Compare commits
No commits in common. "f0ec460729128d2d1caa12cd92dac9e5002a585e" and "a2de2b68c14bf31fbe41605063a10f1631a30e28" have entirely different histories.
f0ec460729
...
a2de2b68c1
PKGBUILD.keyfork
configs/airgap
|
@ -6,7 +6,7 @@ arch=('x86_64')
|
||||||
url='https://git.distrust.co/public/keyfork'
|
url='https://git.distrust.co/public/keyfork'
|
||||||
license=('GPL-2.0')
|
license=('GPL-2.0')
|
||||||
makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite
|
makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite
|
||||||
depends=('nettle' 'pcsclite' 'zbar')
|
depends=('nettle' 'pcsclite')
|
||||||
source=('git+https://git.distrust.co/public/keyfork.git')
|
source=('git+https://git.distrust.co/public/keyfork.git')
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
|
@ -18,28 +18,16 @@ prepare() {
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
export RUSTUP_TOOLCHAIN=stable
|
export RUSTUP_TOOLCHAIN=stable
|
||||||
export CARGO_TARGET_DIR="$srcdir/$pkgname/target"
|
export CARGO_TARGET_DIR=target
|
||||||
export RUSTFLAGS="-C codegen-units=1"
|
export RUSTFLAGS="-C codegen-units=1"
|
||||||
cd "$srcdir/$pkgname"
|
cd "$srcdir/$pkgname"
|
||||||
# NOTE: Do not use `--all-features` as features may be incomopatible with
|
# NOTE: Do not use `--all-features` as features may be incomopatible with
|
||||||
# each other.
|
# each other.
|
||||||
KEYFORK_FEATURES="--no-default-features --features completion,qrcode-decode-backend-zbar,sequoia-crypto-backend-nettle"
|
cargo build --frozen --release -p keyfork
|
||||||
|
|
||||||
cargo build --frozen --release --bin keyfork-qrcode-scan --no-default-features --features decode-backend-zbar
|
|
||||||
cargo build --frozen --release --bin keyfork $KEYFORK_FEATURES
|
|
||||||
|
|
||||||
mkdir completions
|
|
||||||
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion bash > completions/bash
|
|
||||||
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion zsh > completions/zsh
|
|
||||||
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion fish > completions/fish
|
|
||||||
}
|
}
|
||||||
|
|
||||||
package() {
|
package() {
|
||||||
build="$srcdir/$pkgname/target/release"
|
build="$srcdir/$pkgname/target/release"
|
||||||
target="$pkgdir/usr/bin"
|
target="$pkgdir/usr/bin"
|
||||||
install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname"
|
install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname"
|
||||||
install -Dm755 "$build/$pkgname-qrcode-scan" "$pkgdir/usr/bin/$pkgname-qrcode-scan"
|
|
||||||
install -Dm644 "$srcdir/$pkgname/completions/bash" "$pkgdir/usr/share/bash-completion/completions/$pkgname"
|
|
||||||
install -Dm644 "$srcdir/$pkgname/completions/zsh" "$pkgdir/usr/share/zsh/site-functions/_$pkgname"
|
|
||||||
install -Dm644 "$srcdir/$pkgname/completions/fish" "$pkgdir/usr/share/fish/vendor_completions.d/$pkgname"
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
/usr/lib/systemd/system/pcscd.service
|
|
|
@ -1,55 +0,0 @@
|
||||||
help() {
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
|
|
||||||
shard files and other persistent media. After inserting an SD card, run:
|
|
||||||
|
|
||||||
# discover-and-mount-sdcard
|
|
||||||
|
|
||||||
Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
|
|
||||||
where M is the minimum amount of users required to recreate the secret and N is
|
|
||||||
is the total amount of shardholders. An additional value, K, will be used to
|
|
||||||
denote the amount of smartcards (i.e., backups) to provision per shardholder.
|
|
||||||
|
|
||||||
# keyfork wizard generate-shard-secret --threshold \$M --max \$N
|
|
||||||
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
|
|
||||||
|
|
||||||
The Keyfork server can be started using a Shard-secred secret locally, if all
|
|
||||||
shardholders are present, or using a QR-based remote recovery. The shard file
|
|
||||||
does not have to be present for remote recovery.
|
|
||||||
|
|
||||||
# keyfork recover shard /media/mmcblk0p1/shards.pgp
|
|
||||||
|
|
||||||
Or
|
|
||||||
|
|
||||||
# keyfork recover remote-shard
|
|
||||||
|
|
||||||
Keyfork shards can be transported to a system performing the \`remote-shard\`
|
|
||||||
operation by running:
|
|
||||||
|
|
||||||
# keyfork shard transport /media/mmcblk0p1/shards.pgp
|
|
||||||
|
|
||||||
For more information, run:
|
|
||||||
|
|
||||||
# keyfork help
|
|
||||||
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
discover-and-mount-sdcard() {
|
|
||||||
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
|
|
||||||
|
|
||||||
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
|
|
||||||
echo "Automatically mounting /dev/$partition to /media/$partition"
|
|
||||||
mkdir -p "/media/$partition"
|
|
||||||
umount "/media/$partition" 2>/dev/null
|
|
||||||
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
|
|
||||||
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
|
|
||||||
echo "Found potential shardfile: $file"
|
|
||||||
done
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
help
|
|
||||||
discover-and-mount-sdcard
|
|
||||||
echo
|
|
|
@ -3,14 +3,4 @@ linux
|
||||||
mkinitcpio
|
mkinitcpio
|
||||||
mkinitcpio-archiso
|
mkinitcpio-archiso
|
||||||
syslinux
|
syslinux
|
||||||
pv
|
|
||||||
|
|
||||||
usbutils
|
|
||||||
udev
|
|
||||||
ccid
|
|
||||||
qrencode
|
|
||||||
bash-completion
|
|
||||||
keyfork
|
keyfork
|
||||||
|
|
||||||
v4l-utils
|
|
||||||
pcsc-tools
|
|
||||||
|
|
Loading…
Reference in New Issue