projects
/
grml-crypt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Release new version 0.19.
[grml-crypt.git]
/
grml-crypt
diff --git
a/grml-crypt
b/grml-crypt
index
40f95ea
..
a205033
100755
(executable)
--- a/
grml-crypt
+++ b/
grml-crypt
@@
-1,4
+1,4
@@
-#!/bin/sh
+#!/bin/
ba
sh
# Filename: grml-crypt
# Purpose: Program to format, mount and unmount encrypted devices/files
# Authors: Michael Gebetsroither <gebi@grml.org>
# Filename: grml-crypt
# Purpose: Program to format, mount and unmount encrypted devices/files
# Authors: Michael Gebetsroither <gebi@grml.org>
@@
-35,12
+35,13
@@
DM_PATH_=""
ACTION_=""
DM_PREFIX_="grml-crypt_"
FORCE_='false'
ACTION_=""
DM_PREFIX_="grml-crypt_"
FORCE_='false'
-OVERWRITE_SOURCE_DEV_='/dev/urandom'
+FSCK_='false'
+ENTROPY_SOURCE_='/dev/urandom'
OPTIMIZED_MODE_SET_='false'
OPTIMIZING_LEVEL_=0
OPTIMIZED_MODE_SET_='false'
OPTIMIZING_LEVEL_=0
-CIPHER_SIZE_="
128
"
+CIPHER_SIZE_="
256
"
CIPHER_="aes-cbc-essiv:sha256"
CIPHER_="aes-cbc-essiv:sha256"
-ITERATION_TIME_="1"
+ITERATION_TIME_="1
000
"
ADDITIONAL_CRYPTSETUP_ARGS_=""
READONLY_SET_='false'
ADDITIONAL_MOUNT_ARGS_=""
ADDITIONAL_CRYPTSETUP_ARGS_=""
READONLY_SET_='false'
ADDITIONAL_MOUNT_ARGS_=""
@@
-65,6
+66,7
@@
OPTIONS:
-o optimised initialisation mode (should be as secure as the default but faster)
-y verifies the passphrase by asking for it twice
-f force file overwriting in format mode and/or disable confirmation dialog
-o optimised initialisation mode (should be as secure as the default but faster)
-y verifies the passphrase by asking for it twice
-f force file overwriting in format mode and/or disable confirmation dialog
+ -F only for action start: run fsck before mounting the filesystem. Use fsck's -f option if given twice.
-m additional arguments to mount
-v verbose (show what is going on, v++)
-h this help text
-m additional arguments to mount
-v verbose (show what is going on, v++)
-h this help text
@@
-184,6
+186,11
@@
function actionStart
$READONLY_SET_ && cargs_='--readonly'
execute "$CRYPTSETUP_ $cargs_ luksOpen $TARGET_ $DM_NAME_" warn || execute "losetup -d $TARGET_" || \
die "could not luksOpen $TARGET_"
$READONLY_SET_ && cargs_='--readonly'
execute "$CRYPTSETUP_ $cargs_ luksOpen $TARGET_ $DM_NAME_" warn || execute "losetup -d $TARGET_" || \
die "could not luksOpen $TARGET_"
+ if [[ "$FSCK_" == "true" ]] ; then
+ execute "fsck -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+ elif [[ "$FSCK_" == "trueforce" ]] ; then
+ execute "fsck -f -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+ fi
margs_=""
$READONLY_SET_ && margs_='-r'
execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
margs_=""
$READONLY_SET_ && margs_='-r'
execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
@@
-262,13
+269,13
@@
function actionFormat
execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
die "could not initialise $TARGET_ with /dev/zero"
else
execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
die "could not initialise $TARGET_ with /dev/zero"
else
- if [[ $
OVERWRITE_SOURCE_DEV
_ == '/dev/zero' ]]; then
+ if [[ $
ENTROPY_SOURCE
_ == '/dev/zero' ]]; then
echo "INSERCURE mode"
else
echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
fi
echo "INSERCURE mode"
else
echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
fi
- execute "dd if=$
OVERWRITE_SOURCE_DEV
_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
- die "could not initialise $TARGET_ with $
OVERWRITE_SOURCE_DEV
_"
+ execute "dd if=$
ENTROPY_SOURCE
_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
+ die "could not initialise $TARGET_ with $
ENTROPY_SOURCE
_"
fi
fi
fi
fi
@@
-276,7
+283,7
@@
function actionFormat
# TARGET_ is now /dev/loop<x>
execute "losetup $TARGET_ $ORIG_TARGET_" die
# TARGET_ is now /dev/loop<x>
execute "losetup $TARGET_ $ORIG_TARGET_" die
- if [[ $OPTIMIZED_MODE_SET_ == 'true' || $
OVERWRITE_SOURCE_DEV
_ == '/dev/zero' ]]; then
+ if [[ $OPTIMIZED_MODE_SET_ == 'true' || $
ENTROPY_SOURCE
_ == '/dev/zero' ]]; then
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
die "could not initialise the fist 2MB of $TARGET_ with /dev/urandom"
fi
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
die "could not initialise the fist 2MB of $TARGET_ with /dev/urandom"
fi
@@
-290,12
+297,12
@@
function actionFormat
echo "optimised SECURE mode"
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" ||\
die "could not initialise the first 2MB of $TARGET_ with /dev/urandom"
echo "optimised SECURE mode"
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" ||\
die "could not initialise the first 2MB of $TARGET_ with /dev/urandom"
- elif [[ $
OVERWRITE_SOURCE_DEV
_ != '/dev/zero' ]]; then
+ elif [[ $
ENTROPY_SOURCE
_ != '/dev/zero' ]]; then
# default mode
# default mode
- echo "SECURE mode (taking $
OVERWRITE_SOURCE_DEV
_ as source, this could take some time)"
- execute "dd if=$
OVERWRITE_SOURCE_DEV
_ of=$TARGET_ bs=1M &>/dev/null" #||\
+ echo "SECURE mode (taking $
ENTROPY_SOURCE
_ as source, this could take some time)"
+ execute "dd if=$
ENTROPY_SOURCE
_ of=$TARGET_ bs=1M &>/dev/null" #||\
# skipped because "no space left on device" from dd
# skipped because "no space left on device" from dd
- # die "could not initialise $TARGET_ with $
OVERWRITE_SOURCE_DEV
_"
+ # die "could not initialise $TARGET_ with $
ENTROPY_SOURCE
_"
else
echo 'INSECURE mode (only initialising the fist 2MB with /dev/urandom)'
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
else
echo 'INSECURE mode (only initialising the fist 2MB with /dev/urandom)'
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
@@
-334,18
+341,24
@@
function actionFormat
### __MAIN
###
### __MAIN
###
-while getopts "s:t:rzoyfm:hvS:C:I:A:" opt; do
+while getopts "s:t:rzoyf
F
m:hvS:C:I:A:" opt; do
case "$opt" in
s) SIZE_="$OPTARG"; SIZE_SET_='true' ;;
t) FSTYPE_="$OPTARG" ;;
r) READONLY_SET_='true' ;;
z) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
case "$opt" in
s) SIZE_="$OPTARG"; SIZE_SET_='true' ;;
t) FSTYPE_="$OPTARG" ;;
r) READONLY_SET_='true' ;;
z) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
-
OVERWRITE_SOURCE_DEV
_='/dev/zero'
+
ENTROPY_SOURCE
_='/dev/zero'
warn 'initialising from INSECURE source /dev/zero' ;;
o) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
OPTIMIZED_MODE_SET_='true' ;;
y) VERIFY_PW_="--verify-passphrase" ;;
f) FORCE_='true' ;;
warn 'initialising from INSECURE source /dev/zero' ;;
o) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
OPTIMIZED_MODE_SET_='true' ;;
y) VERIFY_PW_="--verify-passphrase" ;;
f) FORCE_='true' ;;
+ F) if [[ "$FSCK_" == "true" ]] ; then
+ FSCK_='trueforce'
+ else
+ FSCK_='true'
+ fi
+ ;;
m) ADDITIONAL_MOUNT_ARGS_="$OPTARG" ;;
h) printUsage; exit ;;
v) let verbose_=$verbose_+1 ;;
m) ADDITIONAL_MOUNT_ARGS_="$OPTARG" ;;
h) printUsage; exit ;;
v) let verbose_=$verbose_+1 ;;