cryptfs.in


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

#!/bin/bash
#
# #RCDDIR#/cryptfs: mount/umount encrypted partitions
#

set -o pipefail

cryptTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/crypttab | sed "s/^\s*//")"
fsTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/fstab | sed "s/^\s*//")"

cryptedFss="$(echo "${cryptTab}" | awk '{print "/dev/mapper/"$1}')"
neededKeyFss="$(
    for fs in $(echo "${fsTab}" | awk '{print $2}' | grep "^/")
    do
        if echo "${cryptTab}" | grep -q "^\S\+\s\+\S\+\s\+${fs}\(/\|\s\)"
        then
            echo "${fs}"
        fi
    done
)"

case $1 in

start)

    for neededKeyFs in ${neededKeyFss}
    do
        if ! mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s"
        then
            if echo "${fsTab}" | grep -q "^\(ssh\|ftp\)fs#\S*\s\+${neededKeyFs}\s"
            then
                maxWait=120
                while ! ip addr | grep -v "127\.0\.0\.1" | grep -q "^\s*inet\s[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/"
                do
                    >&2 echo -ne "."
                    sleep 1
                    maxWait=$[${maxWait}-1]
                done
            fi
            mount ${neededKeyFs} || exit $?
        fi
    done

    for ((cryptDeviceNum=0; cryptDeviceNum<$(echo "${cryptTab}" | wc -l); cryptDeviceNum++))
    do
        zeile="$(echo "${cryptTab}" | head -n$[${cryptDeviceNum}+1] | tail -n1)"
        name="$(echo "${zeile}" | awk '{print $1}')"
        device="$(echo "${zeile}" | awk '{print $2}')"
        if [[ "${device}" == "UUID="* ]]
        then
            device="#UUIDDIR#/${device#UUID=}"
        fi
        keyfile="$(echo "${zeile}" | awk '{print $3}')"
        if [ ! -b "#MAPDIR#/${name}" ]
        then
            cryptsetup luksOpen "${device}" "${name}" --key-file="${keyfile}" || exit $?
        fi
    done

    for cryptedFs in ${cryptedFss}
    do
        if ! mount | grep -q "^${cryptedFs}\s"
        then
            e2fsck ${cryptedFs}
            mount ${cryptedFs} || exit $?
        fi
    done

    ;;

stop)

    for cryptedFs in ${cryptedFss}
    do
        if mount | grep -q "^${cryptedFs}\s"
        then
            umount ${cryptedFs} || exit $?
        fi
    done

    for name in $(echo "${cryptTab}" | awk '{print $1}')
    do
        if [ -b "#MAPDIR#/${name}" ]
        then
            cryptsetup luksClose "${name}" || exit $?
        fi
    done

    for neededKeyFs in ${neededKeyFss}
    do
        if [ ! "${neededKeyFs}" == "/" ] && mount | grep -q "^\S\+\s\+on\s\+${neededKeyFs}\s"
        then
            umount ${neededKeyFs} || exit $?
        fi
    done

    ;;

    restart)
    $0 stop
    sleep 2
    $0 start
    ;;

*)
    echo "usage: $0 [start|stop|restart]"
    ;;

esac

# End of file