diff --git a/scripts/encryption/storage/base.sh b/scripts/encryption/storage/base.sh index fc35dce..11ca9c4 100644 --- a/scripts/encryption/storage/base.sh +++ b/scripts/encryption/storage/base.sh @@ -1,11 +1,12 @@ #!/bin/bash source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1) -set_device_mount_and_mapper_paths(){ +set_device_mount_partition_and_mapper_paths(){ set_device_path && mapper_name="encrypteddrive-$device" && mapper_path="/dev/mapper/$mapper_name" && mount_path="/media/$mapper_name" && + partition_path="$device_path""1" && info "mapper name set to : $mapper_name" && info "mapper path set to : $mapper_path" || info "mount path set to : $mount_path" || diff --git a/scripts/encryption/storage/mount.sh b/scripts/encryption/storage/mount.sh index eadbffa..13cf0b0 100644 --- a/scripts/encryption/storage/mount.sh +++ b/scripts/encryption/storage/mount.sh @@ -2,9 +2,8 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Mounts encrypted storages" -set_device_mount_and_mapper_paths +set_device_mount_partition_and_mapper_paths -partition_path="$device_path""1" info "Unlock partition..." && sudo cryptsetup luksOpen $partition_path $mapper_name || error diff --git a/scripts/encryption/storage/mount_on_boot.sh b/scripts/encryption/storage/mount_on_boot.sh index 15703d7..7de0674 100644 --- a/scripts/encryption/storage/mount_on_boot.sh +++ b/scripts/encryption/storage/mount_on_boot.sh @@ -2,44 +2,69 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Automount encrypted storages" echo -set_device_mount_and_mapper_paths +set_device_mount_partition_and_mapper_paths -secret_key_path="/etc/luks-keys/$mapper""_name_secret_key" && +info "Creating key luks-key-directory..." && +key_directory="/etc/luks-keys/" && +sudo mkdir $key_directory || warning "Directory exists: $key_directory" +luks_key_name="$mapper_name""_name_secret_key" && +secret_key_path="$key_directory$luks_key_name" && info "Generate secret key under: $secret_key_path" && -dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && -sudo cryptsetup -v luksAddKey $device_path $secret_key_path || +if [ -f "$secret_key_path" ] + then + warning "File allready exist. Overwritting!" +fi +sudo dd if=/dev/urandom of=$secret_key_path bs=512 count=8 && +sudo cryptsetup -v luksAddKey $partition_path $secret_key_path || error info "Opening and closing device to verify that that everything works fine..." && -sudo cryptsetup -v luksOpen $device_path $mapper_name --key-file=$secret_key_path && +sudo cryptsetup -v luksOpen $partition_path $mapper_name --key-file=$secret_key_path && sudo cryptsetup -v luksClose $mapper_name || error -uuid_line=$(sudo cryptsetup luksDump $device_path | grep "UUID") -uuid=$(uuid_line "${test/UUID:/""}"|sed -e "s/[[:space:]]\+//g") -crypttab_path="/etc/crypttab" -if grep -q "$uuid" "$crypttab_path"; then - error "File $crypttab_path contains allready a string with the UUID:$uuid" -fi -"$mapper_name UUID=$uuid $secret_key_path luks" >> $crypttab_path +info "Reading UUID..." +uuid_line=$(sudo cryptsetup luksDump $partition_path | grep "UUID") && +uuid=$(echo "${uuid_line/UUID:/""}"|sed -e "s/[[:space:]]\+//g") || +error -info "The file $crypttab_path contains the following:" && +crypttab_path="/etc/crypttab" +crypttab_entry="$mapper_name UUID=$uuid $secret_key_path luks" +info "Adding crypttab entry..." +if sudo grep -q "$crypttab_entry" "$crypttab_path"; + then + warning "File $crypttab_path contains allready a the following entry:" && + echo "$crypttab_entry" && + info "Skipped." || + error + else + sudo sh -c "echo '$crypttab_entry' >> $crypttab_path" || + error +fi + +info "The file $crypttab_path contains now the following:" && sudo cat $crypttab_path || error -info "Verifying crypttab configuration..." && -sudo cryptdisks_start $mapper_name || -error +# info "Verifying crypttab configuration..." && +# sudo cryptdisks_start $mapper_name || +# error fstab_path="/etc/fstab" -if grep -q "$uuid" "f$stab_path"; then - error "File $fstab_path contains allready a string with the UUID:$uuid" +fstab_entry="$mapper_path $mount_path btrfs defaults 0 2" +info "Adding fstab entry..." +if sudo grep -q "$fstab_entry" "$fstab_path"; then + warning "File $crypttab_path contains allready a the following entry:" && + echo "$fstab_entry" && + info "Skipped." || + error +else + sudo sh -c "echo '$fstab_entry' >> $fstab_path" || + error fi -"$mapper_path $mount_path btrfs defaults 0 2" >> $fstab_path || -error -info "The file $crypttab_path contains the following:" && -sudo cat $crypttab_path || +info "The file $fstab_path contains now the following:" && +sudo cat $fstab_path || error success "Installation finished. Please restart :)" diff --git a/scripts/encryption/storage/setup.sh b/scripts/encryption/storage/setup.sh index c504a2d..fdd7b78 100644 --- a/scripts/encryption/storage/setup.sh +++ b/scripts/encryption/storage/setup.sh @@ -1,7 +1,7 @@ source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) echo "Setups disk encryption" -set_device_mount_and_mapper_paths +set_device_mount_partition_and_mapper_paths overwritte_device_with_zeros @@ -21,7 +21,6 @@ info "Creating partition table..." )| sudo fdisk --wipe always "$device_path" || error -partition_path="$device_path""1" info "Encrypt $device_path..." && sudo cryptsetup -v -y luksFormat $partition_path || error @@ -43,3 +42,5 @@ error info "Own partition by user..." && sudo chown -R $USER:$USER $mount_path || error + +success "Encryption successfull :)" diff --git a/scripts/encryption/storage/umount.sh b/scripts/encryption/storage/umount.sh index e69de29..d894ba7 100644 --- a/scripts/encryption/storage/umount.sh +++ b/scripts/encryption/storage/umount.sh @@ -0,0 +1,12 @@ +#!/bin/bash +source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1) +echo "Unmount encrypted storages" + +set_device_mount_partition_and_mapper_paths + +info "Unmount $mapper_path..." +sudo umount $mapper_path && +sudo cryptsetup luksClose $mapper_path || +error + +success "Successfull :)"