Kyle Isom
c835358829
Go CLI using cobra with mount, unmount, status, and init subcommands. Unlocks via udisks2 D-Bus (passphrase/keyfile) or cryptsetup (FIDO2/TPM2) with ordered method fallback. Includes NixOS-specific LD_LIBRARY_PATH injection for systemd cryptsetup token plugins. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
44 lines
1.3 KiB
Go
44 lines
1.3 KiB
Go
package udisks
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/godbus/dbus/v5"
|
|
)
|
|
|
|
// Unlock unlocks a LUKS device with a passphrase and returns the cleartext device.
|
|
func (c *Client) Unlock(dev *BlockDevice, passphrase string) (*BlockDevice, error) {
|
|
obj := c.conn.Object(busName, dev.ObjectPath)
|
|
|
|
var cleartextPath dbus.ObjectPath
|
|
err := obj.Call(ifaceEncrypted+".Unlock", 0, passphrase, noOptions()).Store(&cleartextPath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unlocking %s: %w", dev.DevicePath, err)
|
|
}
|
|
|
|
return c.DeviceAtPath(cleartextPath)
|
|
}
|
|
|
|
// UnlockWithKeyfile unlocks a LUKS device with keyfile contents.
|
|
func (c *Client) UnlockWithKeyfile(dev *BlockDevice, keyContents []byte) (*BlockDevice, error) {
|
|
obj := c.conn.Object(busName, dev.ObjectPath)
|
|
|
|
options := map[string]dbus.Variant{
|
|
"keyfile_contents": dbus.MakeVariant(keyContents),
|
|
}
|
|
|
|
var cleartextPath dbus.ObjectPath
|
|
err := obj.Call(ifaceEncrypted+".Unlock", 0, "", options).Store(&cleartextPath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("unlocking %s with keyfile: %w", dev.DevicePath, err)
|
|
}
|
|
|
|
return c.DeviceAtPath(cleartextPath)
|
|
}
|
|
|
|
// Lock locks a LUKS device.
|
|
func (c *Client) Lock(dev *BlockDevice) error {
|
|
obj := c.conn.Object(busName, dev.ObjectPath)
|
|
return obj.Call(ifaceEncrypted+".Lock", 0, noOptions()).Err
|
|
}
|