summaryrefslogtreecommitdiff
path: root/cryptfs.in
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2016-07-14 20:02:03 +0200
committerErich Eckner <git@eckner.net>2016-07-14 20:02:03 +0200
commitde388919813be05bb91e8bb744fe9c756c31e68a (patch)
treed9eaf86576733c6ccbc6e258240c18cd148c8b74 /cryptfs.in
downloadcryptfs-daemon-de388919813be05bb91e8bb744fe9c756c31e68a.tar.xz
alter, funktionierenden Zustand
Diffstat (limited to 'cryptfs.in')
-rw-r--r--cryptfs.in111
1 files changed, 111 insertions, 0 deletions
diff --git a/cryptfs.in b/cryptfs.in
new file mode 100644
index 0000000..d184a9c
--- /dev/null
+++ b/cryptfs.in
@@ -0,0 +1,111 @@
+#!/bin/bash
+#
+# #RCDDIR#/cryptfs: mount/umount encrypted partitions
+#
+
+set -o pipefail
+
+cryptTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/crypttab | sed "s/^\s*//")"
+fsTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/fstab | sed "s/^\s*//")"
+
+cryptedFss="$(echo "${cryptTab}" | awk '{print "/dev/mapper/"$1}')"
+neededKeyFss="$(
+ for fs in $(echo "${fsTab}" | awk '{print $2}' | grep "^/")
+ do
+ if echo "${cryptTab}" | grep -q "^\S\+\s\+\S\+\s\+${fs}\(/\|\s\)"
+ then
+ echo "${fs}"
+ fi
+ done
+)"
+
+case $1 in
+
+start)
+
+ for neededKeyFs in ${neededKeyFss}
+ do
+ if ! mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s"
+ then
+ if echo "${fsTab}" | grep -q "^\(ssh\|ftp\)fs#\S*\s\+${neededKeyFs}\s"
+ then
+ maxWait=120
+ while ! ip addr | grep -v "127\.0\.0\.1" | grep -q "^\s*inet\s[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/"
+ do
+ >&2 echo -ne "."
+ sleep 1
+ maxWait=$[${maxWait}-1]
+ done
+ fi
+ mount ${neededKeyFs} || exit $?
+ fi
+ done
+
+ for ((cryptDeviceNum=0; cryptDeviceNum<$(echo "${cryptTab}" | wc -l); cryptDeviceNum++))
+ do
+ zeile="$(echo "${cryptTab}" | head -n$[${cryptDeviceNum}+1] | tail -n1)"
+ name="$(echo "${zeile}" | awk '{print $1}')"
+ device="$(echo "${zeile}" | awk '{print $2}')"
+ if [[ "${device}" == "UUID="* ]]
+ then
+ device="#UUIDDIR#/${device#UUID=}"
+ fi
+ keyfile="$(echo "${zeile}" | awk '{print $3}')"
+ if [ ! -b "#MAPDIR#/${name}" ]
+ then
+ cryptsetup luksOpen "${device}" "${name}" --key-file="${keyfile}" || exit $?
+ fi
+ done
+
+ for cryptedFs in ${cryptedFss}
+ do
+ if ! mount | grep -q "^${cryptedFs}\s"
+ then
+ e2fsck ${cryptedFs}
+ mount ${cryptedFs} || exit $?
+ fi
+ done
+
+ ;;
+
+stop)
+
+ for cryptedFs in ${cryptedFss}
+ do
+ if mount | grep -q "^${cryptedFs}\s"
+ then
+ umount ${cryptedFs} || exit $?
+ fi
+ done
+
+ for name in $(echo "${cryptTab}" | awk '{print $1}')
+ do
+ if [ -b "#MAPDIR#/${name}" ]
+ then
+ cryptsetup luksClose "${name}" || exit $?
+ fi
+ done
+
+ for neededKeyFs in ${neededKeyFss}
+ do
+ if [ ! "${neededKeyFs}" == "/" ] && mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s"
+ then
+ umount ${neededKeyFs} || exit $?
+ fi
+ done
+
+ ;;
+
+ restart)
+ $0 stop
+ sleep 2
+ $0 start
+ ;;
+
+*)
+ echo "usage: $0 [start|stop|restart]"
+ ;;
+
+esac
+
+# End of file