/lib/cryptsetup/scripts/decrypt_openct is in cryptsetup 2:1.4.1-2ubuntu4.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | #!/bin/sh
#check_reader() {
# readerfound=0
#
# readertmp=$(/usr/bin/openct-tool list 2>&1)
# if [ $? = 0 ] ; then
# readerfound=1
# fi
#}
wait_reader() {
# check_reader
echo "Waiting for Smart Card reader..." >&2
/usr/bin/openct-tool rwait >/dev/null 2>&1
if [ $? != 0 ]; then
echo 'Failed to find Smart Card reader!' >&2
fi
# if [ $readerfound = 0 ] ; then
# tries=0
# while [ $readerfound == 0 -a $tries -lt 60 ] ; do
# echo "Waiting for Smart Card reader..." >&2
# sleep 1
# check_reader
# tries=$(($tries + 1))
# done
# if [ $readerfound = 0 ] ; then
# echo 'Failed to find Smart Card reader!' >&2
# exit 1
# fi
# fi
}
wait_card() {
echo "Waiting for Smart Card..." >&2
/usr/bin/openct-tool wait >/dev/null 2>&1
if [ $? != 0 ]; then
echo 'Failed to find Smart Card!' >&2
fi
}
/usr/sbin/openct-control init
wait_reader
wait_card
# Due to a bug in openct, the --label does not work on data objects, means,
# all data objects have by default the label 'pkcs15-init', that's why we are
# setting the label manually if none is configured by the user.
if [ -z "$1" ] || [ "$1" = "none" ] ; then
LABEL="pkcs15-init"
else
LABEL="$1"
fi
if [ -x /bin/plymouth ] && plymouth --ping; then
# Get pin number from plymouth
/usr/bin/pkcs15-tool --read-data-object $LABEL --pin "$(plymouth ask-for-password --prompt "Enter pin for $crypttarget ($cryptsource): ")" -o /proc/self/fd/3 3>&1 1>/dev/null 2>&1
else
# Interactive call, user enters pin
/usr/bin/pkcs15-tool --read-data-object $LABEL -o /proc/self/fd/3 3>&1 1>/dev/null 2>&1
fi
exit $?
|