Last active
January 3, 2022 15:57
-
-
Save isaaclw/2502e318b7661b0e93bfad447883abd3 to your computer and use it in GitHub Desktop.
Smartly mount the encrypted disk after unlocking the device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
DEMOUNT=0 | |
SETUP=0 | |
NEW=0 | |
while getopts "dsnh" flag; do | |
case $flag in | |
d|demount) DEMOUNT=1;; | |
s|setup) SETUP=1;; | |
n|new) NEW=1;; | |
h|help) echo "usage: $(basename $0) | |
-d (demount) DEMOUNT (switch to unmount instead of mount) | |
-s (setup) do guided setup of luks mount | |
-n (new) wipe and create crypt; implies 'setup' | |
-h (help)"; | |
exit 0;; | |
:) error "option -$lastflag requires an argument";; | |
esac | |
lastflag="$flag" | |
shift $((OPTIND - 1)); OPTIND=1 | |
done | |
sudo -v | |
write_and_output() { | |
line="$1" | |
file="$2" | |
if grep -q "$line" "$file" 2>/dev/null; then | |
echo " >> Already written" | |
return | |
fi | |
echo -n ' >> ' | |
echo -e "# Generated via crypt_mount" | sudo tee -a "$file" > /dev/null | |
echo "$line" | sudo tee -a "$file" | |
} | |
mount="$1" | |
if [ $SETUP -eq 1 ] || [ $NEW -eq 1 ]; then | |
read -p "Tag: " mapper_name | |
read -p "Device: " disk | |
read -p "Mount [/media/$mapper_name] :" mount | |
sudo -v | |
echo | |
[ -z "$mount" ] && mount="/media/$mapper_name" | |
echo "Creating fstab entry:" | |
write_and_output "/dev/mapper/$mapper_name $mount ext4 defaults,noauto 0 2" /etc/fstab | |
[ ! -d "$mount" ] && { echo "Creating mountpoint"; sudo mkdir -p "$mount"; } | |
echo "Creating crypttab entry:" | |
write_and_output "$mapper_name $disk none default,luks,noauto" /etc/crypttab | |
if [ $NEW -eq 1 ]; then | |
sudo cryptsetup -y -v luksFormat "$disk" | |
sudo cryptsetup luksOpen "$disk" "$mapper_name" | |
sudo mkfs.ext4 /dev/mapper/$mapper_name | |
fi | |
fi | |
mount="${mount%/}" | |
echo "mount: $mount" | |
if [[ "$mount" =~ ^/* ]] && grep -q "$mount" /etc/fstab; then | |
mapper_name="$(cat /etc/fstab | grep "$mount" | cut -d '/' -f 4 | | |
while read foo; do | |
if grep -q "$foo" /etc/crypttab; then echo $foo | |
else echo "Warning: skipping $foo" >&2 | |
fi; done | xargs)" | |
echo mapper_name: $mapper_name | |
if [ -z "$mapper_name" ]; then | |
echo "Nothing to do" | |
exit 0; | |
fi | |
# Check if it's luks, or "regular" | |
if cat /etc/crypttab | grep "$mapper_name" | grep -vP "^#" | grep -q "luks"; then | |
disk=$(grep "$mapper_name" /etc/crypttab | grep -vP "^#" | head -1 | awk '{print $2}') | |
decrypt_command="sudo cryptsetup luksOpen $disk $mapper_name" | |
encrypt_command="sudo cryptsetup luksClose $mapper_name" | |
else | |
decrypt_command="sudo cryptdisks_start $mapper_name" | |
encrypt_command="sudo cryptdisks_stop $mapper_name" | |
fi | |
echo "$encrypt_command" | |
echo "$decrypt_command" | |
if [ $DEMOUNT -eq 1 ]; then | |
# just close | |
sudo umount /dev/mapper/$mapper_name; sync; sleep 1 | |
sudo fsck -fy /dev/mapper/$mapper_name; sync; sleep 1 | |
$encrypt_command | |
else | |
# try to decrypt and then mount, If it fails, close the device | |
$decrypt_command && ( sudo mount $mount || $encrypt_command ) | |
fi | |
else | |
echo "invalid path" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment