diff options
| -rw-r--r-- | Makefile | 4 | ||||
| -rwxr-xr-x | crypttab | 90 | ||||
| -rw-r--r-- | crypttab.example | 4 |
3 files changed, 47 insertions, 51 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8a7c7a3 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +PREFIX ?= /usr +install: + install -D -m 755 crypttab "$(DESTDIR)$(PREFIX)/crypttab" + install -D -m 640 crypttab.example "$(DESTDIR)/etc/crypttab" @@ -9,100 +9,88 @@ export IFS=$'\n\t' TAB=/etc/crypttab -# # Iterrates through all entries in crypttab with the purpose to close the # decrypted block devices (typically at /dev/mapper/*). # # NOTE: If any of the listed encrypted devices are mounted, attempts to umount # them first, since not doing so will cause the luksClose to hang. -# -function destroy_entries { +destroy_entries() { + local dev='' if [ ! -f "${TAB}" ]; then - printf 'Could not access %s.\n' "${tab}" + printf 'Could not access %s.\n' "${TAB}" exit 1 fi # For each entry in crypttab - while read entry; do - local name="${entry%% *}" + for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do + dev="${entry%% *}" + mount="${entry##* }" + mapper="${dev////_}" - # Unmount all mountpoins if mounted anywhere - # Cryptsetup luksClose will repeatedly fail if the devices is mounted - # anywhere, causing shutdowns to hang up. - for i in "$(mount | grep /dev/mapper/${name})"; do - local mntpoint=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 3) - # Skip if empty - [ "${mntpoint}" == '' ] && continue + printf '%s mounted at %s. Unmounting\n' "${dev}" "${mount}" - printf '%s mounted at %s. Unmounting\n' "${name}" "${mntpoint}" - - # Kill any running processes accessing mntpoint + # Kill any running processes accessing mount point if lsof is available + if type lsof 2>/dev/null 1>/dev/null; then for pid in $(lsof -t ${mntpoint}); do pidstr=$(ps -f ${pid} | tail -n 1) printf 'Halting %s %d\n' "${pid}" "${pidstr##* }" kill "${pid}" done + fi - # Unmount - umount "${mntpoint}" - done - cryptsetup luksClose "${name}" - done < "${TAB}" + umount -R "${mount}" || : + + printf 'Closing cryptdevice %s (%s)\n' "${dev}" "${mapper}" + cryptsetup luksClose "${mapper}" + done } -# # Checks each device listed in the crypttab file for its current status # (encrypted, or decrypted). -# -function stat_entries { - local _name # Name of the mount - local _dev # Device to be decrypted - if [ ! -f "${tab}" ]; then - printf 'Could not access %s.\n' "${tab}" +stat_entries() { + if [ ! -f "${TAB}" ]; then + printf 'Could not access %s.\n' "${TAB}" exit 1 fi # For each entry in crypttab - while read line; do - _name=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 1) - _dev=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 2) + for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do + dev="${entry%% *}" + mapper="${dev////_}" - if [ -L "/dev/mapper/${name}" ]; then - printf '%s decrypted at /dev/mapper/%s\n' "${_dev}" "${_name}" + if [ -L "/dev/mapper/${mapper}" ]; then + printf '%s decrypted at /dev/mapper/%s\n' "${dev}" "${mapper}" else printf '%s not decrypted\n' "${_dev}" fi done < "${TAB}" } -# # Decrypts each encrypted device listed in crypttab -# -function setup_entries { - local _name # Name of the encrypted mount - local _dev # Encrypted device path - local _key # Encryption key to decrypt the device with - - if [ ! -f "${tab}" ]; then - printf 'Could not access %s.\n' "${tab}" +setup_entries() { + if [ ! -f "${TAB}" ]; then + printf 'Could not access %s.\n' "${TAB}" exit 1 fi - while read entry; do - _name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1) - _dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2) - _key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3) + for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do + dev="${entry%% *}" + key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2) + mount="${entry##* }" + mapper="${dev////_}" - printf 'Decrypting %s using key %s.\n' "${_dev}" "${_key}" - printf 'Plaintext device is at /dev/mapper/%s\n' "${_name}" - cryptsetup luksOpen "${_dev}" "${_name}" --key-file "${_key}" + printf 'Decrypting %s using key %s.\n' "${dev}" "${key}" + cryptsetup luksOpen "${dev}" "${mapper}" --key-file "${key}" + printf 'Plaintext device is at /dev/mapper/%s\n' "${mapper}" + + printf 'Mounting /dev/mapper/%s to %s\n' "${mapper}" "${mount}" + mount "/dev/mapper/${mapper}" "${mount}" done - done < "${tab}" } -case $1 in +case "${1:-}" in start) setup_entries mount -a diff --git a/crypttab.example b/crypttab.example new file mode 100644 index 0000000..07b2586 --- /dev/null +++ b/crypttab.example @@ -0,0 +1,4 @@ +# +# /etc/crypttab: Crypttab file system information +# +# <crypt_device> <key_path> <mount_path> |