keyctl_keyscript icon indicating copy to clipboard operation
keyctl_keyscript copied to clipboard
verified publisher icon gebi

Support for osk-sdl

Open root2185 opened this issue 3 years ago • 3 comments

Can you make the script work also when using osk-sdl to unlock LUKS? This is the script that I set in crypttab from the Mobian package:

#!/bin/sh

if [ -z "${CRYPTTAB_SOURCE}" ] || [ -z "${CRYPTTAB_NAME}" ]; then
    echo "This is a crypttab keyscript script, don't run directly." 1>&2
    exit 1
fi

export SDL_VIDEODRIVER=kmsdrm

plymouth hide-splash 2>/dev/null

exec /usr/bin/osk-sdl -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf

plymouth show-splash 2>/dev/null

Is possible to integrate it into the keyctl_keyscript one?

root2185 avatar Jun 17 '22 14:06 root2185

it seems possible to integrate it, but i'm not sure it's worth to include it directly.

to be honest i'm very sorry but i've currently no time to do the integration, but i'm always open to PRs.

you could add it as an additional backup method to ask for a pw. eg. see https://github.com/gebi/keyctl_keyscript/blob/master/decrypt_keyctl#L44

To make it possible to integrate your PR:

  • current setups should not be impacted
  • zero config (thus added as backup method that's choosen when other methods don't work)
  • added after the askpass method (and before "last resort" methods)
  • be the same coding style

as the upstream project osk-sdl does not provide documentation in the repo on how to call it to get the values into the shell environment i can not help you with that, but i'm not sure how your example from above should work.

it would need a method like askpass is used, where the password is just returned, or directly written into the user keyslot would also work.

gebi avatar Jun 18 '22 16:06 gebi

it seems possible to integrate it, but i'm not sure it's worth to include it directly.

A new passphrase caching script for osk-sdl, can you do it if better documentation is provided?

as the upstream project osk-sdl does not provide documentation in the repo on how to call it to get the values into the shell environment i can not help you with that

Do you mean the passphrase? The man page has some info:

-k, --keyscript Enable keyscript mode. Password will be output to STDOUT for use with another program such as cryptsetup-initramfs.

root2185 avatar Jun 19 '22 07:06 root2185

@gebi

root2185 avatar Jun 24 '22 19:06 root2185