summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcrypttab53
1 files changed, 25 insertions, 28 deletions
diff --git a/crypttab b/crypttab
index 706e2f1..8833a72 100755
--- a/crypttab
+++ b/crypttab
@@ -1,4 +1,7 @@
#!/usr/bin/env bash
+set -euo pipefail
+export IFS=$'\n\t'
+
#
# A script that handles basic crypttab functionality to mount encrypted volumes
# on execution.
@@ -14,14 +17,14 @@ TAB=/etc/crypttab
# them first, since not doing so will cause the luksClose to hang.
#
function destroy_entries {
- if [[ ! -f ${TAB} ]]; then
- echo "Could not access ${TAB}."
+ if [ ! -f "${TAB}" ]; then
+ printf 'Could not access %s.\n' "${tab}"
exit 1
fi
# For each entry in crypttab
while read entry; do
- local name=${entry%% *}
+ local name="${entry%% *}"
# Unmount all mountpoins if mounted anywhere
# Cryptsetup luksClose will repeatedly fail if the devices is mounted
@@ -29,22 +32,21 @@ function destroy_entries {
for i in "$(mount | grep /dev/mapper/${name})"; do
local mntpoint=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 3)
# Skip if empty
- [[ ${mntpoint} == '' ]] && continue
+ [ "${mntpoint}" == '' ] && continue
- echo "${name} mounted at ${mntpoint}. Unmounting"
+ printf '%s mounted at %s. Unmounting\n' "${name}" "${mntpoint}"
# Kill any running processes accessing mntpoint
for pid in $(lsof -t ${mntpoint}); do
pidstr=$(ps -f ${pid} | tail -n 1)
- echo "Halting ${pid} ${pidstr##* }"
- kill ${pid}
+ printf 'Halting %s %d\n' "${pid}" "${pidstr##* }"
+ kill "${pid}"
done
# Unmount
- umount ${mntpoint}
+ umount "${mntpoint}"
done
-
- cryptsetup luksClose ${name}
+ cryptsetup luksClose "${name}"
done < "${TAB}"
}
@@ -56,8 +58,8 @@ function destroy_entries {
function stat_entries {
local _name # Name of the mount
local _dev # Device to be decrypted
- if [[ ! -f ${TAB} ]]; then
- echo "Could not access ${TAB}."
+ if [ ! -f "${tab}" ]; then
+ printf 'Could not access %s.\n' "${tab}"
exit 1
fi
@@ -66,10 +68,10 @@ function stat_entries {
_name=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 1)
_dev=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 2)
- if [[ -L /dev/mapper/${_name} ]]; then
- echo "${_name} (${_dev}) decrypted at /dev/mapper/${_name}"
+ if [ -L "/dev/mapper/${name}" ]; then
+ printf '%s decrypted at /dev/mapper/%s\n' "${_dev}" "${_name}"
else
- echo "${_name} (${_dev}) not decrypted."
+ printf '%s not decrypted\n' "${_dev}"
fi
done < "${TAB}"
}
@@ -82,8 +84,8 @@ function setup_entries {
local _dev # Encrypted device path
local _key # Encryption key to decrypt the device with
- if [[ ! -f ${TAB} ]]; then
- echo "Could not access ${TAB}."
+ if [ ! -f "${tab}" ]; then
+ printf 'Could not access %s.\n' "${tab}"
exit 1
fi
@@ -91,17 +93,12 @@ function setup_entries {
_name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1)
_dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2)
_key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3)
-
- # Skip any devices that are already decrypted
- if [ -b "/dev/mapper/${_name}" ]; then
- printf "Device ${_dev} already decrypted at /dev/mapper/${_name}.\n"
- continue
- fi
- echo "Decrypting ${_dev} using key ${_key}."
- echo "Plaintext device is at /dev/mapper/${_name}"
- cryptsetup luksOpen ${_dev} ${_name} --key-file ${_key}
-
- done < "${TAB}"
+
+ printf 'Decrypting %s using key %s.\n' "${_dev}" "${_key}"
+ printf 'Plaintext device is at /dev/mapper/%s\n' "${_name}"
+ cryptsetup luksOpen "${_dev}" "${_name}" --key-file "${_key}"
+ done
+ done < "${tab}"
}

Generated by cgit