X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=grml-crypt;h=a205033f8683d4ce9d74cbc01c6b921a20027864;hb=0cf1b314a5c3f104008a7d11e2eddaa995222324;hp=5e8a0ca62fd8fc5d7639ffa072933281e6708431;hpb=439a12cfbad2c0b2b45fa6fa13a184679c0fb704;p=grml-crypt.git

diff --git a/grml-crypt b/grml-crypt
index 5e8a0ca..a205033 100755
--- a/grml-crypt
+++ b/grml-crypt
@@ -35,10 +35,11 @@ DM_PATH_=""
 ACTION_=""
 DM_PREFIX_="grml-crypt_"
 FORCE_='false'
-OVERWRITE_SOURCE_DEV_='/dev/urandom'
+FSCK_='false'
+ENTROPY_SOURCE_='/dev/urandom'
 OPTIMIZED_MODE_SET_='false'
 OPTIMIZING_LEVEL_=0
-CIPHER_SIZE_="128"
+CIPHER_SIZE_="256"
 CIPHER_="aes-cbc-essiv:sha256"
 ITERATION_TIME_="1000"
 ADDITIONAL_CRYPTSETUP_ARGS_=""
@@ -65,6 +66,7 @@ OPTIONS:
    -o         optimised initialisation mode (should be as secure as the default but faster)
    -y         verifies the passphrase by asking for it twice
    -f         force file overwriting in format mode and/or disable confirmation dialog
+   -F         only for action start: run fsck before mounting the filesystem. Use fsck's -f option if given twice.
    -m         additional arguments to mount
    -v         verbose (show what is going on, v++)
    -h         this help text
@@ -184,6 +186,11 @@ function actionStart
   $READONLY_SET_ && cargs_='--readonly'
   execute "$CRYPTSETUP_ $cargs_ luksOpen $TARGET_ $DM_NAME_" warn || execute "losetup -d $TARGET_" || \
     die "could not luksOpen $TARGET_"
+  if [[ "$FSCK_" == "true" ]] ; then
+    execute "fsck -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+  elif [[ "$FSCK_" == "trueforce" ]] ; then
+    execute "fsck -f -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+  fi
   margs_=""
   $READONLY_SET_ && margs_='-r'
   execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
@@ -262,13 +269,13 @@ function actionFormat
         execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
           die "could not initialise $TARGET_ with /dev/zero"
       else
-        if [[ $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+        if [[ $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
           echo "INSERCURE mode"
         else
           echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
         fi
-        execute "dd if=$OVERWRITE_SOURCE_DEV_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
-          die "could not initialise $TARGET_ with $OVERWRITE_SOURCE_DEV_"
+        execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
+          die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
       fi
     fi
 
@@ -276,7 +283,7 @@ function actionFormat
 
     # TARGET_ is now /dev/loop<x>
     execute "losetup $TARGET_ $ORIG_TARGET_" die
-    if [[ $OPTIMIZED_MODE_SET_ == 'true' || $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+    if [[ $OPTIMIZED_MODE_SET_ == 'true' || $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
       die "could not initialise the fist 2MB of $TARGET_ with /dev/urandom"
     fi
@@ -290,12 +297,12 @@ function actionFormat
       echo "optimised SECURE mode"
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" ||\
         die "could not initialise the first 2MB of $TARGET_ with /dev/urandom"
-    elif [[ $OVERWRITE_SOURCE_DEV_ != '/dev/zero' ]]; then
+    elif [[ $ENTROPY_SOURCE_ != '/dev/zero' ]]; then
       # default mode
-      echo "SECURE mode (taking $OVERWRITE_SOURCE_DEV_ as source, this could take some time)"
-      execute "dd if=$OVERWRITE_SOURCE_DEV_ of=$TARGET_ bs=1M &>/dev/null" #||\
+      echo "SECURE mode (taking $ENTROPY_SOURCE_ as source, this could take some time)"
+      execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M &>/dev/null" #||\
         # skipped because "no space left on device" from dd
-        # die "could not initialise $TARGET_ with $OVERWRITE_SOURCE_DEV_"
+        # die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
     else
       echo 'INSECURE mode (only initialising the fist 2MB with /dev/urandom)'
       execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
@@ -334,18 +341,24 @@ function actionFormat
 ### __MAIN
 ###
 
-while getopts "s:t:rzoyfm:hvS:C:I:A:" opt; do
+while getopts "s:t:rzoyfFm:hvS:C:I:A:" opt; do
   case "$opt" in
     s) SIZE_="$OPTARG"; SIZE_SET_='true' ;;
     t) FSTYPE_="$OPTARG" ;;
     r) READONLY_SET_='true' ;;
     z) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
-        OVERWRITE_SOURCE_DEV_='/dev/zero'
+        ENTROPY_SOURCE_='/dev/zero'
         warn 'initialising from INSECURE source /dev/zero' ;;
     o) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
         OPTIMIZED_MODE_SET_='true' ;;
     y) VERIFY_PW_="--verify-passphrase" ;;
     f) FORCE_='true' ;;
+    F) if [[ "$FSCK_" == "true" ]] ; then
+         FSCK_='trueforce'
+       else
+         FSCK_='true'
+       fi
+      ;;
     m) ADDITIONAL_MOUNT_ARGS_="$OPTARG" ;;
     h) printUsage; exit ;;
     v) let verbose_=$verbose_+1 ;;