yubikey-full-disk-encryption icon indicating copy to clipboard operation
yubikey-full-disk-encryption copied to clipboard

Published 20 hours ago verified publisher icon agherzan

Debian/Ubuntu support

Open Vincent43 opened this issue 3 years ago • 6 comments

For support Debian/Ubuntu preparation of special version of initramfs script is needed. Also adding deb build recipes in debian subdirectory.

Vincent43 avatar Jul 24 '20 09:07 Vincent43

Do we have any debian/ubuntu users?

agherzan avatar Jul 24 '20 15:07 agherzan

Our runtime scripts work just fine on debian but until we add initramfs script it's not possible to unlock device on boot which limits usefulness of this project for potential users (note that initramfs script for debian can be much simpler than for Arch as they support keyscript option in crypttab). As yubikey-luks is practically abandoned I think we can provide much better alternative here with not much effort.

Vincent43 avatar Jul 24 '20 21:07 Vincent43

I see. That makes sense indeed.

agherzan avatar Jul 27 '20 14:07 agherzan

@Vincent43 I have a working implementation for Debian/Ubuntu support. Before I clean up the code and do more testing, I wanted to get a second opinion on the file structure.

My implementation would change the file structure of the repository. I thought it would be best to have the arch build files in their own directory, the debian build files in their own directory, and then the shared files in the src directory.

Old file structure:

yubikey-full-disk-encryption
|- CONTRIBUTING.md
|- LICENSE
|- Makefile
|- PKGBUILD
|- README.md
|- testrun.sh
|- src/
|   |- initramfs-suspend
|   |- ykfde.conf
|   |- ykfde-enroll
|   |- ykfde-format
|   |- ykfde-open
|   |- ykfde-suspend
|   |- ykfde-suspend.service
|   |- hooks/
|   |   |- ykfde
|   |- install/
|   |   |- ykfde

New file structure:

yubikey-full-disk-encryption
|- CONTRIBUTING.md
|- LICENSE
|- README.md
|- arch/
|   |- Makefile
|   |- PKGBUILD
|- debian/
|   |- key-script
|   |- Makefile
|   |- debian/
|   |    |- changelog
|   |    |- compat
|   |    |- control
|   |    |- copyright
|   |    |- rules
|   |    |- ykfde.postinst
|- src/
|   |- initramfs-suspend
|   |- ykfde.conf
|   |- ykfde-enroll
|   |- ykfde-format
|   |- ykfde-open
|   |- ykfde-suspend
|   |- ykfde-suspend.service
|   |- testrun.sh
|   |- hooks/
|   |   |- ykfde
|   |   |- ykfde-deb
|   |- install/
|   |   |- ykfde

crispy-landslide avatar Jan 12 '22 07:01 crispy-landslide

@crispy-landslide thx for working on this!

Separating Archlinux/Debian files is good idea. I think we should use archlinux instead of arch for better clarity (arch often stands for hardware architecture).

Also I think we need this separation for both packaging files and actual sources. Each file related only to creating distro packages should be placed in packaging/<distro_name> path while source files useful only in specific distro should be placed in src/<distro_name>.

Considering above I would make following changes:

arch/ -> packaging/archlinux
debian/ - > packaging/debian
debian/key-script -> src/debian/key-script
src/hooks/ykfde -> src/archlinux/hooks/ykfde
src/hooks/ykfde-deb -> src/debian/hooks/ykfde
src/install/ykfde -> src/archlinux/install/ykfde

Something like that. I may miss something but you can see the general logic.

EDIT: all suspend stuff should go to src/archlinux

Vincent43 avatar Jan 12 '22 19:01 Vincent43