From 7a0512e1ae21b47f051307119fbba6afe9cbbf63 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Fri, 13 Nov 2020 13:18:24 +0100 Subject: [PATCH 01/17] Adapted folder structure --- scripts/data/import-from-system.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/data/import-from-system.sh b/scripts/data/import-from-system.sh index 6bffa2a..96404c5 100644 --- a/scripts/data/import-from-system.sh +++ b/scripts/data/import-from-system.sh @@ -15,9 +15,8 @@ declare -a BACKUP_LIST=("$HOME/.ssh/" \ "$HOME/.local/share/rhythmbox/rhythmdb.xml" \ "$HOME/.config/keepassxc/keepassxc.ini" \ "$HOME/Documents/certificates/" \ - "$HOME/Documents/recovery_codes/" \ + "$HOME/Documents/security/" \ "$HOME/Documents/identity/" \ - "$HOME/Documents/passwords/" \ "$HOME/Documents/health/" \ "$HOME/Documents/licenses/"); From 04fc26d01b93a8e895e19c7d40dd69971c99df0d Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Thu, 10 Dec 2020 15:02:25 +0100 Subject: [PATCH 02/17] Added dropbox support --- configuration/packages/client/yay/general.txt | 2 ++ configuration/packages/client/yay/gnome.txt | 1 + scripts/client/setup.sh | 3 ++- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 configuration/packages/client/yay/gnome.txt diff --git a/configuration/packages/client/yay/general.txt b/configuration/packages/client/yay/general.txt index 808396d..b3c351e 100644 --- a/configuration/packages/client/yay/general.txt +++ b/configuration/packages/client/yay/general.txt @@ -10,3 +10,5 @@ eclipse-java ccls # office ttf-ms-fonts +#cloud +dropbox diff --git a/configuration/packages/client/yay/gnome.txt b/configuration/packages/client/yay/gnome.txt new file mode 100644 index 0000000..bc95204 --- /dev/null +++ b/configuration/packages/client/yay/gnome.txt @@ -0,0 +1 @@ +nautilus-dropbox diff --git a/scripts/client/setup.sh b/scripts/client/setup.sh index f5f3cfc..cfeeb1f 100644 --- a/scripts/client/setup.sh +++ b/scripts/client/setup.sh @@ -152,7 +152,8 @@ install_gnome_extension(){ if [ "$DESKTOP_SESSION" == "gnome" ]; then info "Synchronizing gnome tools..." && - sudo pacman -S "$(get_packages 'client/pacman/gnome')" || error "Syncronisation failed." + sudo pacman -S "$(get_packages 'client/pacman/gnome')" && + install_yay_packages_if_needed "$(get_packages "client/yay/gnome")" || error "Syncronisation failed." info "Setting up gnome dash favourites..." && gsettings set org.gnome.shell favorite-apps "['org.gnome.Nautilus.desktop', 'org.gnome.Terminal.desktop', From bc1b9e84a77c389c81ebe2aa07251fe2b0451640 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 21:16:56 +0100 Subject: [PATCH 03/17] Implemented raid1 luks encrypted draft --- scripts/encryption/storage/Readme.md | 2 + scripts/encryption/storage/base.sh | 63 ++++++++++++++++- scripts/encryption/storage/mount_on_boot.sh | 70 ------------------- scripts/encryption/storage/raid1/base.sh | 16 +++++ .../encryption/storage/raid1/mount_on_boot.sh | 7 ++ scripts/encryption/storage/raid1/setup.sh | 20 ++++++ .../encryption/storage/single_drive/base.sh | 2 + .../storage/{ => single_drive}/mount.sh | 0 .../storage/single_drive/mount_on_boot.sh | 11 +++ .../storage/{ => single_drive}/setup.sh | 1 + .../storage/{ => single_drive}/umount.sh | 0 11 files changed, 121 insertions(+), 71 deletions(-) create mode 100644 scripts/encryption/storage/Readme.md delete mode 100644 scripts/encryption/storage/mount_on_boot.sh create mode 100644 scripts/encryption/storage/raid1/base.sh create mode 100644 scripts/encryption/storage/raid1/mount_on_boot.sh create mode 100644 scripts/encryption/storage/raid1/setup.sh create mode 100644 scripts/encryption/storage/single_drive/base.sh rename scripts/encryption/storage/{ => single_drive}/mount.sh (100%) create mode 100644 scripts/encryption/storage/single_drive/mount_on_boot.sh rename scripts/encryption/storage/{ => single_drive}/setup.sh (99%) rename scripts/encryption/storage/{ => single_drive}/umount.sh (100%) diff --git a/scripts/encryption/storage/Readme.md b/scripts/encryption/storage/Readme.md new file mode 100644 index 0000000..844fec9 --- /dev/null +++ b/scripts/encryption/storage/Readme.md @@ -0,0 +1,2 @@ +# Storage +For security reasons storages **SHOULD** be encrypted with [LUKS](https://de.wikipedia.org/wiki/Dm-crypt#Erweiterung_mit_LUKS). To keep it standardized and easy this scripts will use [btrfs](https://de.wikipedia.org/wiki/Btrfs) as file system. diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 11ca9c4..069ccbe 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -8,7 +8,68 @@ set_device_mount_partition_and_mapper_paths(){ mount_path="/media/$mapper_name" && partition_path="$device_path""1" && info "mapper name set to : $mapper_name" && - info "mapper path set to : $mapper_path" || + info "mapper path set to : $mapper_path" && info "mount path set to : $mount_path" || error } + +# @var $1 mapper_path +# @var $2 partition_path +create_luks_key_and_update_cryptab(){ + LUKS_KEY_DIRECTORY="/etc/luks-keys/" && + info "Creating luks-key-directory..." && + sudo mkdir $LUKS_KEY_DIRECTORY || warning "Directory exists: $LUKS_KEY_DIRECTORY" || error + luks_key_name="$1.keyfile" && + secret_key_path="$LUKS_KEY_DIRECTORY$luks_key_name" && + info "Generate secret key under: $secret_key_path" || error + if [ -f "$secret_key_path" ] + then + warning "File allready exist. Overwritting!" + fi + sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && + sudo cryptsetup -v luksAddKey $2 $secret_key_path && + info "Opening and closing device to verify that that everything works fine..." && + sudo cryptsetup -v luksOpen $2 $1 --key-file=$secret_key_path && + sudo cryptsetup -v luksClose $1 && + info "Reading UUID..." && + uuid_line=$(sudo cryptsetup luksDump $2 | grep "UUID") && + uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") && + crypttab_path="/etc/crypttab" && + crypttab_entry="$1 UUID=$uuid $secret_key_path luks" && + info "Adding crypttab entry..." || error + if sudo grep -q "$crypttab_entry" "$crypttab_path"; + then + warning "File $crypttab_path contains allready a the following entry:" && + echo "$crypttab_entry" && + info "Skipped." || + error + else + sudo sh -c "echo '$crypttab_entry' >> $crypttab_path" || + error + fi + + info "The file $crypttab_path contains now the following:" && + sudo cat $crypttab_path || + error +} + +# @var $1 mapper_name +# @var $2 mount_path +update_fstab(){ + fstab_path="/etc/fstab" + fstab_entry="$1 $2 btrfs defaults 0 2" + info "Adding fstab entry..." + if sudo grep -q "$fstab_entry" "$fstab_path"; then + warning "File $fstab_path contains allready a the following entry:" && + echo "$fstab_entry" && + info "Skipped." || + error + else + sudo sh -c "echo '$fstab_entry' >> $fstab_path" || + error + fi + + info "The file $fstab_path contains now the following:" && + sudo cat $fstab_path || + error +} diff --git a/scripts/encryption/storage/mount_on_boot.sh b/scripts/encryption/storage/mount_on_boot.sh deleted file mode 100644 index 7de0674..0000000 --- a/scripts/encryption/storage/mount_on_boot.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) -echo "Automount encrypted storages" -echo -set_device_mount_partition_and_mapper_paths - -info "Creating key luks-key-directory..." && -key_directory="/etc/luks-keys/" && -sudo mkdir $key_directory || warning "Directory exists: $key_directory" -luks_key_name="$mapper_name""_name_secret_key" && -secret_key_path="$key_directory$luks_key_name" && -info "Generate secret key under: $secret_key_path" && -if [ -f "$secret_key_path" ] - then - warning "File allready exist. Overwritting!" -fi -sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && -sudo cryptsetup -v luksAddKey $partition_path $secret_key_path || -error - -info "Opening and closing device to verify that that everything works fine..." && -sudo cryptsetup -v luksOpen $partition_path $mapper_name --key-file=$secret_key_path && -sudo cryptsetup -v luksClose $mapper_name || -error - -info "Reading UUID..." -uuid_line=$(sudo cryptsetup luksDump $partition_path | grep "UUID") && -uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") || -error - -crypttab_path="/etc/crypttab" -crypttab_entry="$mapper_name UUID=$uuid $secret_key_path luks" -info "Adding crypttab entry..." -if sudo grep -q "$crypttab_entry" "$crypttab_path"; - then - warning "File $crypttab_path contains allready a the following entry:" && - echo "$crypttab_entry" && - info "Skipped." || - error - else - sudo sh -c "echo '$crypttab_entry' >> $crypttab_path" || - error -fi - -info "The file $crypttab_path contains now the following:" && -sudo cat $crypttab_path || -error - -# info "Verifying crypttab configuration..." && -# sudo cryptdisks_start $mapper_name || -# error - -fstab_path="/etc/fstab" -fstab_entry="$mapper_path $mount_path btrfs defaults 0 2" -info "Adding fstab entry..." -if sudo grep -q "$fstab_entry" "$fstab_path"; then - warning "File $crypttab_path contains allready a the following entry:" && - echo "$fstab_entry" && - info "Skipped." || - error -else - sudo sh -c "echo '$fstab_entry' >> $fstab_path" || - error -fi - -info "The file $fstab_path contains now the following:" && -sudo cat $fstab_path || -error - -success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/raid1/base.sh b/scripts/encryption/storage/raid1/base.sh new file mode 100644 index 0000000..da70cf6 --- /dev/null +++ b/scripts/encryption/storage/raid1/base.sh @@ -0,0 +1,16 @@ +#!/bin/bash +source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) +set_raid1_devices_mount_partition_and_mapper_paths(){ + info "RAID1 partition 1..." && + set_device_mount_partition_and_mapper_paths && + partition_path_1=$partition_path && + mapper_name_1=$mapper_name && + mapper_path_1=$mapper_path && + mount_path_1=$mount_path && + info "RAID1 partition 2..." && + set_device_mount_partition_and_mapper_paths && + partition_path_2=$partition_path && + mapper_name_2=$mapper_name && + mapper_path_2=$mapper_path && + mount_path_2=$mount_path || error +} diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh new file mode 100644 index 0000000..090ba7c --- /dev/null +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -0,0 +1,7 @@ +#!/bin/bash +source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) +info "Automount raid1 encrypted storages..." +create_luks_key_and_update_cryptab $mapper_name_1 $partition_path_1 +create_luks_key_and_update_cryptab $mapper_name_2 $partition_path_2 +update_fstab $mapper_path_1 $mount_path_1 +success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/raid1/setup.sh b/scripts/encryption/storage/raid1/setup.sh new file mode 100644 index 0000000..991b169 --- /dev/null +++ b/scripts/encryption/storage/raid1/setup.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# @author Kevin Veen-Birkenbach [kevin@veen.world] +# @see https://balaskas.gr/btrfs/raid1.html +# @see https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1/ +source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) + +set_raid1_devices_mount_partition_and_mapper_paths + +info "Encrypting $partition_path_1..." && +cryptsetup luksFormat $partition_path_1 && +info "Encrypting $partition_path_2..." && +cryptsetup luksFormat $partition_path_2 && +blkid | tail -2 && +cryptsetup luksOpen $partition_path_1 $mapper_name_1 && +cryptsetup luksOpen $partition_path_2 $mapper_name_2 && +cryptsetup status $mapper_path_1 && +cryptsetup status $mapper_path_2 && +mkfs.btrfs -L $label -m raid1 -d raid1 $mapper_path_1 $mapper_path_2 && +success "Encryption successfull :)" || +error diff --git a/scripts/encryption/storage/single_drive/base.sh b/scripts/encryption/storage/single_drive/base.sh new file mode 100644 index 0000000..9b74781 --- /dev/null +++ b/scripts/encryption/storage/single_drive/base.sh @@ -0,0 +1,2 @@ +#!/bin/bash +source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) diff --git a/scripts/encryption/storage/mount.sh b/scripts/encryption/storage/single_drive/mount.sh similarity index 100% rename from scripts/encryption/storage/mount.sh rename to scripts/encryption/storage/single_drive/mount.sh diff --git a/scripts/encryption/storage/single_drive/mount_on_boot.sh b/scripts/encryption/storage/single_drive/mount_on_boot.sh new file mode 100644 index 0000000..1a39f2f --- /dev/null +++ b/scripts/encryption/storage/single_drive/mount_on_boot.sh @@ -0,0 +1,11 @@ +#!/bin/bash +source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) +echo "Automount encrypted storages" +echo +set_device_mount_partition_and_mapper_paths + +create_luks_key_and_update_cryptab $mapper_name $partition_path + +update_fstab $mapper_path $mount_path + +success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/setup.sh b/scripts/encryption/storage/single_drive/setup.sh similarity index 99% rename from scripts/encryption/storage/setup.sh rename to scripts/encryption/storage/single_drive/setup.sh index fdd7b78..e79703e 100644 --- a/scripts/encryption/storage/setup.sh +++ b/scripts/encryption/storage/single_drive/setup.sh @@ -1,3 +1,4 @@ +#!/bin/bash source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Setups disk encryption" diff --git a/scripts/encryption/storage/umount.sh b/scripts/encryption/storage/single_drive/umount.sh similarity index 100% rename from scripts/encryption/storage/umount.sh rename to scripts/encryption/storage/single_drive/umount.sh From fa8c972296518f2850b3d3180880d0b67b6e259b Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 21:58:11 +0100 Subject: [PATCH 04/17] Optimized shellcheck hints --- scripts/encryption/storage/Readme.md | 2 ++ scripts/encryption/storage/base.sh | 15 ++++++++++----- scripts/encryption/storage/raid1/base.sh | 4 ++++ .../encryption/storage/raid1/mount_on_boot.sh | 8 +++++--- scripts/encryption/storage/raid1/setup.sh | 17 ++++++++++------- scripts/encryption/storage/single_drive/base.sh | 1 + .../encryption/storage/single_drive/mount.sh | 7 +++++-- .../storage/single_drive/mount_on_boot.sh | 6 ++++-- .../encryption/storage/single_drive/setup.sh | 15 +++++++++------ .../encryption/storage/single_drive/umount.sh | 7 +++++-- 10 files changed, 55 insertions(+), 27 deletions(-) diff --git a/scripts/encryption/storage/Readme.md b/scripts/encryption/storage/Readme.md index 844fec9..db33164 100644 --- a/scripts/encryption/storage/Readme.md +++ b/scripts/encryption/storage/Readme.md @@ -1,2 +1,4 @@ # Storage For security reasons storages **SHOULD** be encrypted with [LUKS](https://de.wikipedia.org/wiki/Dm-crypt#Erweiterung_mit_LUKS). To keep it standardized and easy this scripts will use [btrfs](https://de.wikipedia.org/wiki/Btrfs) as file system. + +@todo create mount folder diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 069ccbe..9141734 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -1,4 +1,9 @@ #!/bin/bash +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2034 # Unused variables +# shellcheck disable=SC2154 # Referenced but not assigned +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2001 # See if you can use ${variable//search/replace} instead source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1) set_device_mount_partition_and_mapper_paths(){ @@ -26,13 +31,13 @@ create_luks_key_and_update_cryptab(){ then warning "File allready exist. Overwritting!" fi - sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && - sudo cryptsetup -v luksAddKey $2 $secret_key_path && + sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && + sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && info "Opening and closing device to verify that that everything works fine..." && - sudo cryptsetup -v luksOpen $2 $1 --key-file=$secret_key_path && - sudo cryptsetup -v luksClose $1 && + sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && + sudo cryptsetup -v luksClose "$1" && info "Reading UUID..." && - uuid_line=$(sudo cryptsetup luksDump $2 | grep "UUID") && + uuid_line=$(sudo cryptsetup luksDump "$2" | grep "UUID") && uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") && crypttab_path="/etc/crypttab" && crypttab_entry="$1 UUID=$uuid $secret_key_path luks" && diff --git a/scripts/encryption/storage/raid1/base.sh b/scripts/encryption/storage/raid1/base.sh index da70cf6..256b2d9 100644 --- a/scripts/encryption/storage/raid1/base.sh +++ b/scripts/encryption/storage/raid1/base.sh @@ -1,4 +1,8 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2034 # Unused variables +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) set_raid1_devices_mount_partition_and_mapper_paths(){ info "RAID1 partition 1..." && diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 090ba7c..44f1eba 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -1,7 +1,9 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) info "Automount raid1 encrypted storages..." -create_luks_key_and_update_cryptab $mapper_name_1 $partition_path_1 -create_luks_key_and_update_cryptab $mapper_name_2 $partition_path_2 -update_fstab $mapper_path_1 $mount_path_1 +create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" +create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" +update_fstab "$mapper_path_1" "$mount_path_1" success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/raid1/setup.sh b/scripts/encryption/storage/raid1/setup.sh index 991b169..3124806 100644 --- a/scripts/encryption/storage/raid1/setup.sh +++ b/scripts/encryption/storage/raid1/setup.sh @@ -2,19 +2,22 @@ # @author Kevin Veen-Birkenbach [kevin@veen.world] # @see https://balaskas.gr/btrfs/raid1.html # @see https://mutschler.eu/linux/install-guides/ubuntu-btrfs-raid1/ +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) set_raid1_devices_mount_partition_and_mapper_paths info "Encrypting $partition_path_1..." && -cryptsetup luksFormat $partition_path_1 && +cryptsetup luksFormat "$partition_path_1" && info "Encrypting $partition_path_2..." && -cryptsetup luksFormat $partition_path_2 && +cryptsetup luksFormat "$partition_path_2" && blkid | tail -2 && -cryptsetup luksOpen $partition_path_1 $mapper_name_1 && -cryptsetup luksOpen $partition_path_2 $mapper_name_2 && -cryptsetup status $mapper_path_1 && -cryptsetup status $mapper_path_2 && -mkfs.btrfs -L $label -m raid1 -d raid1 $mapper_path_1 $mapper_path_2 && +cryptsetup luksOpen "$partition_path_1" "$mapper_name_1" && +cryptsetup luksOpen "$partition_path_2" "$mapper_name_2" && +cryptsetup status "$mapper_path_1" && +cryptsetup status "$mapper_path_2" && +mkfs.btrfs -m raid1 -d raid1 "$mapper_path_1" "$mapper_path_2" && success "Encryption successfull :)" || error diff --git a/scripts/encryption/storage/single_drive/base.sh b/scripts/encryption/storage/single_drive/base.sh index 9b74781..3c00ca1 100644 --- a/scripts/encryption/storage/single_drive/base.sh +++ b/scripts/encryption/storage/single_drive/base.sh @@ -1,2 +1,3 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1) diff --git a/scripts/encryption/storage/single_drive/mount.sh b/scripts/encryption/storage/single_drive/mount.sh index 13cf0b0..a54896a 100644 --- a/scripts/encryption/storage/single_drive/mount.sh +++ b/scripts/encryption/storage/single_drive/mount.sh @@ -1,15 +1,18 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Mounts encrypted storages" set_device_mount_partition_and_mapper_paths info "Unlock partition..." && -sudo cryptsetup luksOpen $partition_path $mapper_name || +sudo cryptsetup luksOpen "$partition_path" "$mapper_name" || error info "Mount partition..." && -sudo mount $mapper_path $mount_path || +sudo mount "$mapper_path" "$mount_path" || error success "Mounting successfull :)" diff --git a/scripts/encryption/storage/single_drive/mount_on_boot.sh b/scripts/encryption/storage/single_drive/mount_on_boot.sh index 1a39f2f..d44dff1 100644 --- a/scripts/encryption/storage/single_drive/mount_on_boot.sh +++ b/scripts/encryption/storage/single_drive/mount_on_boot.sh @@ -1,11 +1,13 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Automount encrypted storages" echo set_device_mount_partition_and_mapper_paths -create_luks_key_and_update_cryptab $mapper_name $partition_path +create_luks_key_and_update_cryptab "$mapper_name" "$partition_path" -update_fstab $mapper_path $mount_path +update_fstab "$mapper_path" "$mount_path" success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/single_drive/setup.sh b/scripts/encryption/storage/single_drive/setup.sh index e79703e..7071f5d 100644 --- a/scripts/encryption/storage/single_drive/setup.sh +++ b/scripts/encryption/storage/single_drive/setup.sh @@ -1,4 +1,7 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Setups disk encryption" @@ -23,25 +26,25 @@ info "Creating partition table..." error info "Encrypt $device_path..." && -sudo cryptsetup -v -y luksFormat $partition_path || +sudo cryptsetup -v -y luksFormat "$partition_path" || error info "Unlock partition..." && -sudo cryptsetup luksOpen $partition_path $mapper_name || +sudo cryptsetup luksOpen "$partition_path" "$mapper_name" || error info "Create btrfs file system..." && -sudo mkfs.btrfs $mapper_path || error +sudo mkfs.btrfs "$mapper_path" || error info "Creating mount folder unter \"$mount_path\"..." && -sudo mkdir -p $mount_path || error +sudo mkdir -p "$mount_path" || error info "Mount partition..." && -sudo mount $mapper_path $mount_path || +sudo mount "$mapper_path" "$mount_path" || error info "Own partition by user..." && -sudo chown -R $USER:$USER $mount_path || +sudo chown -R "$USER":"$USER" "$mount_path" || error success "Encryption successfull :)" diff --git a/scripts/encryption/storage/single_drive/umount.sh b/scripts/encryption/storage/single_drive/umount.sh index d894ba7..cd46017 100644 --- a/scripts/encryption/storage/single_drive/umount.sh +++ b/scripts/encryption/storage/single_drive/umount.sh @@ -1,12 +1,15 @@ #!/bin/bash +# shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. +# shellcheck disable=SC2015 # Deactivating bool hint +# shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Unmount encrypted storages" set_device_mount_partition_and_mapper_paths info "Unmount $mapper_path..." -sudo umount $mapper_path && -sudo cryptsetup luksClose $mapper_path || +sudo umount "$mapper_path" && +sudo cryptsetup luksClose "$mapper_path" || error success "Successfull :)" From cd82cd433700924363c02f9dcf5192d43b2e9841 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:01:42 +0100 Subject: [PATCH 05/17] Removed hint --- scripts/encryption/storage/Readme.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/encryption/storage/Readme.md b/scripts/encryption/storage/Readme.md index db33164..844fec9 100644 --- a/scripts/encryption/storage/Readme.md +++ b/scripts/encryption/storage/Readme.md @@ -1,4 +1,2 @@ # Storage For security reasons storages **SHOULD** be encrypted with [LUKS](https://de.wikipedia.org/wiki/Dm-crypt#Erweiterung_mit_LUKS). To keep it standardized and easy this scripts will use [btrfs](https://de.wikipedia.org/wiki/Btrfs) as file system. - -@todo create mount folder From 04cb6216bee8460e6778a84d916d968cf74b58a3 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:17:07 +0100 Subject: [PATCH 06/17] Solved bugs --- scripts/encryption/storage/base.sh | 2 +- scripts/encryption/storage/raid1/base.sh | 4 +++- scripts/encryption/storage/raid1/setup.sh | 12 ++++++------ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 9141734..8656551 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -4,7 +4,7 @@ # shellcheck disable=SC2154 # Referenced but not assigned # shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. # shellcheck disable=SC2001 # See if you can use ${variable//search/replace} instead -source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1) +source "$(dirname "$(readlink -f "${0}")")/../../../base.sh" || (echo "Loading base.sh failed." && exit 1) set_device_mount_partition_and_mapper_paths(){ set_device_path && diff --git a/scripts/encryption/storage/raid1/base.sh b/scripts/encryption/storage/raid1/base.sh index 256b2d9..e2046a5 100644 --- a/scripts/encryption/storage/raid1/base.sh +++ b/scripts/encryption/storage/raid1/base.sh @@ -11,10 +11,12 @@ set_raid1_devices_mount_partition_and_mapper_paths(){ mapper_name_1=$mapper_name && mapper_path_1=$mapper_path && mount_path_1=$mount_path && + device_path_1=$device_path && info "RAID1 partition 2..." && set_device_mount_partition_and_mapper_paths && partition_path_2=$partition_path && mapper_name_2=$mapper_name && mapper_path_2=$mapper_path && - mount_path_2=$mount_path || error + mount_path_2=$mount_path && + device_path_2=$device_path || error } diff --git a/scripts/encryption/storage/raid1/setup.sh b/scripts/encryption/storage/raid1/setup.sh index 3124806..e5df98a 100644 --- a/scripts/encryption/storage/raid1/setup.sh +++ b/scripts/encryption/storage/raid1/setup.sh @@ -9,13 +9,13 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh fa set_raid1_devices_mount_partition_and_mapper_paths -info "Encrypting $partition_path_1..." && -cryptsetup luksFormat "$partition_path_1" && -info "Encrypting $partition_path_2..." && -cryptsetup luksFormat "$partition_path_2" && +info "Encrypting $device_path_1..." && +cryptsetup luksFormat "$device_path_1" && +info "Encrypting $device_path_2..." && +cryptsetup luksFormat "$device_path_2" && blkid | tail -2 && -cryptsetup luksOpen "$partition_path_1" "$mapper_name_1" && -cryptsetup luksOpen "$partition_path_2" "$mapper_name_2" && +cryptsetup luksOpen "$device_path_1" "$mapper_name_1" && +cryptsetup luksOpen "$device_path_2" "$mapper_name_2" && cryptsetup status "$mapper_path_1" && cryptsetup status "$mapper_path_2" && mkfs.btrfs -m raid1 -d raid1 "$mapper_path_1" "$mapper_path_2" && From 0b0e34ac04c6f31433ad2ca1404073007527f58e Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:23:52 +0100 Subject: [PATCH 07/17] Solved bug --- scripts/encryption/storage/raid1/mount_on_boot.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 44f1eba..996dbce 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -2,8 +2,10 @@ # shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. # shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) -info "Automount raid1 encrypted storages..." -create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" -create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" -update_fstab "$mapper_path_1" "$mount_path_1" -success "Installation finished. Please restart :)" +info "Automount raid1 encrypted storages..." && +set_device_mount_partition_and_mapper_paths && +create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" && +create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" && +update_fstab "$mapper_path_1" "$mount_path_1" && +success "Installation finished. Please restart :)" || +error From 35d67a63c8993940175cd0b7a60025c7a9ea791f Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:26:46 +0100 Subject: [PATCH 08/17] Solved bug --- scripts/encryption/storage/raid1/mount_on_boot.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 996dbce..f192d8b 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -3,7 +3,7 @@ # shellcheck disable=SC2154 # Referenced but not assigned source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) info "Automount raid1 encrypted storages..." && -set_device_mount_partition_and_mapper_paths && +set_raid1_devices_mount_partition_and_mapper_paths && create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" && create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" && update_fstab "$mapper_path_1" "$mount_path_1" && From bf49689723dae313e451f841124468f4c99556d8 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:28:07 +0100 Subject: [PATCH 09/17] Solved variable naming bug --- scripts/encryption/storage/raid1/mount_on_boot.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index f192d8b..1f39436 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -4,8 +4,8 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) info "Automount raid1 encrypted storages..." && set_raid1_devices_mount_partition_and_mapper_paths && -create_luks_key_and_update_cryptab "$mapper_name_1" "$partition_path_1" && -create_luks_key_and_update_cryptab "$mapper_name_2" "$partition_path_2" && +create_luks_key_and_update_cryptab "$mapper_name_1" "$device_path_1" && +create_luks_key_and_update_cryptab "$mapper_name_2" "$device_path_2" && update_fstab "$mapper_path_1" "$mount_path_1" && success "Installation finished. Please restart :)" || error From cf9b59677aac4613743ee91a298d0a1cc4667692 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sun, 20 Dec 2020 22:39:49 +0100 Subject: [PATCH 10/17] Solved mounting and testing bugs --- scripts/encryption/storage/base.sh | 1 + scripts/encryption/storage/raid1/mount_on_boot.sh | 2 ++ 2 files changed, 3 insertions(+) diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 8656551..302439b 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -34,6 +34,7 @@ create_luks_key_and_update_cryptab(){ sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && info "Opening and closing device to verify that that everything works fine..." && + sudo cryptsetup -v luksClose "$1" && sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && sudo cryptsetup -v luksClose "$1" && info "Reading UUID..." && diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 1f39436..3967421 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -5,6 +5,8 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh fa info "Automount raid1 encrypted storages..." && set_raid1_devices_mount_partition_and_mapper_paths && create_luks_key_and_update_cryptab "$mapper_name_1" "$device_path_1" && +info "Creating mount folder unter \"$mount_path_1\"..." && +sudo mkdir -p "$mount_path_1" && create_luks_key_and_update_cryptab "$mapper_name_2" "$device_path_2" && update_fstab "$mapper_path_1" "$mount_path_1" && success "Installation finished. Please restart :)" || From 384b5ab19e42db22add178a426558cafcbd7f5f4 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 23 Dec 2020 18:29:08 +0100 Subject: [PATCH 11/17] Added verbose to mkdir --- scripts/encryption/storage/raid1/mount_on_boot.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 3967421..500d578 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -6,7 +6,7 @@ info "Automount raid1 encrypted storages..." && set_raid1_devices_mount_partition_and_mapper_paths && create_luks_key_and_update_cryptab "$mapper_name_1" "$device_path_1" && info "Creating mount folder unter \"$mount_path_1\"..." && -sudo mkdir -p "$mount_path_1" && +sudo mkdir -vp "$mount_path_1" && create_luks_key_and_update_cryptab "$mapper_name_2" "$device_path_2" && update_fstab "$mapper_path_1" "$mount_path_1" && success "Installation finished. Please restart :)" || From fe6908e6bd9b45e8597bb0e924e47c3ad6aa101a Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 23 Dec 2020 18:35:33 +0100 Subject: [PATCH 12/17] Optimized luksClose --- scripts/encryption/storage/base.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 302439b..1d8c645 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -33,8 +33,8 @@ create_luks_key_and_update_cryptab(){ fi sudo dd if=/dev/urandom of="$secret_key_path" bs=512 count=8 && sudo cryptsetup -v luksAddKey "$2" "$secret_key_path" && - info "Opening and closing device to verify that that everything works fine..." && - sudo cryptsetup -v luksClose "$1" && + info "Opening and closing device to verify that that everything works fine..." || error + sudo cryptsetup -v luksClose "$1" || info "No need to luksClose $1." sudo cryptsetup -v luksOpen "$2" "$1" --key-file="$secret_key_path" && sudo cryptsetup -v luksClose "$1" && info "Reading UUID..." && From d53271acff69254a92d35b1ce517993fbb347dd5 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 23 Dec 2020 19:33:10 +0100 Subject: [PATCH 13/17] Added hint --- scripts/encryption/storage/base.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index 1d8c645..9136abf 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -61,6 +61,9 @@ create_luks_key_and_update_cryptab(){ # @var $1 mapper_name # @var $2 mount_path +# +# If mount doesn't work adapt it manually to +# @see https://gist.github.com/MaxXor/ba1665f47d56c24018a943bb114640d7 update_fstab(){ fstab_path="/etc/fstab" fstab_entry="$1 $2 btrfs defaults 0 2" From 6d482ddcfcdf441f2d471b881a7803e25c780969 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 24 Dec 2020 21:49:16 +0100 Subject: [PATCH 14/17] Updated README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5cf40c5..5bb5cc1 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,9 @@ $HOME/Documents/certificates/ | Contains certificates to authenticate via [certi | $HOME/Documents/recovery_codes/ | Contains files with recovery_codes e.g. for [Two-factor authentication](https://en.wikipedia.org/wiki/Multi-factor_authentication). | | $HOME/Documents/identity/ | Contains files to prove the identity of the *Core System Owner* in physical live like passports. | | $HOME/Documents/passwords/ | Contains e.g the [KeePassXC](https://keepassxc.org/) database with all *Core System Owner* passwords. | -| $HOME/Repositories/ | Contains all git repositories | +| $HOME/Repositories/ | Contains all git repository providers. | +| $HOME/Repositories/{{provider}} | Contains all git repositories of an provider. | +| $HOME/Backups | Contains all backups. The sub-folders follow the standards of [Backup Manager](https://github.com/kevinveenbirkenbach/backup-manager) | | $HOME/Games/roms | Contains all roms | | $HOME/Images/ | contains os images| From f4ab5461c284ed6f1799b8fe9ab57fdd992edfa5 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 25 Dec 2020 13:35:44 +0100 Subject: [PATCH 15/17] Implemented tool to check if ssh keys are not encrypted --- scripts/analyze/client/not_encrypted_ssh_keys.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 scripts/analyze/client/not_encrypted_ssh_keys.sh diff --git a/scripts/analyze/client/not_encrypted_ssh_keys.sh b/scripts/analyze/client/not_encrypted_ssh_keys.sh new file mode 100644 index 0000000..d3404f5 --- /dev/null +++ b/scripts/analyze/client/not_encrypted_ssh_keys.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# @see https://stackoverflow.com/questions/32408820/how-to-list-files-and-match-first-line-in-bash-script +# @see https://unix.stackexchange.com/questions/298590/using-find-non-recursively +# @see https://security.stackexchange.com/questions/129724/how-to-check-if-an-ssh-private-key-has-passphrase-or-not +find $HOME/.ssh -maxdepth 1 -type f -print0 | while IFS= read -r -d $'\0' file; do + if [[ $(head -n1 "$file") == "-----BEGIN OPENSSH PRIVATE KEY-----" ]]; then + echo "Test file: $file" + ssh-keygen -y -P "" -f $file + fi +done From 021e6b2812bb95dd5a34802f02ab31b802d16dee Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 25 Dec 2020 13:44:06 +0100 Subject: [PATCH 16/17] Optimized shellcheck --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b58dabc..9c60b5d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,2 +1,2 @@ language: shell -script: shellcheck ./scripts/*/*.sh +script: shellcheck $(find . -type f -name '*.sh') From 9e66e2271fa4a54607e90f834369b407b737b480 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 25 Dec 2020 13:49:03 +0100 Subject: [PATCH 17/17] Optimized code --- .../analyze/client/not_encrypted_ssh_keys.sh | 4 +- scripts/analyze/system/dd_optimal_bs_test.sh | 37 ------------------- .../encryption/storage/raid1/mount_on_boot.sh | 1 + 3 files changed, 3 insertions(+), 39 deletions(-) delete mode 100644 scripts/analyze/system/dd_optimal_bs_test.sh diff --git a/scripts/analyze/client/not_encrypted_ssh_keys.sh b/scripts/analyze/client/not_encrypted_ssh_keys.sh index d3404f5..d39191d 100644 --- a/scripts/analyze/client/not_encrypted_ssh_keys.sh +++ b/scripts/analyze/client/not_encrypted_ssh_keys.sh @@ -2,9 +2,9 @@ # @see https://stackoverflow.com/questions/32408820/how-to-list-files-and-match-first-line-in-bash-script # @see https://unix.stackexchange.com/questions/298590/using-find-non-recursively # @see https://security.stackexchange.com/questions/129724/how-to-check-if-an-ssh-private-key-has-passphrase-or-not -find $HOME/.ssh -maxdepth 1 -type f -print0 | while IFS= read -r -d $'\0' file; do +find "$HOME/.ssh" -maxdepth 1 -type f -print0 | while IFS= read -r -d $'\0' file; do if [[ $(head -n1 "$file") == "-----BEGIN OPENSSH PRIVATE KEY-----" ]]; then echo "Test file: $file" - ssh-keygen -y -P "" -f $file + ssh-keygen -y -P "" -f "$file" fi done diff --git a/scripts/analyze/system/dd_optimal_bs_test.sh b/scripts/analyze/system/dd_optimal_bs_test.sh deleted file mode 100644 index 67837dc..0000000 --- a/scripts/analyze/system/dd_optimal_bs_test.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Wrong scripped but good as a base to optimize later. See http://blog.tdg5.com/tuning-dd-block-size/ -# Since we're dealing with dd, abort if any errors occur -set -e - -TEST_FILE=${1:-dd_obs_testfile} -[ -e "$TEST_FILE" ]; TEST_FILE_EXISTS=$? -TEST_FILE_SIZE=134217728 - -# Header -PRINTF_FORMAT="%8s : %s\n" -printf "$PRINTF_FORMAT" 'block size' 'transfer rate' - -# Block sizes of 512b 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1M 2M 4M 8M 16M 32M 64M -for BLOCK_SIZE in 512 1024 2048 4096 8192 16384 32768 65536 131072 262144 524288 1048576 2097152 4194304 8388608 16777216 33554432 67108864 -do - # Calculate number of segments required to copy - COUNT=$(($TEST_FILE_SIZE / $BLOCK_SIZE)) - - if [ $COUNT -le 0 ]; then - echo "Block size of $BLOCK_SIZE estimated to require $COUNT blocks, aborting further tests." - break - fi - - # Create a test file with the specified block size - DD_RESULT=$(dd if=/dev/zero of=$TEST_FILE bs=$BLOCK_SIZE count=$COUNT 2>&1 1>/dev/null) - -echo $DD_RESULT - # Extract the transfer rate from dd's STDERR output - TRANSFER_RATE=$(echo $DD_RESULT | \grep --only-matching -E '[0-9.]+ ([MGk]?B|bytes)/s(ec)?') - - # Clean up the test file if we created one - [ $TEST_FILE_EXISTS -ne 0 ] && rm $TEST_FILE - - # Output the result - printf "$PRINTF_FORMAT" "$BLOCK_SIZE" "$TRANSFER_RATE" -done diff --git a/scripts/encryption/storage/raid1/mount_on_boot.sh b/scripts/encryption/storage/raid1/mount_on_boot.sh index 500d578..c335834 100644 --- a/scripts/encryption/storage/raid1/mount_on_boot.sh +++ b/scripts/encryption/storage/raid1/mount_on_boot.sh @@ -1,6 +1,7 @@ #!/bin/bash # shellcheck disable=SC1090 # Can't follow non-constant source. Use a directive to specify location. # shellcheck disable=SC2154 # Referenced but not assigned +# shellcheck disable=SC2015 #Deactivate bool hint source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) info "Automount raid1 encrypted storages..." && set_raid1_devices_mount_partition_and_mapper_paths &&