airgap-ng/configs/airgap/airootfs/root/.bash_profile

help() {
cat <<EOF
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
shard files and other persistent media. After inserting an SD card, run the
following command to mount any unmounted SD cards and find any Shard files:

  # discover-shard

This guide will assume the discovered Shard file is listed as:
  /media/mmcblk0p1/shards.pgp
If an alternative Shard file is found, that file should be used instead.

Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
where M is the minimum amount of users required to recreate the secret and N is
is the total amount of shardholders. An additional value, K, will be used to
denote the amount of smartcards (i.e., backups) to provision per shardholder.

  # prepare-shard-media
  # keyfork wizard generate-shard-secret --threshold \$M --max \$N
    --keys-per-shard \$K --output /media/sdcard/shards.pgp

The Keyfork server can be started using a Shard-secred secret locally, if all
shardholders are present, or using a QR-based remote recovery. The shard file
does not have to be present for remote recovery.

  # keyfork recover shard /media/mmcblk0p1/shards.pgp

Or

  # keyfork recover remote-shard

If performing a "Remote Shard" operation, Keyfork shards can be transported to
the system performing the operation by running the following command:

  # keyfork shard transport /media/mmcblk0p1/shards.pgp

For more information, run:

  # keyfork help
EOF
}

amount() {
  partition="$1"
  media="$1"
  if [ ! -z "$2" ]; then
    media="$2"
  fi
  echo "Automatically mounting /dev/$partition to /media/$media"
  mkdir -p "/media/$media"
  umount "/media/$partition" 2>/dev/null
  mount $MOUNT_OPTS "/dev/$partition" "/media/$media"
}

discover-shard() {
  MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"

  lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
    amount "$partition"
    find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
      echo "Found potential shardfile: $file"
    done
  done
}

prepare-shard-media() {
  echo "Please re-insert the SD card"
  udevadm monitor --udev | while read udev ts operation path type; do
    if [ "$type" = "(block)" -a "$operation" = "add" ]; then
      partition="$(echo "$path" | cut -d/ -f12)"
      if [ ! -z "$partition" ]; then
        amount "$partition" "sdcard"
        # Weird quirk with bash: if udev doesn't have anything else printing,
        # it won't trigger the start of the next loop, and therefore won't
        # "break" the loop. Run `udevadm trigger` to give udevadm more things
        # to send to `read`.
        udevadm trigger
        break
      fi
    fi
  done
}

help
echo
discover-shard
echo
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`help() {`
			`cat <<EOF`
			`Airgap Arch Linux with Keyfork is best used with a removable SD card to store`
configs: reword help documentation 2024-02-05 04:24:45 +00:00			`shard files and other persistent media. After inserting an SD card, run the`
			`following command to mount any unmounted SD cards and find any Shard files:`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00
configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`# discover-shard`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00
configs: reword help documentation 2024-02-05 04:24:45 +00:00			`This guide will assume the discovered Shard file is listed as:`
			`/media/mmcblk0p1/shards.pgp`
			`If an alternative Shard file is found, that file should be used instead.`

configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,`
			`where M is the minimum amount of users required to recreate the secret and N is`
			`is the total amount of shardholders. An additional value, K, will be used to`
			`denote the amount of smartcards (i.e., backups) to provision per shardholder.`

configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`# prepare-shard-media`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`# keyfork wizard generate-shard-secret --threshold \$M --max \$N`
configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`--keys-per-shard \$K --output /media/sdcard/shards.pgp`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00
			`The Keyfork server can be started using a Shard-secred secret locally, if all`
			`shardholders are present, or using a QR-based remote recovery. The shard file`
			`does not have to be present for remote recovery.`

			`# keyfork recover shard /media/mmcblk0p1/shards.pgp`

			`Or`

			`# keyfork recover remote-shard`

configs: reword help documentation 2024-02-05 04:24:45 +00:00			`If performing a "Remote Shard" operation, Keyfork shards can be transported to`
			`the system performing the operation by running the following command:`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00
			`# keyfork shard transport /media/mmcblk0p1/shards.pgp`

			`For more information, run:`

			`# keyfork help`
			`EOF`
			`}`

configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`amount() {`
			`partition="$1"`
			`media="$1"`
			`if [ ! -z "$2" ]; then`
			`media="$2"`
			`fi`
			`echo "Automatically mounting /dev/$partition to /media/$media"`
			`mkdir -p "/media/$media"`
			`umount "/media/$partition" 2>/dev/null`
			`mount $MOUNT_OPTS "/dev/$partition" "/media/$media"`
			`}`

			`discover-shard() {`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"`

			`lsblk -nlo NAME,FSTYPE \| awk '$2 == "vfat" { print $1 }' \| while read partition; do`
configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`amount "$partition"`
configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`find "/media/$partition" -name '*.pgp' -maxdepth 2 \| while read file; do`
			`echo "Found potential shardfile: $file"`
			`done`
			`done`
			`}`

configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`prepare-shard-media() {`
			`echo "Please re-insert the SD card"`
			`udevadm monitor --udev \| while read udev ts operation path type; do`
			`if [ "$type" = "(block)" -a "$operation" = "add" ]; then`
			`partition="$(echo "$path" \| cut -d/ -f12)"`
			`if [ ! -z "$partition" ]; then`
			`amount "$partition" "sdcard"`
			`# Weird quirk with bash: if udev doesn't have anything else printing,`
			`# it won't trigger the start of the next loop, and therefore won't`
			# "break" the loop. Run `udevadm trigger` to give udevadm more things
			# to send to `read`.
			`udevadm trigger`
			`break`
			`fi`
			`fi`
			`done`
			`}`

configs: enable pcscd and install helpers in root profile 2024-02-03 03:08:27 +00:00			`help`
configs: reword help documentation 2024-02-05 04:24:45 +00:00			`echo`
configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard 2024-02-06 00:31:51 +00:00			`discover-shard`
configs: auto discover and mount on login 2024-02-03 03:26:35 +00:00			`echo`