diff options
| author | Aaron Ball <nullspoon@iohq.net> | 2016-01-31 09:04:49 +0000 |
|---|---|---|
| committer | Aaron Ball <nullspoon@iohq.net> | 2016-01-31 09:04:49 +0000 |
| commit | af8d9ac4311ddffe6619c6ff557500a9297e91b4 (patch) | |
| tree | b09455e42bfd971547a0d84be83f58cd6b287075 | |
| download | crypttab-af8d9ac4311ddffe6619c6ff557500a9297e91b4.tar.gz crypttab-af8d9ac4311ddffe6619c6ff557500a9297e91b4.tar.xz | |
Initial commit of crypttab
Currently supports a very basic crypttab text file (/etc/crypttab). Also
only supports luks devices. More support to be added later.
| -rwxr-xr-x | crypttab | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/crypttab b/crypttab new file mode 100755 index 0000000..a6a3b2d --- /dev/null +++ b/crypttab @@ -0,0 +1,104 @@ +#!/usr/bin/env bash +# +# A script that handles basic crypttab functionality to mount encrypted volumes +# on execution. +# + +tab=/etc/crypttab + +# +# Iterrates through all entries in crypttab with the purpose to close the +# decrypted block devices (typically at /dev/mapper/*). +# +# NOTE: If any of the listed encrypted devices are mounted, attempts to umount +# them first, since not doing so will cause the luksClose to hang. +# +function destroy_entries { + if [[ ! -f ${tab} ]]; then + echo "Could not access ${tab}." + exit 1 + fi + + # For each entry in crypttab + for i in "$(cat ${tab})"; do + name=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 1) + + # Unmount all mountpoins if mounted anywhere + # Cryptsetup luksClose will repeatedly fail if the devices is mounted + # anywhere, causing shutdowns to hang up. + for i in "$(mount | grep /dev/mapper/${name})"; do + mntpoint=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 3) + # Skip if empty + [[ ${mntpoint} == '' ]] && continue + + echo "${name} mounted at ${mntpoint}. Unmounting" + umount ${mntpoint} + done + + cryptsetup luksClose ${name} + done +} + + +# +# Checks each device listed in the crypttab file for its current status +# (encrypted, or decrypted). +# +function stat_entries { + if [[ ! -f ${tab} ]]; then + echo "Could not access ${tab}." + exit 1 + fi + + # For each entry in crypttab + for i in "$(cat ${tab})"; do + name=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 1) + dev=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 2) + + if [[ -L /dev/mapper/${name} ]]; then + echo "${dev} decrypted at /dev/mapper/${name}" + else + echo "${dev} not decrypted." + fi + done +} + +# +# Decrypts each encrypted device listed in crypttab +# +function setup_entries { + if [[ ! -f ${tab} ]]; then + echo "Could not access ${tab}." + exit 1 + fi + + for i in "$(cat ${tab})"; do + name=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 1) + dev=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 2) + key=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 3) + + echo "Decrypting ${dev} using key ${key}." + echo "Plaintext device is at /dev/mapper/${name}" + cryptsetup luksOpen ${dev} ${name} --key-file ${key} + done +} + + +case $1 in +start) + setup_entries + ;; +stop) + destroy_entries + ;; +status) + stat_entries + ;; +restart) + $0 stop + $0 start + ;; +*) + echo "usage: $0 [start|stop|restart|status]" + ;; +esac |