airgap-ng/configs/airgap/airootfs/root/.bash_profile

61 lines
2.0 KiB
Bash

help() {
cat <<EOF
Airgap Arch Linux with Keyfork is best used with a removable SD card to store
shard files and other persistent media. After inserting an SD card, run the
following command to mount any unmounted SD cards and find any Shard files:
# discover-and-mount-sdcard
This guide will assume the discovered Shard file is listed as:
/media/mmcblk0p1/shards.pgp
If an alternative Shard file is found, that file should be used instead.
Keyfork can be used to set up a Shard-secured secret with an M-of-N scheme,
where M is the minimum amount of users required to recreate the secret and N is
is the total amount of shardholders. An additional value, K, will be used to
denote the amount of smartcards (i.e., backups) to provision per shardholder.
# keyfork wizard generate-shard-secret --threshold \$M --max \$N
--keys-per-shard \$K --output /media/mmcblk0p1/shards.pgp
The Keyfork server can be started using a Shard-secred secret locally, if all
shardholders are present, or using a QR-based remote recovery. The shard file
does not have to be present for remote recovery.
# keyfork recover shard /media/mmcblk0p1/shards.pgp
Or
# keyfork recover remote-shard
If performing a "Remote Shard" operation, Keyfork shards can be transported to
the system performing the operation by running the following command:
# keyfork shard transport /media/mmcblk0p1/shards.pgp
For more information, run:
# keyfork help
EOF
}
discover-and-mount-sdcard() {
MOUNT_OPTS="-o relatime,utf8,flush,umask=0000"
lsblk -nlo NAME,FSTYPE | awk '$2 == "vfat" { print $1 }' | while read partition; do
echo "Automatically mounting /dev/$partition to /media/$partition"
mkdir -p "/media/$partition"
umount "/media/$partition" 2>/dev/null
mount $MOUNT_OPTS "/dev/$partition" "/media/$partition"
find "/media/$partition" -name '*.pgp' -maxdepth 2 | while read file; do
echo "Found potential shardfile: $file"
done
done
}
echo
help
echo
discover-and-mount-sdcard
echo