114 lines
3.1 KiB
Bash
114 lines
3.1 KiB
Bash
#!/bin/bash
|
|
# luksit
|
|
#
|
|
# USAGE: luksit <device> <name> [filesystem]
|
|
# EXAMPLE: luksit sdf mydrive ext4
|
|
#
|
|
# Copyright © 2021 Keith Irwin (www.ki9.us)
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
# Check for root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Get args
|
|
if [[ $# -eq 3 ]]; then
|
|
device="$1"
|
|
name="$2"
|
|
fs="$3"
|
|
elif [[ $# -eq 2 ]]; then
|
|
device="$1"
|
|
name="$2"
|
|
fs="ext3"
|
|
else
|
|
echo "USAGE: $0 <device> <name> [filesystem]"
|
|
exit 2
|
|
fi
|
|
|
|
# Quit if given "no" at prompt
|
|
bail(){ [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1; }
|
|
|
|
|
|
## RUNTIME ##
|
|
|
|
# Where keys are stored
|
|
KEYDIR="/root/luks"
|
|
|
|
# Initial output
|
|
echo " luksit Copyright © 2021 Keith Irwin (www.ki9.us)"
|
|
echo " This program comes with ABSOLUTELY NO WARRANTY; for details"
|
|
echo " see the LICENSE.md that came with it"
|
|
echo " This is free software, and you are welcome to redistribute it"
|
|
echo " under certain conditions"
|
|
echo
|
|
|
|
# Check if name is used
|
|
#if [ -h "/dev/mapper/$name" ]; then
|
|
# echo "/dev/mapper/$name already exists."
|
|
# exit 420
|
|
#fi
|
|
|
|
# Wipe disk
|
|
read -p "Wipe /dev/$device with zeroes first? [y/n]" -n 1 -r
|
|
echo; [[ $REPLY =~ ^[Yy]$ ]] && \
|
|
( echo "Wiping disk with zeros..." ; \
|
|
dd if=/dev/zero bs=1M | pv | dd of="/dev/$device" bs=1M )
|
|
|
|
# Set up partition
|
|
echo "Setting up partition..."
|
|
umount "/dev/$device" >/dev/null
|
|
parted "/dev/$device" mklabel gpt && \
|
|
parted --script -- "/dev/$device" mkpart primary 1 -1 && \
|
|
# Get first partition name
|
|
part="$(lsblk --list --noheadings --output name "/dev/$device" | sed -n '2 p')"
|
|
|
|
# Generate key file
|
|
mkdir "$KEYDIR/" >/dev/null
|
|
if [ -f "$KEYDIR/$name.key" ]; then
|
|
echo ""
|
|
else
|
|
echo -n "Generating key file... "
|
|
dd if=/dev/urandom of="$KEYDIR/$name.key" bs=1024 count=4 && \
|
|
chmod 0400 "$KEYDIR/$name.key" && echo "Done."
|
|
fi
|
|
|
|
# Encrypt
|
|
echo "Creating luks encrypted partition..."
|
|
cryptsetup luksFormat "/dev/$part" "$KEYDIR/$name.key" && \
|
|
cryptsetup luksAddKey "/dev/$part" "$KEYDIR/$name.key" --key-file="$KEYDIR/$name.key" && \
|
|
|
|
# Mount new luks partition
|
|
echo "Mounting luks partition..."
|
|
cryptsetup luksOpen "/dev/$part" "$name" --key-file="$KEYDIR/$name.key" && \
|
|
|
|
# Write filesystem on new luks partition
|
|
echo "Creating $fs filesystem in luks partition..."
|
|
cryptsetup resize "$name" --key-file="$KEYDIR/$name.key"&& \
|
|
"mkfs.$fs" "/dev/mapper/$name" -L "$name" && \
|
|
|
|
#
|
|
echo "Mounting $fs filesystem to /mnt/$name..."
|
|
mkdir "/mnt/$name" >/dev/null
|
|
chmod 755 "/mnt/$name"
|
|
mount "/dev/mapper/$name" "/mnt/$name" && \
|
|
df -h "/mnt/$name" && \
|
|
|
|
echo "DONE!"
|
|
|
|
# TODO: Show lines for fstab and crypttab
|