mirror of
https://github.com/kevinveenbirkenbach/linux-image-manager.git
synced 2024-12-22 20:15:03 +01:00
Added draft for storage encryption procedures
This commit is contained in:
parent
78bee8d0cc
commit
7f629205ef
13
README.md
13
README.md
@ -33,11 +33,11 @@ This repository contains the following scripts:
|
||||
| Order | Description |
|
||||
|---|---|
|
||||
| ```bash ./scripts/system-setup.sh``` | Setup the customized software on the system on which you execute it. |
|
||||
| ```bash ./scripts/backup.sh``` | Executes all setup scripts. |
|
||||
| ```bash ./scripts/import-data-from-system.sh``` | Import data from the host system.|
|
||||
| ```bash ./scripts/export-data-to-system.sh``` | Export data to the host system.|
|
||||
| ```bash ./scripts/unlock.sh``` | Unlock the stored data.|
|
||||
| ```bash ./scripts/lock.sh``` | Lock the stored data |
|
||||
| ```bash ./scripts/image/backup.sh``` | Backup an device image |
|
||||
| ```bash ./scripts/data/import-data-from-system.sh``` | Import data from the host system.|
|
||||
| ```bash ./scripts/data/export-data-to-system.sh``` | Export data to the host system.|
|
||||
| ```bash ./scripts/encryption/data/unlock.sh``` | Unlock the stored data.|
|
||||
| ```bash ./scripts/encryption/data/lock.sh``` | Lock the stored data |
|
||||
| ```bash ./scripts/pull-local-repositories.sh``` | Pulls all local repositories branches |
|
||||
| ```bash ./scripts/pushs-local-repositories.sh``` | Pushs all local repositories branches |
|
||||
| ```encfsctl passwd .encrypted``` | Change the password of the encrypted folder. |
|
||||
@ -56,7 +56,8 @@ $HOME/Documents/certificates/ | Contains certificates to authenticate via [certi
|
||||
| $HOME/Documents/recovery_codes/ | Contains files with recovery_codes e.g. for [Two-factor authentication](https://en.wikipedia.org/wiki/Multi-factor_authentication). |
|
||||
| $HOME/Documents/identity/ | Contains files to prove the identity of the *Core System Owner* in physical live like passports. |
|
||||
| $HOME/Documents/passwords/ | Contains e.g the [KeePassXC](https://keepassxc.org/) database with all *Core System Owner* passwords. |
|
||||
| $HOME/Documents/repositories/ | Contains all git repositories |
|
||||
| $HOME/Repositories/ | Contains all git repositories |
|
||||
| $HOME/Games/roms | Contains all roms |
|
||||
| $HOME/Images/ | contains os images|
|
||||
|
||||
#### Desktop
|
||||
|
@ -65,6 +65,23 @@ error(){
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Routine to echo the full sd-card-path
|
||||
set_device_path(){
|
||||
info "Available devices:"
|
||||
ls -lasi /dev/ | grep -E "sd|mm"
|
||||
question "Please type in the name of the device: /dev/" && read -r device
|
||||
device_path="/dev/$device"
|
||||
if [ ! -b "$device_path" ]
|
||||
then
|
||||
error "$device_path is not valid device."
|
||||
fi
|
||||
# @see https://www.heise.de/ct/hotline/Optimale-Blockgroesse-fuer-dd-2056768.html
|
||||
OPTIMAL_BLOCKSIZE=$(expr 64 \* "$(sudo cat /sys/block/$device/queue/physical_block_size)") &&
|
||||
info "Device path set to: $device_path" &&
|
||||
info "Optimal blocksize set to: $OPTIMAL_BLOCKSIZE" ||
|
||||
error
|
||||
}
|
||||
|
||||
HEADER(){
|
||||
echo
|
||||
echo "${COLOR_YELLOW}The"
|
||||
|
@ -18,11 +18,11 @@ declare -a BACKUP_LIST=("$HOME/.ssh/" \
|
||||
"$HOME/Documents/identity/" \
|
||||
"$HOME/Documents/passwords/" \
|
||||
"$HOME/Documents/licenses/");
|
||||
|
||||
|
||||
if [ -z "$(mount | grep "$DECRYPTED_PATH")" ]
|
||||
then
|
||||
info "The decrypted folder $DECRYPTED_PATH is locked. You need to unlock it!" &&
|
||||
bash "$SCRIPT_PATH""encryption/unlock.sh" || error "Unlocking failed.";
|
||||
bash "$SCRIPT_PATH""encryption/data/unlock.sh" || error "Unlocking failed.";
|
||||
fi
|
||||
if [ "$1" = "reverse" ]
|
||||
then
|
||||
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
# shellcheck disable=SC2015 # Deactivating bool hint
|
||||
# shellcheck source=/dev/null # Deactivate SC1090
|
||||
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
info "Locking directory $DECRYPTED_PATH..." &&
|
||||
fusermount -u "$DECRYPTED_PATH" || error "Unmounting failed."
|
||||
info "Data is now encrypted."
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
# shellcheck source=/dev/null # Deactivate SC1090
|
||||
# shellcheck disable=SC2015 # Deactivating bool hint
|
||||
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
info "Unlocking directory $DECRYPTED_PATH..."
|
||||
if [ ! -d "$DECRYPTED_PATH" ]
|
||||
then
|
13
scripts/encryption/storage/base.sh
Normal file
13
scripts/encryption/storage/base.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
source "$(dirname "$(readlink -f "${0}")")/../../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
|
||||
set_device_mount_and_mapper_paths(){
|
||||
set_device_path &&
|
||||
mapper_name="encrypteddrive-$device" &&
|
||||
mapper_path="/dev/mapper/$mapper_name" &&
|
||||
mount_path="/media/$mapper_name" &&
|
||||
info "mapper name set to : $mapper_name" &&
|
||||
info "mapper path set to : $mapper_path" ||
|
||||
info "mount path set to : $mount_path" ||
|
||||
error
|
||||
}
|
14
scripts/encryption/storage/mount.sh
Normal file
14
scripts/encryption/storage/mount.sh
Normal file
@ -0,0 +1,14 @@
|
||||
source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
echo "Mounting encrypted storage..."
|
||||
|
||||
set_device_mount_and_mapper_paths
|
||||
|
||||
info "Unlock partition..." &&
|
||||
sudo cryptsetup luksOpen $device_path $mapper_name ||
|
||||
error
|
||||
|
||||
info "Mount partition..." &&
|
||||
sudo mount $mapper_path $mount_path ||
|
||||
error
|
||||
|
||||
success "Mounting successfull :)"
|
40
scripts/encryption/storage/setup.sh
Normal file
40
scripts/encryption/storage/setup.sh
Normal file
@ -0,0 +1,40 @@
|
||||
source "$(dirname "$(readlink -f "${0}")")/base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
echo "Setups disk encryption"
|
||||
|
||||
set_device_mount_and_mapper_paths
|
||||
|
||||
info "Overwritting device \"$device_path\" with zeros..." &&
|
||||
sudo dd if=/dev/zero of=$device_path bs=$OPTIMAL_BLOCKSIZE status=progress conv=fdatasync ||
|
||||
error
|
||||
|
||||
info "Creating new GPT partition table..."
|
||||
( echo "g" # create a new empty GPT partition table
|
||||
echo "w" # Write partition table
|
||||
)| sudo fdisk "$device_path" || error
|
||||
|
||||
info "Creating partition table..."
|
||||
( echo "n" # Create GPT partition table
|
||||
echo "p" # Create GPT partition table
|
||||
echo "w" # Write partition table
|
||||
)| sudo fdisk "$device_path" || error
|
||||
|
||||
info "Show memory devices..." &&
|
||||
sudo fdisk -l || error
|
||||
|
||||
info "Encrypt $device_path..." &&
|
||||
sudo cryptsetup -v -y luksFormat $device_path
|
||||
|
||||
info "Unlock partition..." &&
|
||||
sudo cryptsetup luksOpen $device_path $mapper_name
|
||||
|
||||
info "Create btrfs file system..." &&
|
||||
sudo mkfs.btrfs $mapper_path || error
|
||||
|
||||
info "Creating mount folder unter \"$mount_path\"..." &&
|
||||
mkdir -p $mount_path || error
|
||||
|
||||
info "Mount partition..." &&
|
||||
sudo mount $mapper_path $mount_path || error
|
||||
|
||||
info "Own partition by user..." &&
|
||||
sudo chown -R $USER:$USER $mount_path || error
|
0
scripts/encryption/storage/umount.sh
Normal file
0
scripts/encryption/storage/umount.sh
Normal file
@ -26,18 +26,6 @@ set_partition_paths(){
|
||||
boot_partition_path=$(echo_partition_name "1")
|
||||
}
|
||||
|
||||
# Routine to echo the full sd-card-path
|
||||
set_device_path(){
|
||||
info "Available devices:"
|
||||
ls -lasi /dev/ | grep -E "sd|mm"
|
||||
question "Please type in the name of the device: /dev/" && read -r device
|
||||
device_path="/dev/$device"
|
||||
if [ ! -b "$device_path" ]
|
||||
then
|
||||
error "$device_path is not valid device."
|
||||
fi
|
||||
}
|
||||
|
||||
make_mount_folders(){
|
||||
info "Preparing mount paths..." &&
|
||||
boot_mount_path="$working_folder_path""boot/" &&
|
||||
|
@ -210,10 +210,6 @@ make_mount_folders
|
||||
|
||||
set_partition_paths
|
||||
|
||||
# @see https://www.heise.de/ct/hotline/Optimale-Blockgroesse-fuer-dd-2056768.html
|
||||
optimal_blocksize=$(expr 64 \* "$(sudo cat /sys/block/$device/queue/physical_block_size)") &&
|
||||
info "Calculated optimal blocksize of $optimal_blocksize""Byte for \"dd\" operations."
|
||||
|
||||
question "Should the image be transfered to $device_path?(y/n)" && read -r transfer_image
|
||||
if [ "$transfer_image" = "y" ]
|
||||
then
|
||||
@ -222,7 +218,7 @@ if [ "$transfer_image" = "y" ]
|
||||
if [ "$copy_zeros_to_device" = "y" ]
|
||||
then
|
||||
info "Overwritting..." &&
|
||||
dd if=/dev/zero of="$device_path" bs="$optimal_blocksize" || error "Overwritting $device_path failed."
|
||||
dd if=/dev/zero of="$device_path" bs="$OPTIMAL_BLOCKSIZE" status=progress || error "Overwritting $device_path failed."
|
||||
else
|
||||
info "Skipping Overwritting..."
|
||||
fi
|
||||
@ -267,19 +263,19 @@ if [ "$transfer_image" = "y" ]
|
||||
elif [ "${image_path: -4}" = ".zip" ]
|
||||
then
|
||||
info "Transfering .zip file..." &&
|
||||
unzip -p "$image_path" | sudo dd of="$device_path" bs="$optimal_blocksize" conv=fsync || error "DD $image_path to $device_path failed." &&
|
||||
unzip -p "$image_path" | sudo dd of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress || error "DD $image_path to $device_path failed." &&
|
||||
sync ||
|
||||
error
|
||||
elif [ "${image_path: -3}" = ".gz" ]
|
||||
then
|
||||
info "Transfering .gz file..." &&
|
||||
gunzip -c "$image_path" | sudo dd of="$device_path" bs="$optimal_blocksize" conv=fsync &&
|
||||
gunzip -c "$image_path" | sudo dd of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress &&
|
||||
sync ||
|
||||
error
|
||||
elif [ "${image_path: -4}" = ".iso" ]
|
||||
then
|
||||
info "Transfering .iso file..." &&
|
||||
sudo dd if="$image_path" of="$device_path" bs="$optimal_blocksize" conv=fsync &&
|
||||
sudo dd if="$image_path" of="$device_path" bs="$OPTIMAL_BLOCKSIZE" conv=fsync status=progress &&
|
||||
sync ||
|
||||
error
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user