2020-05-20 10:35:37 +02:00
|
|
|
#!/bin/bash
|
2020-12-20 21:58:11 +01:00
|
|
|
# shellcheck disable=SC2015 # Deactivating bool hint
|
|
|
|
# shellcheck disable=SC2034 # Unused variables
|
|
|
|
# shellcheck disable=SC2154 # Referenced but not assigned
|
|
|
|
# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location.
|
|
|
|
# shellcheck disable=SC2001 # See if you can use ${variable//search/replace} instead
|
2020-12-20 22:17:07 +01:00
|
|
|
source "$(dirname "$(readlink -f "${0}")")/../../../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
2020-05-20 10:35:37 +02:00
|
|
|
|
2020-05-20 15:03:50 +02:00
|
|
|
set_device_mount_partition_and_mapper_paths(){
|
2020-05-20 10:35:37 +02:00
|
|
|
set_device_path &&
|
|
|
|
mapper_name="encrypteddrive-$device" &&
|
|
|
|
mapper_path="/dev/mapper/$mapper_name" &&
|
|
|
|
mount_path="/media/$mapper_name" &&
|
2020-05-20 15:03:50 +02:00
|
|
|
partition_path="$device_path""1" &&
|
2020-05-20 10:35:37 +02:00
|
|
|
info "mapper name set to : $mapper_name" &&
|
2020-12-20 21:16:56 +01:00
|
|
|
info "mapper path set to : $mapper_path" &&
|
2020-05-20 10:35:37 +02:00
|
|
|
info "mount path set to : $mount_path" ||
|
|
|
|
error
|
|
|
|
}
|
2020-12-20 21:16:56 +01:00
|
|
|
|
|
|
|
# @var $1 mapper_path
|
|
|
|
# @var $2 partition_path
|
|
|
|
create_luks_key_and_update_cryptab(){
|
|
|
|
LUKS_KEY_DIRECTORY="/etc/luks-keys/" &&
|
|
|
|
info "Creating luks-key-directory..." &&
|
|
|
|
sudo mkdir $LUKS_KEY_DIRECTORY || warning "Directory exists: $LUKS_KEY_DIRECTORY" || error
|
|
|
|
luks_key_name="$1.keyfile" &&
|
|
|
|
secret_key_path="$LUKS_KEY_DIRECTORY$luks_key_name" &&
|
|
|
|
info "Generate secret key under: $secret_key_path" || error
|
|
|
|
if [ -f "$secret_key_path" ]
|
|
|
|
then
|
2024-07-22 17:17:37 +02:00
|
|
|
warning "File already exists. Overwriting!"
|
2020-12-20 21:16:56 +01:00
|
|
|
fi
|
2020-12-20 21:58:11 +01:00
|
|
|
sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 &&
|
2024-07-22 17:17:37 +02:00
|
|
|
|
|
|
|
info "Opening and closing device to verify that everything works fine..." &&
|
|
|
|
sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." &&
|
2020-12-20 21:58:11 +01:00
|
|
|
sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" &&
|
|
|
|
sudo cryptsetup -v luksClose "$1" &&
|
2020-12-20 21:16:56 +01:00
|
|
|
info "Reading UUID..." &&
|
2020-12-20 21:58:11 +01:00
|
|
|
uuid_line=$(sudo cryptsetup luksDump "$2" | grep "UUID") &&
|
2020-12-20 21:16:56 +01:00
|
|
|
uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") &&
|
|
|
|
crypttab_path="/etc/crypttab" &&
|
|
|
|
crypttab_entry="$1 UUID=$uuid $secret_key_path luks" &&
|
|
|
|
info "Adding crypttab entry..." || error
|
|
|
|
if sudo grep -q "$crypttab_entry" "$crypttab_path";
|
|
|
|
then
|
2024-07-22 17:17:37 +02:00
|
|
|
warning "File $crypttab_path already contains the following entry:" &&
|
2020-12-20 21:16:56 +01:00
|
|
|
echo "$crypttab_entry" &&
|
|
|
|
info "Skipped." ||
|
|
|
|
error
|
|
|
|
else
|
|
|
|
sudo sh -c "echo '$crypttab_entry' >> $crypttab_path" ||
|
|
|
|
error
|
|
|
|
fi
|
|
|
|
|
|
|
|
info "The file $crypttab_path contains now the following:" &&
|
|
|
|
sudo cat $crypttab_path ||
|
|
|
|
error
|
|
|
|
}
|
|
|
|
|
2024-07-22 17:17:37 +02:00
|
|
|
|
2020-12-20 21:16:56 +01:00
|
|
|
# @var $1 mapper_name
|
|
|
|
# @var $2 mount_path
|
2020-12-23 19:33:10 +01:00
|
|
|
#
|
|
|
|
# If mount doesn't work adapt it manually to
|
|
|
|
# @see https://gist.github.com/MaxXor/ba1665f47d56c24018a943bb114640d7
|
2020-12-20 21:16:56 +01:00
|
|
|
update_fstab(){
|
|
|
|
fstab_path="/etc/fstab"
|
|
|
|
fstab_entry="$1 $2 btrfs defaults 0 2"
|
|
|
|
info "Adding fstab entry..."
|
|
|
|
if sudo grep -q "$fstab_entry" "$fstab_path"; then
|
|
|
|
warning "File $fstab_path contains allready a the following entry:" &&
|
|
|
|
echo "$fstab_entry" &&
|
|
|
|
info "Skipped." ||
|
|
|
|
error
|
|
|
|
else
|
|
|
|
sudo sh -c "echo '$fstab_entry' >> $fstab_path" ||
|
|
|
|
error
|
|
|
|
fi
|
|
|
|
|
|
|
|
info "The file $fstab_path contains now the following:" &&
|
|
|
|
sudo cat $fstab_path ||
|
|
|
|
error
|
|
|
|
}
|