X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=grml-crypt;h=5bcd12e002b2d00426b7625388270835dbba6ed0;hb=fd577270569c91d9d98ce950264d5df2915292d5;hp=5e8a0ca62fd8fc5d7639ffa072933281e6708431;hpb=439a12cfbad2c0b2b45fa6fa13a184679c0fb704;p=grml-crypt.git

diff --git a/grml-crypt b/grml-crypt
index 5e8a0ca..5bcd12e 100755
--- a/grml-crypt
+++ b/grml-crypt
@@ -35,16 +35,19 @@ DM_PATH_=""
 ACTION_=""
 DM_PREFIX_="grml-crypt_"
 FORCE_='false'
-OVERWRITE_SOURCE_DEV_='/dev/urandom'
+FSCK_='false'
+FSCK_EXTRA_OPTS_=""
+ENTROPY_SOURCE_='/dev/urandom'
 OPTIMIZED_MODE_SET_='false'
 OPTIMIZING_LEVEL_=0
-CIPHER_SIZE_="128"
+CIPHER_SIZE_="256"
 CIPHER_="aes-cbc-essiv:sha256"
 ITERATION_TIME_="1000"
 ADDITIONAL_CRYPTSETUP_ARGS_=""
 READONLY_SET_='false'
 ADDITIONAL_MOUNT_ARGS_=""
 BATCH_MODE_="--batch-mode"
+PV_='/usr/bin/pv'
 
 ###
 ### __FUNCTIONS
@@ -65,6 +68,10 @@ OPTIONS:
    -o         optimised initialisation mode (should be as secure as the default but faster)
    -y         verifies the passphrase by asking for it twice
    -f         force file overwriting in format mode and/or disable confirmation dialog
+   -F         only for action start: run fsck before mounting the filesystem.
+              Use fsck's -f option if given twice.
+   -X         Read next argument as a list of options to pass to fsck:
+              'grml-crypt -FF -X "-y -T" start /dev/ice' will run fsck with options -y and -T.
    -m         additional arguments to mount
    -v         verbose (show what is going on, v++)
    -h         this help text
@@ -80,8 +87,8 @@ ACTIONS:
               Format a device or a file (is created with the given size if it
               does not exist) with the given filesystem and mount it, if a
               mountpoint was given.
-   start  <device/file> <mountpoint>
-              Mount the device/file in the mountpoint.
+   start  <device/file> [mountpoint]
+              Mount the device/file in the mountpoint or to a default mountpoint.
    stop   <mountpoint>
               Umount the given mountpoint (umount, luksClose, losetup -d)
 
@@ -123,6 +130,10 @@ function formatDevice
 {
   type_="$1"  # could be donothing or init
   ret_=0
+  local ddcmd_="dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null"
+  if [[ -x "$PV_" && $verbose_ -ge 3 ]] ; then
+    ddcmd_="dd if=/dev/zero bs=1M 2>/dev/null | $PV_ | dd of=$DM_PATH_ bs=1M &>/dev/null"
+  fi
 
   args_="$VERIFY_PW_ $BATCH_MODE_ --key-size $CIPHER_SIZE_ --cipher $CIPHER_ --iter-time $ITERATION_TIME_ $ADDITIONAL_CRYPTSETUP_ARGS_"
   #args_=`echo "$args_" |tr -s ' '`
@@ -133,7 +144,7 @@ function formatDevice
   if [[ $type_ == 'init' && $OPTIMIZED_MODE_SET_ == 'true' ]]; then
     echo "finishing optimised initialisation (this could take some time)"
     # FIXME
-    execute "dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null" # || \
+    execute "$ddcmd_" # || \
     #  warn "could not finish optimised initialisation properly"
     ret_=$?
     # cutted out because of no space left on device error :(
@@ -159,13 +170,13 @@ function actionStart
 {
   ret_=0
 
-  # no mountpoint, by-by
   if [[ "$MOUNT_POINT_" == "" ]]; then
-    printUsage
-    die 'no mountpoint given'
-  fi
-  if [ ! -d "$MOUNT_POINT_" ]; then
-    die "mountpoint $MOUNT_POINT_ does not exist"
+    MOUNT_POINT_="/mnt/$DM_NAME_"
+  else
+    # error out if mountpoint was given but doesn't exist
+    if [ ! -d "$MOUNT_POINT_" ]; then
+      die "mountpoint $MOUNT_POINT_ does not exist"
+    fi
   fi
   # removed due to unionfs problem isLuks does not work with filesystem images
   # without losetup
@@ -184,8 +195,18 @@ function actionStart
   $READONLY_SET_ && cargs_='--readonly'
   execute "$CRYPTSETUP_ $cargs_ luksOpen $TARGET_ $DM_NAME_" warn || execute "losetup -d $TARGET_" || \
     die "could not luksOpen $TARGET_"
+  if [[ "$FSCK_" == "true" ]] ; then
+    execute "fsck $FSCK_EXTRA_OPTS_ -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+  elif [[ "$FSCK_" == "trueforce" ]] ; then
+    execute "fsck -f $FSCK_EXTRA_OPTS_ -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+  fi
   margs_=""
   $READONLY_SET_ && margs_='-r'
+  # mountpoint was not given so we use the default one which we need to create first
+  if [ ! -d "$MOUNT_POINT_" ]; then
+    execute "mkdir -p '$MOUNT_POINT_'" || die "failed to create mountpoint $MOUNT_POINT_"
+  fi
+  udevadm settle
   execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
 }
 
@@ -204,20 +225,38 @@ function actionStop
   dm_path_=`echo $dm_path_ |awk '{print $1}'` || die "could not get devicemapper name for $tmp_"
   dprint "dm_path_=\"$dm_path_\""
 
+  # check for symlinks
+  unset tmp_dm_path_
+  for dmapper in /dev/mapper/grml-crypt* ; do
+    link=$(readlink -f "$dmapper")
+    dprint "looping device mapper devices, dmapper=$dmapper => link=$link"
+    if [ "$link" = "$dm_path_" ] ; then
+      tmp_dm_path_="$dmapper"
+    fi
+  done
+
+  if [ -n "$tmp_dm_path_" ] ; then
+    dm_path_="$tmp_dm_path_"
+    unset tmp_dm_path_
+  fi
+
   dm_name_="${dm_path_##*/}"
   dprint "dm_name_=\"$dm_name_\""
 
-  dmsetup info $dm_name_ >/dev/null ||die "$dm_name_ is not aktive"
+  dmsetup info $dm_name_ >/dev/null ||die "$dm_name_ is not active"
   device_=`$CRYPTSETUP_ status $dm_name_ |awk '/device:/{print $2}'` || \
     die "could not get underlying device of $dm_path_"
   dprint "device_=\"$device_\""
 
   execute "umount $dm_path_" die "could not unmount $device_"
+  if [[ "$MOUNT_POINT_" == "/mnt/$dm_name_" ]]; then
+    rmdir "$MOUNT_POINT_"
+  fi
   execute "$CRYPTSETUP_ luksClose $dm_name_" die "could not close $dm_path_"
   echo "$device_" |grep loop &>/dev/null && execute "losetup -d $device_" \
     die "could not delete loop device $device_" || \
     execute "losetup -d $device_ &>/dev/null" eprint "could not delete loop device $device_, \
-this device could possible not be a loop device => maybe bogus error"
+this device possibly is not a loop device => maybe bogus error"
   notice "$mp_ successfully unmountet/closed/deleted"
 }
 
@@ -242,6 +281,7 @@ function actionFormat
   IS_IMAGE_='false'
   ret_=0
   init_='init'
+  local ddcmd_
 
   if (( $SIZE_ < 3 )); then
     die "the minimum size of an encrypted luks partition should be 2"
@@ -262,13 +302,13 @@ function actionFormat
         execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
           die "could not initialise $TARGET_ with /dev/zero"
       else
-        if [[ $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+        if [[ $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
           echo "INSERCURE mode"
         else
           echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
         fi
-        execute "dd if=$OVERWRITE_SOURCE_DEV_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
-          die "could not initialise $TARGET_ with $OVERWRITE_SOURCE_DEV_"
+        execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
+          die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
       fi
     fi
 
@@ -276,7 +316,7 @@ function actionFormat
 
     # TARGET_ is now /dev/loop<x>
     execute "losetup $TARGET_ $ORIG_TARGET_" die
-    if [[ $OPTIMIZED_MODE_SET_ == 'true' || $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+    if [[ $OPTIMIZED_MODE_SET_ == 'true' || $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
       die "could not initialise the fist 2MB of $TARGET_ with /dev/urandom"
     fi
@@ -290,12 +330,16 @@ function actionFormat
       echo "optimised SECURE mode"
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" ||\
         die "could not initialise the first 2MB of $TARGET_ with /dev/urandom"
-    elif [[ $OVERWRITE_SOURCE_DEV_ != '/dev/zero' ]]; then
+    elif [[ $ENTROPY_SOURCE_ != '/dev/zero' ]]; then
       # default mode
-      echo "SECURE mode (taking $OVERWRITE_SOURCE_DEV_ as source, this could take some time)"
-      execute "dd if=$OVERWRITE_SOURCE_DEV_ of=$TARGET_ bs=1M &>/dev/null" #||\
+      echo "SECURE mode (taking $ENTROPY_SOURCE_ as source, this could take some time)"
+      ddcmd_="dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M &>/dev/null"
+      if [[ -x "$PV_" && $verbose_ -ge 3 ]] ; then
+        ddcmd_="dd if=$ENTROPY_SOURCE_ bs=1M 2>/dev/null | $PV_ | dd of=$TARGET_ bs=1M &>/dev/null"
+      fi
+      execute "$ddcmd_" # ||\
         # skipped because "no space left on device" from dd
-        # die "could not initialise $TARGET_ with $OVERWRITE_SOURCE_DEV_"
+        # die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
     else
       echo 'INSECURE mode (only initialising the fist 2MB with /dev/urandom)'
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
@@ -334,18 +378,25 @@ function actionFormat
 ### __MAIN
 ###
 
-while getopts "s:t:rzoyfm:hvS:C:I:A:" opt; do
+while getopts "s:t:rzoyfFm:hvS:C:I:A:X:" opt; do
   case "$opt" in
     s) SIZE_="$OPTARG"; SIZE_SET_='true' ;;
     t) FSTYPE_="$OPTARG" ;;
     r) READONLY_SET_='true' ;;
     z) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
-        OVERWRITE_SOURCE_DEV_='/dev/zero'
+        ENTROPY_SOURCE_='/dev/zero'
         warn 'initialising from INSECURE source /dev/zero' ;;
     o) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
         OPTIMIZED_MODE_SET_='true' ;;
     y) VERIFY_PW_="--verify-passphrase" ;;
     f) FORCE_='true' ;;
+    F) if [[ "$FSCK_" == "true" ]] ; then
+         FSCK_='trueforce'
+       else
+         FSCK_='true'
+       fi
+      ;;
+    X) FSCK_EXTRA_OPTS_="$OPTARG" ;;
     m) ADDITIONAL_MOUNT_ARGS_="$OPTARG" ;;
     h) printUsage; exit ;;
     v) let verbose_=$verbose_+1 ;;