eworm-de / mkinitcpio-ykfde

Full disk encryption with Yubikey (Yubico key)
GNU General Public License v3.0
109 stars 26 forks source link

ykfde with 2fa doesn't work #5

Closed kalos closed 8 years ago

kalos commented 8 years ago

I tried, without succes to use ykfde with 2fa. I think the problem is with systemd-ask-password.

systemd debug:

systemd[1]: ykfde-2f.service: Installed new job ykfde-2f.service/start as 20
systemd[1]: ykfde-2f.service: ConditionPathExists=/etc/ykfde.d/ succeeded.
systemd[1]: ykfde-2f.service: About to execute: /usr/lib/systemd/scripts/ykfde-2f
systemd[1]: ykfde-2f.service: Forked /usr/lib/systemd/scripts/ykfde-2f as 49
systemd[1]: ykfde-2f.service: Changed dead -> start
systemd[1]: Starting Get 2nd Factor for YKFDE...
systemd[49]: ykfde-2f.service: Executing: /usr/lib/systemd/scripts/ykfde-2f
systemd[49]: ykfde-2f.service: Failed at step EXEC spawning /usr/lib/systemd/scripts/ykfde-2f: No such file or directory 
-- Subject: Process /usr/lib/systemd/scripts/ykfde-2f could not be executed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- The process /usr/lib/systemd/scripts/ykfde-2f could not be executed and failed.
-- 
-- The error number returned by this process is 2.
systemd[1]: Child 49 ((ykfde-2f)) died (code=exited, status=203/EXEC)
systemd[1]: ykfde-2f.service: Child 49 belongs to ykfde-2f.service
systemd[1]: ykfde-2f.service: Main process exited, code=exited, status=203/EXEC
systemd[1]: ykfde-2f.service: Changed start -> failed
systemd[1]: ykfde-2f.service: Job ykfde-2f.service/start finished, result=failed
systemd[1]: Failed to start Get 2nd Factor for YKFDE. 
-- Subject: Unit ykfde-2f.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit ykfde-2f.service has failed.
-- 
-- The result is failed.
systemd[1]: ykfde-2f.service: Unit entered failed state.
systemd[1]: ykfde-2f.service: Failed with result 'exit-code'.
systemd[1]: ykfde-2f.service: cgroup is empty

initcpio info

[root@arch-test ~]# lsinitcpio -v /boot/initramfs-linux.img  | grep ykfde-2
-rwxr-xr-x   1 root     root          627 Feb 25 17:31 usr/lib/systemd/scripts/ykfde-2f
-rw-r--r--   1 root     root          446 Feb 25 17:31 usr/lib/systemd/system/ykfde-2f.service
lrwxrwxrwx   1 root     root           19 Feb 25 17:31 usr/lib/systemd/system/sysinit.target.wants/ykfde-2f.service -> ../ykfde-2f.service

Details:

I have replied my environment in a VM for testing. OS: Archlinux (not testing repo) systemd 229-3

Configurations:

/etc/mkinitcpio.conf:

HOOKS="systemd ykfde autodetect modconf block keymap keyboard sd-encrypt sd-lvm2 btrfs filesystems"

/etc/ykfde.conf:

yk slot = 2
device name = lvm_crypt
second factor = yes

[123123123] _(only for example)_
luks slot = 1
eworm-de commented 8 years ago

Can you please add hook base before systemd, rebuild your initramfs and try again?

kalos commented 8 years ago

With base hook and with this patch, it works correctly.

ykfde is a very cool hack. thank you so much!