Compare commits

..

No commits in common. "f0ec460729128d2d1caa12cd92dac9e5002a585e" and "a2de2b68c14bf31fbe41605063a10f1631a30e28" have entirely different histories.

4 changed files with 3 additions and 81 deletions
PKGBUILD.keyfork
configs/airgap
airootfs
etc/systemd/system/multi-user.target.wants
root
packages.x86_64

View File

@ -6,7 +6,7 @@ arch=('x86_64')
url='https://git.distrust.co/public/keyfork' url='https://git.distrust.co/public/keyfork'
license=('GPL-2.0') license=('GPL-2.0')
makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite makedepends=('cargo' 'clang' 'git' 'llvm' 'pkgconf') # + nettle + pcsclite
depends=('nettle' 'pcsclite' 'zbar') depends=('nettle' 'pcsclite')
source=('git+https://git.distrust.co/public/keyfork.git') source=('git+https://git.distrust.co/public/keyfork.git')
prepare() { prepare() {
@ -18,28 +18,16 @@ prepare() {
build() { build() {
export RUSTUP_TOOLCHAIN=stable export RUSTUP_TOOLCHAIN=stable
export CARGO_TARGET_DIR="$srcdir/$pkgname/target" export CARGO_TARGET_DIR=target
export RUSTFLAGS="-C codegen-units=1" export RUSTFLAGS="-C codegen-units=1"
cd "$srcdir/$pkgname" cd "$srcdir/$pkgname"
# NOTE: Do not use `--all-features` as features may be incomopatible with # NOTE: Do not use `--all-features` as features may be incomopatible with
# each other. # each other.
KEYFORK_FEATURES="--no-default-features --features completion,qrcode-decode-backend-zbar,sequoia-crypto-backend-nettle" cargo build --frozen --release -p keyfork
cargo build --frozen --release --bin keyfork-qrcode-scan --no-default-features --features decode-backend-zbar
cargo build --frozen --release --bin keyfork $KEYFORK_FEATURES
mkdir completions
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion bash > completions/bash
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion zsh > completions/zsh
cargo run --frozen --release --bin keyfork $KEYFORK_FEATURES completion fish > completions/fish
} }
package() { package() {
build="$srcdir/$pkgname/target/release" build="$srcdir/$pkgname/target/release"
target="$pkgdir/usr/bin" target="$pkgdir/usr/bin"
install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname" install -Dm755 "$build/$pkgname" "$pkgdir/usr/bin/$pkgname"
install -Dm755 "$build/$pkgname-qrcode-scan" "$pkgdir/usr/bin/$pkgname-qrcode-scan"
install -Dm644 "$srcdir/$pkgname/completions/bash" "$pkgdir/usr/share/bash-completion/completions/$pkgname"
install -Dm644 "$srcdir/$pkgname/completions/zsh" "$pkgdir/usr/share/zsh/site-functions/_$pkgname"
install -Dm644 "$srcdir/$pkgname/completions/fish" "$pkgdir/usr/share/fish/vendor_completions.d/$pkgname"
} }

View File

@ -1 +0,0 @@
/usr/lib/systemd/system/pcscd.service

View File

@ -1,55 +0,0 @@
help() {
cat <<EOF
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
shard files and other persistent media. After inserting an SD card, run:
# discover-and-mount-sdcard
Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
where M is the minimum amount of users required to recreate the secret and N is
is the total amount of shardholders. An additional value, K, will be used to
denote the amount of smartcards (i.e., backups) to provision per shardholder.
# keyfork wizard generate-shard-secret --threshold \$M --max \$N
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
The Keyfork server can be started using a Shard-secred secret locally, if all
shardholders are present, or using a QR-based remote recovery. The shard file
does not have to be present for remote recovery.
# keyfork recover shard /media/mmcblk0p1/shards.pgp
Or
# keyfork recover remote-shard
Keyfork shards can be transported to a system performing the \`remote-shard\`
operation by running:
# keyfork shard transport /media/mmcblk0p1/shards.pgp
For more information, run:
# keyfork help
EOF
}
discover-and-mount-sdcard() {
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
echo "Automatically mounting /dev/$partition to /media/$partition"
mkdir -p "/media/$partition"
umount "/media/$partition" 2>/dev/null
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
echo "Found potential shardfile: $file"
done
done
}
help
discover-and-mount-sdcard
echo

View File

@ -3,14 +3,4 @@ linux
mkinitcpio mkinitcpio
mkinitcpio-archiso mkinitcpio-archiso
syslinux syslinux
pv
usbutils
udev
ccid
qrencode
bash-completion
keyfork keyfork
v4l-utils
pcsc-tools