diff options
author | Erich Eckner <git@eckner.net> | 2016-07-14 20:02:03 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2016-07-14 20:02:03 +0200 |
commit | de388919813be05bb91e8bb744fe9c756c31e68a (patch) | |
tree | d9eaf86576733c6ccbc6e258240c18cd148c8b74 /cryptfs.in | |
download | cryptfs-daemon-de388919813be05bb91e8bb744fe9c756c31e68a.tar.xz |
alter, funktionierenden Zustand
Diffstat (limited to 'cryptfs.in')
-rw-r--r-- | cryptfs.in | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/cryptfs.in b/cryptfs.in new file mode 100644 index 0000000..d184a9c --- /dev/null +++ b/cryptfs.in @@ -0,0 +1,111 @@ +#!/bin/bash +# +# #RCDDIR#/cryptfs: mount/umount encrypted partitions +# + +set -o pipefail + +cryptTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/crypttab | sed "s/^\s*//")" +fsTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/fstab | sed "s/^\s*//")" + +cryptedFss="$(echo "${cryptTab}" | awk '{print "/dev/mapper/"$1}')" +neededKeyFss="$( + for fs in $(echo "${fsTab}" | awk '{print $2}' | grep "^/") + do + if echo "${cryptTab}" | grep -q "^\S\+\s\+\S\+\s\+${fs}\(/\|\s\)" + then + echo "${fs}" + fi + done +)" + +case $1 in + +start) + + for neededKeyFs in ${neededKeyFss} + do + if ! mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s" + then + if echo "${fsTab}" | grep -q "^\(ssh\|ftp\)fs#\S*\s\+${neededKeyFs}\s" + then + maxWait=120 + while ! ip addr | grep -v "127\.0\.0\.1" | grep -q "^\s*inet\s[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/" + do + >&2 echo -ne "." + sleep 1 + maxWait=$[${maxWait}-1] + done + fi + mount ${neededKeyFs} || exit $? + fi + done + + for ((cryptDeviceNum=0; cryptDeviceNum<$(echo "${cryptTab}" | wc -l); cryptDeviceNum++)) + do + zeile="$(echo "${cryptTab}" | head -n$[${cryptDeviceNum}+1] | tail -n1)" + name="$(echo "${zeile}" | awk '{print $1}')" + device="$(echo "${zeile}" | awk '{print $2}')" + if [[ "${device}" == "UUID="* ]] + then + device="#UUIDDIR#/${device#UUID=}" + fi + keyfile="$(echo "${zeile}" | awk '{print $3}')" + if [ ! -b "#MAPDIR#/${name}" ] + then + cryptsetup luksOpen "${device}" "${name}" --key-file="${keyfile}" || exit $? + fi + done + + for cryptedFs in ${cryptedFss} + do + if ! mount | grep -q "^${cryptedFs}\s" + then + e2fsck ${cryptedFs} + mount ${cryptedFs} || exit $? + fi + done + + ;; + +stop) + + for cryptedFs in ${cryptedFss} + do + if mount | grep -q "^${cryptedFs}\s" + then + umount ${cryptedFs} || exit $? + fi + done + + for name in $(echo "${cryptTab}" | awk '{print $1}') + do + if [ -b "#MAPDIR#/${name}" ] + then + cryptsetup luksClose "${name}" || exit $? + fi + done + + for neededKeyFs in ${neededKeyFss} + do + if [ ! "${neededKeyFs}" == "/" ] && mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s" + then + umount ${neededKeyFs} || exit $? + fi + done + + ;; + + restart) + $0 stop + sleep 2 + $0 start + ;; + +*) + echo "usage: $0 [start|stop|restart]" + ;; + +esac + +# End of file |