OLD | NEW |
---|---|
(Empty) | |
1 #!/bin/sh | |
2 | |
3 if [ -z "$1" ]; then | |
4 USERNAME="chronos" | |
5 else | |
6 USERNAME="$1" | |
7 fi | |
8 | |
9 PKCS11_GROUP="pkcs11" | |
10 | |
11 OPENCRYPTOKI_DIR="/var/lib/opencryptoki" | |
12 USER_TOKEN_LINK="$OPENCRYPTOKI_DIR/tpm/$USERNAME" | |
13 ROOT_TOKEN_LINK="$OPENCRYPTOKI_DIR/tpm/root" | |
14 | |
15 USER_TOKEN_DIR="/home/$USERNAME/user/.tpm" | |
16 | |
17 if [ -e "$USER_TOKEN_DIR/PUBLIC_ROOT_KEY.pem" -a \ | |
18 ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" ]; then | |
19 # A token with a public key but no private key is a sign that | |
20 # initialization timed out. The only way to recover seems to be to wipe | |
21 # out the whole token and try again. | |
22 logger "PKCS#11 token appears to be broken, deleting: $USER_TOKEN_DIR/*" | |
23 rm -rf $USER_TOKEN_DIR/* | |
Chris Masone
2010/08/23 23:56:28
perhaps "$USER_TOKEN_DIR"/*
to be as consistent a
| |
24 fi | |
25 | |
26 # Ensure the directories exist | |
27 mkdir -p "$OPENCRYPTOKI_DIR/tpm" | |
28 chown -R "root:$PKCS11_GROUP" "$OPENCRYPTOKI_DIR" | |
29 | |
30 # Ensure that they point to the user volume | |
31 [ -L "$USER_TOKEN_LINK" ] || \ | |
32 ln -sf "$USER_TOKEN_DIR" "$USER_TOKEN_LINK" | |
33 [ -L "$ROOT_TOKEN_LINK" ] || \ | |
34 ln -sf "./$USERNAME" "$ROOT_TOKEN_LINK" | |
35 | |
36 # Always remove the old token entry. | |
37 rm -f /var/lib/opencryptoki/pk_config_data | |
38 | |
39 # Creating this directory because if it's not there, token initialization | |
40 # will neither create it nor populate it. | |
41 mkdir -p "$USER_TOKEN_DIR/TOK_OBJ" | |
42 | |
43 # Configure the tpm as a token | |
44 pkcs_slot 0 tpm | |
45 | |
46 # Make sure the user can access their own data | |
47 chown -R "$USERNAME:$PKCS11_GROUP" "$USER_TOKEN_DIR" | |
OLD | NEW |