ryan
/
airgap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

configs: add prepare-shard-media, rename discover-and-mount-sdcard to discover-shard

This commit is contained in:
Ryan Heywood 2024-02-05 19:31:51 -05:00
parent 4a7857af55
commit 82acfdaf5e
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 36 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
configs/airgap/airootfs/root/.bash_profile
View File

@ -4,7 +4,7 @@ Airgap Arch Linux with Keyfork is best used with a removable SD card to store
shard files and other persistent media. After inserting an SD card, run the shard files and other persistent media. After inserting an SD card, run the
following command to mount any unmounted SD cards and find any Shard files: following command to mount any unmounted SD cards and find any Shard files:
# discover-and-mount-sdcard # discover-shard
This guide will assume the discovered Shard file is listed as: This guide will assume the discovered Shard file is listed as:
/media/mmcblk0p1/shards.pgp /media/mmcblk0p1/shards.pgp
@ -15,8 +15,9 @@ where M is the minimum amount of users required to recreate the secret and N is
is the total amount of shardholders. An additional value, K, will be used to is the total amount of shardholders. An additional value, K, will be used to
denote the amount of smartcards (i.e., backups) to provision per shardholder. denote the amount of smartcards (i.e., backups) to provision per shardholder.
# prepare-shard-media
# keyfork wizard generate-shard-secret --threshold \$M --max \$N # keyfork wizard generate-shard-secret --threshold \$M --max \$N
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp --keys-per-shard \$K --output /media/sdcard/shards.pgp
The Keyfork server can be started using a Shard-secred secret locally, if all The Keyfork server can be started using a Shard-secred secret locally, if all
shardholders are present, or using a QR-based remote recovery. The shard file shardholders are present, or using a QR-based remote recovery. The shard file
@ -39,22 +40,48 @@ For more information, run:
EOF EOF
} }
discover-and-mount-sdcard() { amount() {
partition="$1"
media="$1"
if [ ! -z "$2" ]; then
media="$2"
fi
echo "Automatically mounting /dev/$partition to /media/$media"
mkdir -p "/media/$media"
umount "/media/$partition" 2>/dev/null
mount $MOUNT_OPTS "/dev/$partition" "/media/$media"
}
discover-shard() {
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000" MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
echo "Automatically mounting /dev/$partition to /media/$partition" amount "$partition"
mkdir -p "/media/$partition"
umount "/media/$partition" 2>/dev/null
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
echo "Found potential shardfile: $file" echo "Found potential shardfile: $file"
done done
done done
} }
echo prepare-shard-media() {
echo "Please re-insert the SD card"
udevadm monitor --udev | while read udev ts operation path type; do
if [ "$type" = "(block)" -a "$operation" = "add" ]; then
partition="$(echo "$path" | cut -d/ -f12)"
if [ ! -z "$partition" ]; then
amount "$partition" "sdcard"
# Weird quirk with bash: if udev doesn't have anything else printing,
# it won't trigger the start of the next loop, and therefore won't
# "break" the loop. Run `udevadm trigger` to give udevadm more things
# to send to `read`.
udevadm trigger
break
fi
fi
done
}
help help
echo echo
discover-and-mount-sdcard discover-shard
echo echo