Compare commits
5 Commits
a2de2b68c1
...
f0ec460729
| Author | SHA1 | Date |
|---|---|---|
 Ryan Heywood
|
f0ec460729
|
|
|
Ryan Heywood
|
10c092d6e6
|
|
|
Ryan Heywood
|
4c31ca1fe9
|
|
|
Ryan Heywood
|
8c2f204384
|
|
|
Ryan Heywood
|
4d58ba2d22
|
|
|
@ -6,7 +6,7 @@ arch=('x86_64')
|
||||||
url='https://git.distrust.co/public/keyfork'
|
url='https://git.distrust.co/public/keyfork'
|
||||||
license=('GPL-2.0')
|
license=('GPL-2.0')
|
||||||
makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite
|
makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite
|
||||||
depends=('nettle' 'pcsclite')
|
depends=('nettle' 'pcsclite' 'zbar')
|
||||||
source=('git+https://git.distrust.co/public/keyfork.git')
|
source=('git+https://git.distrust.co/public/keyfork.git')
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
|
|
@ -18,16 +18,28 @@ prepare() {
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
export RUSTUP_TOOLCHAIN=stable
|
export RUSTUP_TOOLCHAIN=stable
|
||||||
export CARGO_TARGET_DIR=target
|
export CARGO_TARGET_DIR="$srcdir/$pkgname/target"
|
||||||
export RUSTFLAGS="-C codegen-units=1"
|
export RUSTFLAGS="-C codegen-units=1"
|
||||||
cd "$srcdir/$pkgname"
|
cd "$srcdir/$pkgname"
|
||||||
# NOTE: Do not use `--all-features` as features may be incomopatible with
|
# NOTE: Do not use `--all-features` as features may be incomopatible with
|
||||||
# each other.
|
# each other.
|
||||||
cargo build --frozen --release -p keyfork
|
KEYFORK_FEATURES="--no-default-features --features completion,qrcode-decode-backend-zbar,sequoia-crypto-backend-nettle"
|
||||||
|
|
||||||
|
cargo build --frozen --release --bin keyfork-qrcode-scan --no-default-features --features decode-backend-zbar
|
||||||
|
cargo build --frozen --release --bin keyfork $KEYFORK_FEATURES
|
||||||
|
|
||||||
|
mkdir completions
|
||||||
|
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion bash > completions/bash
|
||||||
|
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion zsh > completions/zsh
|
||||||
|
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion fish > completions/fish
|
||||||
}
|
}
|
||||||
|
|
||||||
package() {
|
package() {
|
||||||
build="$srcdir/$pkgname/target/release"
|
build="$srcdir/$pkgname/target/release"
|
||||||
target="$pkgdir/usr/bin"
|
target="$pkgdir/usr/bin"
|
||||||
install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname"
|
install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname"
|
||||||
|
install -Dm755 "$build/$pkgname-qrcode-scan" "$pkgdir/usr/bin/$pkgname-qrcode-scan"
|
||||||
|
install -Dm644 "$srcdir/$pkgname/completions/bash" "$pkgdir/usr/share/bash-completion/completions/$pkgname"
|
||||||
|
install -Dm644 "$srcdir/$pkgname/completions/zsh" "$pkgdir/usr/share/zsh/site-functions/_$pkgname"
|
||||||
|
install -Dm644 "$srcdir/$pkgname/completions/fish" "$pkgdir/usr/share/fish/vendor_completions.d/$pkgname"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
/usr/lib/systemd/system/pcscd.service
|
||||||
|
|
@ -0,0 +1,55 @@
|
||||||
|
help() {
|
||||||
|
cat <<EOF
|
||||||
|
|
||||||
|
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
|
||||||
|
shard files and other persistent media. After inserting an SD card, run:
|
||||||
|
|
||||||
|
# discover-and-mount-sdcard
|
||||||
|
|
||||||
|
Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
|
||||||
|
where M is the minimum amount of users required to recreate the secret and N is
|
||||||
|
is the total amount of shardholders. An additional value, K, will be used to
|
||||||
|
denote the amount of smartcards (i.e., backups) to provision per shardholder.
|
||||||
|
|
||||||
|
# keyfork wizard generate-shard-secret --threshold \$M --max \$N
|
||||||
|
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
|
||||||
|
|
||||||
|
The Keyfork server can be started using a Shard-secred secret locally, if all
|
||||||
|
shardholders are present, or using a QR-based remote recovery. The shard file
|
||||||
|
does not have to be present for remote recovery.
|
||||||
|
|
||||||
|
# keyfork recover shard /media/mmcblk0p1/shards.pgp
|
||||||
|
|
||||||
|
Or
|
||||||
|
|
||||||
|
# keyfork recover remote-shard
|
||||||
|
|
||||||
|
Keyfork shards can be transported to a system performing the \`remote-shard\`
|
||||||
|
operation by running:
|
||||||
|
|
||||||
|
# keyfork shard transport /media/mmcblk0p1/shards.pgp
|
||||||
|
|
||||||
|
For more information, run:
|
||||||
|
|
||||||
|
# keyfork help
|
||||||
|
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
discover-and-mount-sdcard() {
|
||||||
|
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
|
||||||
|
|
||||||
|
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
|
||||||
|
echo "Automatically mounting /dev/$partition to /media/$partition"
|
||||||
|
mkdir -p "/media/$partition"
|
||||||
|
umount "/media/$partition" 2>/dev/null
|
||||||
|
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
|
||||||
|
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
|
||||||
|
echo "Found potential shardfile: $file"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
help
|
||||||
|
discover-and-mount-sdcard
|
||||||
|
echo
|
||||||
|
|
@ -3,4 +3,14 @@ linux
|
||||||
mkinitcpio
|
mkinitcpio
|
||||||
mkinitcpio-archiso
|
mkinitcpio-archiso
|
||||||
syslinux
|
syslinux
|
||||||
|
pv
|
||||||
|
|
||||||
|
usbutils
|
||||||
|
udev
|
||||||
|
ccid
|
||||||
|
qrencode
|
||||||
|
bash-completion
|
||||||
keyfork
|
keyfork
|
||||||
|
|
||||||
|
v4l-utils
|
||||||
|
pcsc-tools
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue