summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAaron Ball <nullspoon@oper.io>2017-09-26 09:31:20 -0600
committerAaron Ball <nullspoon@oper.io>2017-09-26 09:31:20 -0600
commit30a84a1bbfbf8afc6aa8532ec61a272f13332a57 (patch)
tree48f63093ad2997a7890f468acf56ea70455548b5
parentd82567d46d5df4e3fed100713caca944cccf3637 (diff)
downloadcrypttab-30a84a1bbfbf8afc6aa8532ec61a272f13332a57.tar.gz
crypttab-30a84a1bbfbf8afc6aa8532ec61a272f13332a57.tar.xz
Fixed support for multiline crypttab files
Was parsing all lines in the crypttab file as the same line, causing any line beyond the first to be ignored. Also updated global variable tab to be all caps to better indicate that it is a global.
-rwxr-xr-xcrypttab62
1 files changed, 37 insertions, 25 deletions
diff --git a/crypttab b/crypttab
index c8bfae6..706e2f1 100755
--- a/crypttab
+++ b/crypttab
@@ -4,7 +4,7 @@
# on execution.
#
-tab=/etc/crypttab
+TAB=/etc/crypttab
#
# Iterrates through all entries in crypttab with the purpose to close the
@@ -14,13 +14,13 @@ tab=/etc/crypttab
# them first, since not doing so will cause the luksClose to hang.
#
function destroy_entries {
- if [[ ! -f ${tab} ]]; then
- echo "Could not access ${tab}."
+ if [[ ! -f ${TAB} ]]; then
+ echo "Could not access ${TAB}."
exit 1
fi
# For each entry in crypttab
- for entry in "$(cat ${tab})"; do
+ while read entry; do
local name=${entry%% *}
# Unmount all mountpoins if mounted anywhere
@@ -45,7 +45,7 @@ function destroy_entries {
done
cryptsetup luksClose ${name}
- done
+ done < "${TAB}"
}
@@ -54,42 +54,54 @@ function destroy_entries {
# (encrypted, or decrypted).
#
function stat_entries {
- if [[ ! -f ${tab} ]]; then
- echo "Could not access ${tab}."
+ local _name # Name of the mount
+ local _dev # Device to be decrypted
+ if [[ ! -f ${TAB} ]]; then
+ echo "Could not access ${TAB}."
exit 1
fi
# For each entry in crypttab
- for i in "$(cat ${tab})"; do
- name=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 1)
- dev=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 2)
+ while read line; do
+ _name=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 1)
+ _dev=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 2)
- if [[ -L /dev/mapper/${name} ]]; then
- echo "${dev} decrypted at /dev/mapper/${name}"
+ if [[ -L /dev/mapper/${_name} ]]; then
+ echo "${_name} (${_dev}) decrypted at /dev/mapper/${_name}"
else
- echo "${dev} not decrypted."
+ echo "${_name} (${_dev}) not decrypted."
fi
- done
+ done < "${TAB}"
}
#
# Decrypts each encrypted device listed in crypttab
#
function setup_entries {
- if [[ ! -f ${tab} ]]; then
- echo "Could not access ${tab}."
+ local _name # Name of the encrypted mount
+ local _dev # Encrypted device path
+ local _key # Encryption key to decrypt the device with
+
+ if [[ ! -f ${TAB} ]]; then
+ echo "Could not access ${TAB}."
exit 1
fi
- for entry in "$(cat ${tab})"; do
- name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1)
- dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2)
- key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3)
-
- echo "Decrypting ${dev} using key ${key}."
- echo "Plaintext device is at /dev/mapper/${name}"
- cryptsetup luksOpen ${dev} ${name} --key-file ${key}
- done
+ while read entry; do
+ _name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1)
+ _dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2)
+ _key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3)
+
+ # Skip any devices that are already decrypted
+ if [ -b "/dev/mapper/${_name}" ]; then
+ printf "Device ${_dev} already decrypted at /dev/mapper/${_name}.\n"
+ continue
+ fi
+ echo "Decrypting ${_dev} using key ${_key}."
+ echo "Plaintext device is at /dev/mapper/${_name}"
+ cryptsetup luksOpen ${_dev} ${_name} --key-file ${_key}
+
+ done < "${TAB}"
}

Generated by cgit