MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 07:13:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

boot.initrd.luks: fix case Yubikey -> YubiKey

Browse source
This commit is contained in:
Ctem 2020-12-21 06:35:59 +09:00
parent 9e8781328e
commit 1c9b2f18ce
No known key found for this signature in database
GPG key ID: 7F6702F5FC77041B
1 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
nixos/modules/system/boot/luksroot.nix
View file

@ -56,7 +56,7 @@ let
ykinfo -v 1>/dev/null 2>&1
if [ $? != 0 ]; then
echo -n "Waiting $secs seconds for Yubikey to appear..."
echo -n "Waiting $secs seconds for YubiKey to appear..."
local success=false
for try in $(seq $secs); do
echo -n .
@ -118,7 +118,7 @@ let
# Cryptsetup locking directory
mkdir -p /run/cryptsetup
# For Yubikey salt storage
# For YubiKey salt storage
mkdir -p /crypt-storage
${optionalString luks.gpgSupport ''
@ -218,7 +218,7 @@ let
}
${optionalString (luks.yubikeySupport && (yubikey != null)) ''
# Yubikey
# YubiKey
rbtohex() {
( od -An -vtx1 | tr -d ' \n' )
}
@ -244,7 +244,7 @@ let
local new_k_luks
mount -t ${yubikey.storage.fsType} ${yubikey.storage.device} /crypt-storage || \
die "Failed to mount Yubikey salt storage device"
die "Failed to mount YubiKey salt storage device"
salt="$(cat /crypt-storage${yubikey.storage.path} | sed -n 1p | tr -d '\n')"
iterations="$(cat /crypt-storage${yubikey.storage.path} | sed -n 2p | tr -d '\n')"
@ -341,7 +341,7 @@ let
if wait_yubikey ${toString yubikey.gracePeriod}; then
do_open_yubikey
else
echo "No yubikey found, falling back to non-yubikey open procedure"
echo "No YubiKey found, falling back to non-YubiKey open procedure"
open_normally
fi
}
@ -689,8 +689,8 @@ in
yubikey = mkOption {
default = null;
description = ''
The options to use for this LUKS device in Yubikey-PBA.
If null (the default), Yubikey-PBA will be disabled for this device.
The options to use for this LUKS device in YubiKey-PBA.
If null (the default), YubiKey-PBA will be disabled for this device.
'';
type = with types; nullOr (submodule {
@ -698,13 +698,13 @@ in
twoFactor = mkOption {
default = true;
type = types.bool;
description = "Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).";
description = "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).";
};
slot = mkOption {
default = 2;
type = types.int;
description = "Which slot on the Yubikey to challenge.";
description = "Which slot on the YubiKey to challenge.";
};
saltLength = mkOption {
@ -728,7 +728,7 @@ in
gracePeriod = mkOption {
default = 10;
type = types.int;
description = "Time in seconds to wait for the Yubikey.";
description = "Time in seconds to wait for the YubiKey.";
};
/* TODO: Add to the documentation of the current module:
@ -803,9 +803,9 @@ in
default = false;
type = types.bool;
description = ''
Enables support for authenticating with a Yubikey on LUKS devices.
Enables support for authenticating with a YubiKey on LUKS devices.
See the NixOS wiki for information on how to properly setup a LUKS device
and a Yubikey to work with this feature.
and a YubiKey to work with this feature.
'';
};
@ -823,7 +823,7 @@ in
assertions =
[ { assertion = !(luks.gpgSupport && luks.yubikeySupport);
message = "Yubikey and GPG Card may not be used at the same time.";
message = "YubiKey and GPG Card may not be used at the same time.";
}
{ assertion = !(luks.gpgSupport && luks.fido2Support);
@ -831,7 +831,7 @@ in
}
{ assertion = !(luks.fido2Support && luks.yubikeySupport);
message = "FIDO2 and Yubikey may not be used at the same time.";
message = "FIDO2 and YubiKey may not be used at the same time.";
}
];