Captain ALM
772287c27f
Added clevis binding auto updating support (Password still required for first unlock).
28 lines
1.2 KiB
Bash
Executable File
28 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
if [ $# -ne 2 ]; then
|
|
echo "install-ucba <device> <slot>";
|
|
echo "";
|
|
echo "<device> : The LUKS Device";
|
|
echo "<slot> : LUKS Slot for regeneration"
|
|
exit 1;
|
|
fi
|
|
echo "[+] Installing the update clevis binding auto service!";
|
|
echo "[!] WARNING Service requires the update-clevis-command to be install."
|
|
echo "Enter the Password to the LUKS slot used to auto-renew the clevis slot:";
|
|
read -s password;
|
|
if [[ -z $password ]]; then
|
|
echo "A password is required for LUKS unlock!";
|
|
exit 2;
|
|
fi
|
|
cat update-clevis-binding-source-files/update_clevis_binding_auto.service.p1 | head -c -1 | sudo tee /etc/systemd/system/update_clevis_binding_auto.service > /dev/null;
|
|
echo -n "$1 $2" | sudo tee -a /etc/systemd/system/update_clevis_binding_auto.service > /dev/null;
|
|
cat update-clevis-binding-source-files/update_clevis_binding_auto.service.p2 | head -c -1 | sudo tee -a /etc/systemd/system/update_clevis_binding_auto.service > /dev/null;
|
|
sudo systemctl daemon-reload;
|
|
sudo systemctl enable update_clevis_binding_auto.service;
|
|
sudo touch /root/ucba.pwd;
|
|
sudo chown root:root /root/ucba.pwd;
|
|
sudo chmod u=rw,g=,o= /root/ucba.pwd;
|
|
echo "$password" | sudo tee /root/ucba.pwd > /dev/null;
|
|
echo "[+] Finished installing the update clevis binding auto service!";
|
|
exit 0;
|