From 2591118a5d74669b85333c170c1184c8f09dd782 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 22 Nov 2023 15:54:19 +0100 Subject: [PATCH] fix ykfde if file exists --- hosts/home-assistant.cloonar.com/configuration.nix | 4 ++++ hosts/nb-01.cloonar.com/configuration.nix | 1 + utils/pkgs/ykfde/scripts/ykfde_enroll | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/hosts/home-assistant.cloonar.com/configuration.nix b/hosts/home-assistant.cloonar.com/configuration.nix index 583a361..3f2f199 100644 --- a/hosts/home-assistant.cloonar.com/configuration.nix +++ b/hosts/home-assistant.cloonar.com/configuration.nix @@ -26,6 +26,10 @@ networking.hostName = "home-assistant"; + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1w" + ]; + services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7" diff --git a/hosts/nb-01.cloonar.com/configuration.nix b/hosts/nb-01.cloonar.com/configuration.nix index 2545a96..975fa07 100644 --- a/hosts/nb-01.cloonar.com/configuration.nix +++ b/hosts/nb-01.cloonar.com/configuration.nix @@ -119,6 +119,7 @@ wineWowPackages.fonts winetricks git-filter-repo + ykfde-enroll ]; environment.variables = { diff --git a/utils/pkgs/ykfde/scripts/ykfde_enroll b/utils/pkgs/ykfde/scripts/ykfde_enroll index 11a9a23..26a00ff 100755 --- a/utils/pkgs/ykfde/scripts/ykfde_enroll +++ b/utils/pkgs/ykfde/scripts/ykfde_enroll @@ -26,6 +26,10 @@ if [ "$YKFDE_SLOT_CHECK" != 1 ]; then fi YKFDE_SALT="$(dd if=/dev/random bs=1 count=$YKFDE_SALT_LENGTH 2>/dev/null | rbtohex)" +if [ -f "$YKFDE_STORAGE" ]; then + YKFDE_SALT="$(head -1 $YKFDE_STORAGE)" + echo "$FILE exists." +fi YKFDE_CHALLENGE="$(echo -n $YKFDE_SALT | openssl dgst -binary -sha512 | rbtohex)" YKFDE_RESPONSE="$(ykchalresp -2 -x $YKFDE_CHALLENGE 2>/dev/null)" YKFDE_K_LUKS="$(echo | pbkdf2-sha512 $(($YKFDE_KEY_LENGTH / 8)) $YKFDE_ITERATIONS $YKFDE_RESPONSE | rbtohex)"