diff options
Diffstat (limited to 'crypttab')
-rwxr-xr-x | crypttab | 53 |
1 files changed, 25 insertions, 28 deletions
@@ -1,4 +1,7 @@ #!/usr/bin/env bash +set -euo pipefail +export IFS=$'\n\t' + # # A script that handles basic crypttab functionality to mount encrypted volumes # on execution. @@ -14,14 +17,14 @@ TAB=/etc/crypttab # them first, since not doing so will cause the luksClose to hang. # function destroy_entries { - if [[ ! -f ${TAB} ]]; then - echo "Could not access ${TAB}." + if [ ! -f "${TAB}" ]; then + printf 'Could not access %s.\n' "${tab}" exit 1 fi # For each entry in crypttab while read entry; do - local name=${entry%% *} + local name="${entry%% *}" # Unmount all mountpoins if mounted anywhere # Cryptsetup luksClose will repeatedly fail if the devices is mounted @@ -29,22 +32,21 @@ function destroy_entries { for i in "$(mount | grep /dev/mapper/${name})"; do local mntpoint=$(echo ${i} | tr -s ' ' | cut -d ' ' -f 3) # Skip if empty - [[ ${mntpoint} == '' ]] && continue + [ "${mntpoint}" == '' ] && continue - echo "${name} mounted at ${mntpoint}. Unmounting" + printf '%s mounted at %s. Unmounting\n' "${name}" "${mntpoint}" # Kill any running processes accessing mntpoint for pid in $(lsof -t ${mntpoint}); do pidstr=$(ps -f ${pid} | tail -n 1) - echo "Halting ${pid} ${pidstr##* }" - kill ${pid} + printf 'Halting %s %d\n' "${pid}" "${pidstr##* }" + kill "${pid}" done # Unmount - umount ${mntpoint} + umount "${mntpoint}" done - - cryptsetup luksClose ${name} + cryptsetup luksClose "${name}" done < "${TAB}" } @@ -56,8 +58,8 @@ function destroy_entries { function stat_entries { local _name # Name of the mount local _dev # Device to be decrypted - if [[ ! -f ${TAB} ]]; then - echo "Could not access ${TAB}." + if [ ! -f "${tab}" ]; then + printf 'Could not access %s.\n' "${tab}" exit 1 fi @@ -66,10 +68,10 @@ function stat_entries { _name=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 1) _dev=$(echo ${line} | tr -s ' ' | cut -d ' ' -f 2) - if [[ -L /dev/mapper/${_name} ]]; then - echo "${_name} (${_dev}) decrypted at /dev/mapper/${_name}" + if [ -L "/dev/mapper/${name}" ]; then + printf '%s decrypted at /dev/mapper/%s\n' "${_dev}" "${_name}" else - echo "${_name} (${_dev}) not decrypted." + printf '%s not decrypted\n' "${_dev}" fi done < "${TAB}" } @@ -82,8 +84,8 @@ function setup_entries { local _dev # Encrypted device path local _key # Encryption key to decrypt the device with - if [[ ! -f ${TAB} ]]; then - echo "Could not access ${TAB}." + if [ ! -f "${tab}" ]; then + printf 'Could not access %s.\n' "${tab}" exit 1 fi @@ -91,17 +93,12 @@ function setup_entries { _name=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 1) _dev=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2) _key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 3) - - # Skip any devices that are already decrypted - if [ -b "/dev/mapper/${_name}" ]; then - printf "Device ${_dev} already decrypted at /dev/mapper/${_name}.\n" - continue - fi - echo "Decrypting ${_dev} using key ${_key}." - echo "Plaintext device is at /dev/mapper/${_name}" - cryptsetup luksOpen ${_dev} ${_name} --key-file ${_key} - - done < "${TAB}" + + printf 'Decrypting %s using key %s.\n' "${_dev}" "${_key}" + printf 'Plaintext device is at /dev/mapper/%s\n' "${_name}" + cryptsetup luksOpen "${_dev}" "${_name}" --key-file "${_key}" + done + done < "${tab}" } |