I already posted this issue on stackoverflow and was politely redirected to this website. I hope this time, I'm at the right place :D
I wanted to automatize my Mint installation. One major part of my Mint installation is the encryption of the whole disk using a LUKS partition. To be able to unlock my device via my Yubikey I have to run the following line:
yubikey-luks-enroll -d /dev/sda3 -s 7
which you can get by installing sudo apt install yubikey-luks and works just fine. However, running this command using a here-document does not work.
When running the above command, I get asked twice to enter my password and afterwards the password of the LUKS partion:
sudo yubikey-luks-enroll -d /dev/sda3 -s 7
setting disk to /dev/sda3.
setting slot to 7.
This script will utilize slot 7 on drive /dev/sda3. If this is not what you intended, exit now!
Adding yubikey to initrd
Please enter the yubikey challenge password. This is the password that will only work while your yubikey is installed in your computer:
Please enter the yubikey challenge password again:
Please provide an existing passphrase. This is NOT the passphrase you just entered, this is the passphrase that you currently use to unlock your LUKS encrypted drive:
I though to automatize this step using the following bash script:
read PART
read -s DISKPWD
read -s PWD1
read -s PWD2
sudo yubikey-luks-enroll -d $PART -s 7 <<-EOF
$PWD1
$PWD2
$DISKPWD
EOF
Unfortunately, this only results in the following output:
setting disk to /dev/sda3.
setting slot to 7.
This script will utilize slot 7 on drive /dev/sda3. If this is not what you intended, exit now!
Adding yubikey to initrd
and even worse the terminal get stuck - you can enter stuff but it has no effect. Just CTRL + Z works.
With other installer script like the one for Anaconda I do have the same issue.
I also tried to run the command in the terminal without here-document, which works fine. Running the command with here-document in the terminal results in the same error as above. When removing the here-document in the Bash file, the command works.
If anybody is wondering, I have to setup multiple Yubikeys with the same credentials that's why I want to automatize the process.
Some user on stackoverflow suggested the this could be because the installer uses the terminal output instead of the std-in. If this is true, is there a here-document like function for the terminal input? I couldn't find it so far.
I'm not an experienced Linux user. Maybe it is just a simple mistake or misconception. I'm really interested in understanding, whats going wrong :)
Greetings, 133U
