1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-28 07:21:32 +03:00
systemd-stable/man/yubikey-crypttab.sh
Zbigniew Jędrzejewski-Szmek 1fe6d37ea5 man: change license of examples to MIT-0
Quoting Richard Fontana in [1]:

  CC0 has been listed by Fedora as a 'good' license for code and content
  (corresponding to allowed and allowed-content under the new system). We plan
  to classify CC0 as allowed-content only, so that CC0 would no longer be
  allowed for code.

  Over a long period of time a consensus has been building in FOSS that
  licenses that preclude any form of patent licensing or patent forbearance
  cannot be considered FOSS. CC0 has a clause that says: "No trademark or
  patent rights held by Affirmer are waived, abandoned, surrendered, licensed
  or otherwise affected by this document." (The trademark side of that clause
  is nonproblematic from a FOSS licensing norms standpoint.) The regular
  Creative Commons licenses have similar clauses.

For the case of our documentation snippets, patent issues do not matter much.
But it is always nicer to have a license that is considerred acceptable without
any further considerations. So let's change the license to the (now recommended
replacement) MIT-0.

[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NO7KGDNL5GX3KCB7T3XTGFA3QPSUJA6R/

Using 'git blame -b' and 'git log -p --follow', I identified the following
folks as having made non-trivial changes to those snippets:

  Lennart Poettering
  Tom Gundersen
  Luca Bocassi
  Zbigniew Jędrzejewski-Szmek
  Thomas Mühlbacher
  Daan De Meyer

I'll ask for confirmation in the pull request.
2022-10-26 08:39:34 +02:00

29 lines
1.1 KiB
Bash

# SPDX-License-Identifier: MIT-0
# Destroy any old key on the Yubikey (careful!)
ykman piv reset
# Generate a new private/public key pair on the device, store the public key in
# 'pubkey.pem'.
ykman piv generate-key -a RSA2048 9d pubkey.pem
# Create a self-signed certificate from this public key, and store it on the
# device. The "subject" should be an arbitrary user-chosen string to identify
# the token with.
ykman piv generate-certificate --subject "Knobelei" 9d pubkey.pem
# We don't need the public key anymore, let's remove it. Since it is not
# security sensitive we just do a regular "rm" here.
rm pubkey.pem
# Enroll the freshly initialized security token in the LUKS2 volume. Replace
# /dev/sdXn by the partition to use (e.g. /dev/sda1).
sudo systemd-cryptenroll --pkcs11-token-uri=auto /dev/sdXn
# Test: Let's run systemd-cryptsetup to test if this all worked.
sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - pkcs11-uri=auto
# If that worked, let's now add the same line persistently to /etc/crypttab,
# for the future.
sudo bash -c 'echo "mytest /dev/sdXn - pkcs11-uri=auto" >> /etc/crypttab'