DM_PREFIX_="grml-crypt_"
FORCE_='false'
FSCK_='false'
+FSCK_EXTRA_OPTS_=""
ENTROPY_SOURCE_='/dev/urandom'
OPTIMIZED_MODE_SET_='false'
OPTIMIZING_LEVEL_=0
READONLY_SET_='false'
ADDITIONAL_MOUNT_ARGS_=""
BATCH_MODE_="--batch-mode"
+PV_='/usr/bin/pv'
###
### __FUNCTIONS
-o optimised initialisation mode (should be as secure as the default but faster)
-y verifies the passphrase by asking for it twice
-f force file overwriting in format mode and/or disable confirmation dialog
- -F only for action start: run fsck before mounting the filesystem. Use fsck's -f option if given twice.
+ -F only for action start: run fsck before mounting the filesystem.
+ Use fsck's -f option if given twice.
+ -X Read next argument as a list of options to pass to fsck:
+ 'grml-crypt -FF -X "-y -T" start /dev/ice' will run fsck with options -y and -T.
-m additional arguments to mount
-v verbose (show what is going on, v++)
-h this help text
Format a device or a file (is created with the given size if it
does not exist) with the given filesystem and mount it, if a
mountpoint was given.
- start <device/file> <mountpoint>
- Mount the device/file in the mountpoint.
+ start <device/file> [mountpoint]
+ Mount the device/file in the mountpoint or to a default mountpoint.
stop <mountpoint>
Umount the given mountpoint (umount, luksClose, losetup -d)
{
type_="$1" # could be donothing or init
ret_=0
+ local ddcmd_="dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null"
+ if [[ -x "$PV_" && $verbose_ -ge 3 ]] ; then
+ ddcmd_="dd if=/dev/zero bs=1M 2>/dev/null | $PV_ | dd of=$DM_PATH_ bs=1M &>/dev/null"
+ fi
args_="$VERIFY_PW_ $BATCH_MODE_ --key-size $CIPHER_SIZE_ --cipher $CIPHER_ --iter-time $ITERATION_TIME_ $ADDITIONAL_CRYPTSETUP_ARGS_"
#args_=`echo "$args_" |tr -s ' '`
if [[ $type_ == 'init' && $OPTIMIZED_MODE_SET_ == 'true' ]]; then
echo "finishing optimised initialisation (this could take some time)"
# FIXME
- execute "dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null" # || \
+ execute "$ddcmd_" # || \
# warn "could not finish optimised initialisation properly"
ret_=$?
# cutted out because of no space left on device error :(
{
ret_=0
- # no mountpoint, by-by
if [[ "$MOUNT_POINT_" == "" ]]; then
- printUsage
- die 'no mountpoint given'
- fi
- if [ ! -d "$MOUNT_POINT_" ]; then
- die "mountpoint $MOUNT_POINT_ does not exist"
+ MOUNT_POINT_="/media/$DM_NAME_"
+ else
+ # error out if mountpoint was given but doesn't exist
+ if [ ! -d "$MOUNT_POINT_" ]; then
+ die "mountpoint $MOUNT_POINT_ does not exist"
+ fi
fi
# removed due to unionfs problem isLuks does not work with filesystem images
# without losetup
execute "$CRYPTSETUP_ $cargs_ luksOpen $TARGET_ $DM_NAME_" warn || execute "losetup -d $TARGET_" || \
die "could not luksOpen $TARGET_"
if [[ "$FSCK_" == "true" ]] ; then
- execute "fsck -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+ execute "fsck $FSCK_EXTRA_OPTS_ -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
elif [[ "$FSCK_" == "trueforce" ]] ; then
- execute "fsck -f -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
+ execute "fsck -f $FSCK_EXTRA_OPTS_ -C $DM_PATH_" || die "fsck failed on $DM_PATH_"
fi
margs_=""
$READONLY_SET_ && margs_='-r'
+ # mountpoint was not given so we use the default one which we need to create first
+ if [ ! -d "$MOUNT_POINT_" ]; then
+ execute "mkdir -p '$MOUNT_POINT_'" || die "failed to create mountpoint $MOUNT_POINT_"
+ fi
+ udevadm settle
execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
}
dprint "dm_path_=\"$dm_path_\""
# check for symlinks
+ unset tmp_dm_path_
for dmapper in /dev/mapper/grml-crypt* ; do
link=$(readlink -f "$dmapper")
dprint "looping device mapper devices, dmapper=$dmapper => link=$link"
if [ -n "$tmp_dm_path_" ] ; then
dm_path_="$tmp_dm_path_"
+ unset tmp_dm_path_
fi
dm_name_="${dm_path_##*/}"
dprint "device_=\"$device_\""
execute "umount $dm_path_" die "could not unmount $device_"
+ if [[ "$MOUNT_POINT_" == "/media/$dm_name_" ]]; then
+ rmdir "$MOUNT_POINT_"
+ fi
execute "$CRYPTSETUP_ luksClose $dm_name_" die "could not close $dm_path_"
echo "$device_" |grep loop &>/dev/null && execute "losetup -d $device_" \
die "could not delete loop device $device_" || \
IS_IMAGE_='false'
ret_=0
init_='init'
+ local ddcmd_
if (( $SIZE_ < 3 )); then
die "the minimum size of an encrypted luks partition should be 2"
elif [[ $ENTROPY_SOURCE_ != '/dev/zero' ]]; then
# default mode
echo "SECURE mode (taking $ENTROPY_SOURCE_ as source, this could take some time)"
- execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M &>/dev/null" #||\
+ ddcmd_="dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M &>/dev/null"
+ if [[ -x "$PV_" && $verbose_ -ge 3 ]] ; then
+ ddcmd_="dd if=$ENTROPY_SOURCE_ bs=1M 2>/dev/null | $PV_ | dd of=$TARGET_ bs=1M &>/dev/null"
+ fi
+ execute "$ddcmd_" # ||\
# skipped because "no space left on device" from dd
# die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
else
### __MAIN
###
-while getopts "s:t:rzoyfFm:hvS:C:I:A:" opt; do
+while getopts "s:t:rzoyfFm:hvS:C:I:A:X:" opt; do
case "$opt" in
s) SIZE_="$OPTARG"; SIZE_SET_='true' ;;
t) FSTYPE_="$OPTARG" ;;
FSCK_='true'
fi
;;
+ X) FSCK_EXTRA_OPTS_="$OPTARG" ;;
m) ADDITIONAL_MOUNT_ARGS_="$OPTARG" ;;
h) printUsage; exit ;;
v) let verbose_=$verbose_+1 ;;
fi
TARGET_="$2"
-MKFS_="/sbin/mkfs.$FSTYPE_"
-if [ ! -x "$MKFS_" ]; then
+MKFS_="`which mkfs.$FSTYPE_`"
+if [ $? != "0" ]; then
die "invalid filesystem type \"$FSTYPE_\"" 1
fi
projects / grml-crypt.git / blobdiff