Hi, this is my first (public) attempt at such a complex script, although short. If it is redundant/ useful/ whatever, I would like to get a bit of feedback on it. First post for me too, hopefully this is ok, Zenaan -- Homepage: www.SoulSound.net -- Free Australia: www.UPMART.org Please respect the confidentiality of this email as sensibly warranted.
#!/bin/sh # Config: /etc/zmount/zmount.conf (see CONFIG_ENV in this file). # Must (?) run this script as root. symlink this script to "zumount" to unmount # corresponding mounts. # This is a script to [un]mount a single encrypted loopback filesystem using # dm-luks. # To create such a filesystem, see # http://www.freeotfe.org/docs/Linux_examples__LUKS.htm#Linux_examples__LUKS # (local copy tech/doc) # A script to encapsulate the creation would be nice too. At the moment I create # my volumes manually, as per the link above (it has an unnecessary excess # loopbak mount which I don't do in this script). # TODO: # # Support embedded/ recursive type crypto mounts (unmount command which checks # for mounts within mounts, because unmounting a crypto mount which has other # crypt filesystem source files inside it (which are themselves loopback crypto # mounted), means that those on the inside need to be unmounted first). # Author: Zenaan Harkness # Copyright (c) 2006, Zenaan Harkness and UPMART. # You may use this program under the terms of the GNU General Public License, # either version 2 or (at your option) any later version. PCOUNT=$# MYNAME=`basename $0` if [ $MYNAME == "zumount" ]; then UNMOUNT="true" fi if [ "$PCOUNT" -lt 2 ]; then if [ x$UNMOUNT = xtrue ]; then if [ "$PCOUNT" -lt 1 ]; then echo "ERROR: Destination un-mountpoint missing." echo "Usage:" echo " $MYNAME un-mountpoint [--verbose]" exit 1 fi else echo "ERROR: Encrypted filesystem source file &/or destination mountpoint missing." echo "Usage:" echo " $MYNAME encrypted-filesystem-file destination-mountpoint [--verbose]" exit 1 fi fi if [ x$UNMOUNT != xtrue ]; then # Source location of crypt fs file to be mounted: if [ ! -f $1 ]; then echo "ERROR: (Crypto) source file ($1) not found." exit 2 fi ENC_SRC=`realpath $1`; shift # Name of crypt fs device; arbitrary; must be unique wrt other dm devices: ENC_SRC_NAME=`echo $ENC_SRC|sed -e "s#/#=#g;"` ENC_DEV_NAME=$ENC_SRC_NAME # Grab next available loop device (are these now dynamically allocated in Linux?): LOOP_DEV=`losetup -f` fi # Destination [un]mount point; arbitrary: if [ ! -d $1 ]; then echo "ERROR: Destination directory ($1) not found." exit 3 fi ENC_DST=`realpath $1`; shift ENC_DST_NAME=`echo $ENC_DST|sed -e "s#/#=#g;"` WHOAMI=`whoami` # Default directory to store dynamic mount configs: FSTAB_DIR="/etc/zmount/mounts" CONFIG_ENV=/etc/zmount/zmount.conf if [ -r $CONFIG_ENV ]; then . $CONFIG_ENV; fi FSTAB_FILE=$FSTAB_DIR/${ENC_DST_NAME}.sh if [ x$1 = x--verbose ]; then VERBOSE=true && shift; # Display status/ config: echo "CONFIGURATION:" echo " whoami ................: $WHOAMI" echo " pwd ...................: `pwd`" echo " Encrypted filesystem ..: $ENC_SRC" echo " (( \$CONFIG_ENV .......: $CONFIG_ENV ))" echo " (( \$FSTAB_FILE .......: $FSTAB_FILE ))" fi if [ x$UNMOUNT = xtrue ]; then if [ ! -f $FSTAB_FILE ]; then echo "ERROR: Crypto fstab file ($FSTAB_FILE) for this mount not found." exit 4 fi # Grab data about filesystem to unmount: . $FSTAB_FILE fi ENC_DEV=/dev/mapper/$ENC_DEV_NAME if [ x$VERBOSE = xtrue ]; then echo " (( Crypt device ......: $ENC_DEV ))" echo " (( Loop device .......: $LOOP_DEV ))" echo " [Un]mountpoint ........: $ENC_DST" echo fi # Can only [un]mount when we are root (perhaps better group/perms setup): if [ ! "x$WHOAMI" == "xroot" ]; then echo "ERROR: Need to run as root user. Try: \"sudo $MYNAME\"" exit 11 fi if [ x$UNMOUNT = xtrue ]; then if umount $ENC_DST && cryptsetup luksClose $ENC_DEV_NAME && losetup -d $LOOP_DEV && rm $FSTAB_FILE; then #echo "Unmount apparently successful ($ENC_DST, $ENC_DEV_NAME, $LOOP_DEV)." echo "Umount apparently successful." else echo "WARNING: Unmount may have had problems." fi exit fi if [ ! -d $FSTAB_DIR ]; then mkdir -p $FSTAB_DIR fi # Mount filesystem: # Create loop device attached to encrypted source file: if losetup $LOOP_DEV $ENC_SRC; then # Create LUKS Crypt device: #cryptsetup luksDump $LOOP_DEV echo "Enter password to unlock encrypted volume \"$ENC_SRC\":" if cryptsetup luksOpen $LOOP_DEV $ENC_DEV_NAME; then #dmsetup table #cryptsetup status $ENC_DEV[_NAME] # Mount the encrypted filesystem device: if mount $ENC_DEV $ENC_DST; then #echo "Mount apparently successful ($ENC_SRC, $LOOP_DEV, $ENC_DEV_NAME, $ENC_DST)." echo "Mount apparently successful." else echo "ERROR: Mount failure: mount $ENC_DEV $ENC_DST" echo "Closing crupto device $ENC_DEV_NAME and removing loop device $LOOP_DEV" cryptsetup luksClose $ENC_DEV_NAME losetup -d $LOOP_DEV exit 7 fi else echo "ERROR: Crypt setup failure: cryptsetup luksOpen $LOOP_DEV $ENC_DEV_NAME" echo "Removing loop device $LOOP_DEV" losetup -d $LOOP_DEV exit 6 fi else echo "ERROR: Loop device setup failure: losetup $LOOP_DEV $ENC_SRC" exit 5 fi # new umount mechanism: echo "LOOP_DEV=\"$LOOP_DEV\"" >> $FSTAB_FILE echo "ENC_DEV_NAME=\"$ENC_DEV_NAME\"" >> $FSTAB_FILE echo "ENC_DST=\"$ENC_DST\"" >> $FSTAB_FILE
# Directory to store fstab/ config file for each dynamic mount: FSTAB_DIR="/etc/zmount/mounts"
--------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
