From de388919813be05bb91e8bb744fe9c756c31e68a Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 14 Jul 2016 20:02:03 +0200 Subject: alter, funktionierenden Zustand --- .gitignore | 1 + Makefile | 51 ++++++++++++++++++++++++++++ cryptfs.in | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 163 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 cryptfs.in diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..69509e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +cryptfs diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c661a11 --- /dev/null +++ b/Makefile @@ -0,0 +1,51 @@ +# +# cryptfs-daemon - init script to mount crypted filesystems after their requirements, ... +# +# Copyright (c) 2016 Erich Eckner +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. +# + +DESTDIR = +ETCDIR = /etc +DEVDIR = /dev +UUIDDIR = $(DEVDIR)/disk/by-uuid +MAPDIR = $(DEVDIR)/mapper +RCDDIR = $(ETCDIR)/rc.d + +VERSION = 0.0 + +all: cryptfs + +%: %.in + sed "s/#VERSION#/$(VERSION)/; s@#DEVDIR#@$(DEVDIR)@; s@#ETCDIR#@$(ETCDIR)@; s@#UUIDDIR#@$(UUIDDIR)@; s@#MAPDIR#@$(MAPDIR)@; s@#RCDDIR#@$(RCDDIR)@" $< > $@ + +.PHONY: install dist clean + +install: all + install -D -m0755 cryptfs $(DESTDIR)$(RCDDIR)/ + +clean: + rm -f cryptfs + +dist: clean + git status --porcelain 2> /dev/null | grep -q "\S" && (git add .; git commit -m"neue Version: $(VERSION)") || true + ! git tag -d v$(VERSION) 2> /dev/null + git tag v$(VERSION) + git push + git push --tags + +# End of file diff --git a/cryptfs.in b/cryptfs.in new file mode 100644 index 0000000..d184a9c --- /dev/null +++ b/cryptfs.in @@ -0,0 +1,111 @@ +#!/bin/bash +# +# #RCDDIR#/cryptfs: mount/umount encrypted partitions +# + +set -o pipefail + +cryptTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/crypttab | sed "s/^\s*//")" +fsTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/fstab | sed "s/^\s*//")" + +cryptedFss="$(echo "${cryptTab}" | awk '{print "/dev/mapper/"$1}')" +neededKeyFss="$( + for fs in $(echo "${fsTab}" | awk '{print $2}' | grep "^/") + do + if echo "${cryptTab}" | grep -q "^\S\+\s\+\S\+\s\+${fs}\(/\|\s\)" + then + echo "${fs}" + fi + done +)" + +case $1 in + +start) + + for neededKeyFs in ${neededKeyFss} + do + if ! mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s" + then + if echo "${fsTab}" | grep -q "^\(ssh\|ftp\)fs#\S*\s\+${neededKeyFs}\s" + then + maxWait=120 + while ! ip addr | grep -v "127\.0\.0\.1" | grep -q "^\s*inet\s[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/" + do + >&2 echo -ne "." + sleep 1 + maxWait=$[${maxWait}-1] + done + fi + mount ${neededKeyFs} || exit $? + fi + done + + for ((cryptDeviceNum=0; cryptDeviceNum<$(echo "${cryptTab}" | wc -l); cryptDeviceNum++)) + do + zeile="$(echo "${cryptTab}" | head -n$[${cryptDeviceNum}+1] | tail -n1)" + name="$(echo "${zeile}" | awk '{print $1}')" + device="$(echo "${zeile}" | awk '{print $2}')" + if [[ "${device}" == "UUID="* ]] + then + device="#UUIDDIR#/${device#UUID=}" + fi + keyfile="$(echo "${zeile}" | awk '{print $3}')" + if [ ! -b "#MAPDIR#/${name}" ] + then + cryptsetup luksOpen "${device}" "${name}" --key-file="${keyfile}" || exit $? + fi + done + + for cryptedFs in ${cryptedFss} + do + if ! mount | grep -q "^${cryptedFs}\s" + then + e2fsck ${cryptedFs} + mount ${cryptedFs} || exit $? + fi + done + + ;; + +stop) + + for cryptedFs in ${cryptedFss} + do + if mount | grep -q "^${cryptedFs}\s" + then + umount ${cryptedFs} || exit $? + fi + done + + for name in $(echo "${cryptTab}" | awk '{print $1}') + do + if [ -b "#MAPDIR#/${name}" ] + then + cryptsetup luksClose "${name}" || exit $? + fi + done + + for neededKeyFs in ${neededKeyFss} + do + if [ ! "${neededKeyFs}" == "/" ] && mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s" + then + umount ${neededKeyFs} || exit $? + fi + done + + ;; + + restart) + $0 stop + sleep 2 + $0 start + ;; + +*) + echo "usage: $0 [start|stop|restart]" + ;; + +esac + +# End of file -- cgit v1.2.3-54-g00ecf