
fi
|
|
fi
|
|
|
|
exit $?
|