blob: 855caccffd067388e84821537788978ab59e055b (
plain)
1 #!/usr/bin/env bash
2 set -euo pipefail
3 export IFS=$'\n\t'
4
5 #
6 # A script that handles basic crypttab functionality to mount encrypted volumes
7 # on execution.
8 #
9
10 TAB=/etc/crypttab
11
12 # Iterrates through all entries in crypttab with the purpose to close the
13 # decrypted block devices (typically at /dev/mapper/*).
14 #
15 # NOTE: If any of the listed encrypted devices are mounted, attempts to umount
16 # them first, since not doing so will cause the luksClose to hang.
17 destroy_entries() {
18 local dev=''
19 if [ ! -f "${TAB}" ]; then
20 printf 'Could not access %s.\n' "${TAB}"
21 exit 1
22 fi
23
24 # For each entry in crypttab
25 for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do
26 dev="${entry%% *}"
27 mount="${entry##* }"
28 mapper="${dev////_}"
29
30 printf '%s mounted at %s. Unmounting\n' "${dev}" "${mount}"
31
32 # Kill any running processes accessing mount point if lsof is available
33 if type lsof 2>/dev/null 1>/dev/null; then
34 for pid in $(lsof -t ${mntpoint}); do
35 pidstr=$(ps -f ${pid} | tail -n 1)
36 printf 'Halting %s %d\n' "${pid}" "${pidstr##* }"
37 kill "${pid}"
38 done
39 fi
40
41 umount -R "${mount}" || :
42
43 printf 'Closing cryptdevice %s (%s)\n' "${dev}" "${mapper}"
44 cryptsetup luksClose "${mapper}"
45 done
46 }
47
48
49 # Checks each device listed in the crypttab file for its current status
50 # (encrypted, or decrypted).
51 stat_entries() {
52 if [ ! -f "${TAB}" ]; then
53 printf 'Could not access %s.\n' "${TAB}"
54 exit 1
55 fi
56
57 # For each entry in crypttab
58 for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do
59 dev="${entry%% *}"
60 mapper="${dev////_}"
61
62 if [ -L "/dev/mapper/${mapper}" ]; then
63 printf '%s decrypted at /dev/mapper/%s\n' "${dev}" "${mapper}"
64 else
65 printf '%s not decrypted\n' "${_dev}"
66 fi
67 done < "${TAB}"
68 }
69
70 # Decrypts each encrypted device listed in crypttab
71 setup_entries() {
72 if [ ! -f "${TAB}" ]; then
73 printf 'Could not access %s.\n' "${TAB}"
74 exit 1
75 fi
76
77 for entry in "$(grep -v -e '^#' -e '^ *$' ${TAB})"; do
78 dev="${entry%% *}"
79 key=$(echo ${entry} | tr -s ' ' | cut -d ' ' -f 2)
80 mount="${entry##* }"
81 mapper="${dev////_}"
82
83 printf 'Decrypting %s using key %s.\n' "${dev}" "${key}"
84 cryptsetup luksOpen "${dev}" "${mapper}" --key-file "${key}"
85 printf 'Plaintext device is at /dev/mapper/%s\n' "${mapper}"
86
87 printf 'Mounting /dev/mapper/%s to %s\n' "${mapper}" "${mount}"
88 mount "/dev/mapper/${mapper}" "${mount}"
89 done
90 }
91
92
93 case "${1:-}" in
94 start)
95 setup_entries
96 mount -a
97 ;;
98 stop)
99 destroy_entries
100 ;;
101 status)
102 stat_entries
103 ;;
104 restart)
105 $0 stop
106 $0 start
107 ;;
108 *)
109 echo "usage: $0 [start|stop|restart|status]"
110 ;;
111 esac
|
