122 lines
3.2 KiB
Bash
122 lines
3.2 KiB
Bash
_rwx_cmd_cs() { rwx_crypt "${@}"; }
|
|
|
|
RWX_CRYPT_ROOT="/data/home/user/crypt"
|
|
RWX_CRYPT_VAR="/var/lib/crypt"
|
|
|
|
rwx_crypt_device() {
|
|
local device size
|
|
local index=0
|
|
while [ -z "${device}" ]; do
|
|
device="/dev/nbd${index}"
|
|
if [ -b "${device}" ]; then
|
|
size="$(cat /sys/block/nbd"${index}/size")"
|
|
[ "${size}" -eq 0 ] ||
|
|
device=""
|
|
else
|
|
device=""
|
|
break
|
|
fi
|
|
index=$((index + 1))
|
|
done
|
|
if [ -n "${device}" ]; then
|
|
echo "${device}"
|
|
else
|
|
rwx_log_error 1 "No device available"
|
|
fi
|
|
}
|
|
|
|
rwx_crypt() {
|
|
local action="${1}"
|
|
local action_close="close"
|
|
local action_open="open"
|
|
local mapper="/dev/mapper"
|
|
local mount_root="/media"
|
|
local crypt_arg crypt_file crypt_map crypt_mount pass_phrase
|
|
case "${action}" in
|
|
"${action_close}" | "${action_open}")
|
|
shift
|
|
local user_id
|
|
user_id="$(id --user)"
|
|
[ "${user_id}" -eq 0 ] ||
|
|
rwx_log_error 1 "Not root"
|
|
[ -n "${1}" ] ||
|
|
rwx_log_error 2 "No files"
|
|
[ "${action}" = "${action_open}" ] &&
|
|
pass_phrase="$(rwx_read_passphrase)"
|
|
for crypt_arg in "${@}"; do
|
|
rwx_log_info
|
|
crypt_file="${RWX_CRYPT_ROOT}/${crypt_arg}.qcow2"
|
|
if [ -f "${crypt_file}" ]; then
|
|
crypt_map="${mapper}/${crypt_arg}"
|
|
crypt_mount="${mount_root}/${crypt_arg}"
|
|
local device
|
|
case "${action}" in
|
|
"${action_open}")
|
|
if ! device="$(rwx_crypt_device)"; then
|
|
rwx_log_error 4 "No device available"
|
|
fi
|
|
# record device
|
|
if ! rwx_file_write \
|
|
"${RWX_CRYPT_VAR}/${crypt_arg}" "${device}"; then
|
|
rwx_log_error 5 "Writing failure: ${device}"
|
|
fi
|
|
# connect device
|
|
if ! qemu-nbd --connect "${device}" "${crypt_file}"; then
|
|
rwx_log_error 6 "Connection failure: ${device}"
|
|
fi
|
|
# open device
|
|
if ! echo "${pass_phrase}" |
|
|
cryptsetup luksOpen "${device}" "${crypt_arg}"; then
|
|
rwx_log_error 7 "Opening failure: ${device}"
|
|
fi
|
|
# make mount directory
|
|
if ! mkdir --parents "${crypt_mount}"; then
|
|
rwx_log_error 8 "Making failure: ${crypt_mount}"
|
|
fi
|
|
# mount file system
|
|
if ! mount \
|
|
--options "autodefrag,compress-force=zstd" \
|
|
"${crypt_map}" "${crypt_mount}"; then
|
|
rwx_log_error 9 "Mounting failure: ${crypt_map}"
|
|
fi
|
|
;;
|
|
"${action_close}")
|
|
# unmount file system
|
|
if ! umount "${crypt_mount}"; then
|
|
rwx_log_error 4 "Unmounting failure: ${crypt_mount}"
|
|
fi
|
|
# remove mount directory
|
|
if ! rmdir "${crypt_mount}"; then
|
|
rwx_log_error 5 "Removal failure: ${crypt_mount}"
|
|
fi
|
|
# close device
|
|
if ! cryptsetup luksClose "${crypt_arg}"; then
|
|
rwx_log_error 6 "Closing failure: ${crypt_arg}"
|
|
fi
|
|
# load device
|
|
if ! device="$(cat "${RWX_CRYPT_ROOT}/${crypt_arg}")"; then
|
|
rwx_log_error 7 "Loading failure: ${crypt_arg}"
|
|
fi
|
|
# disconnect device
|
|
if ! qemu-nbd --disconnect "${device}"; then
|
|
rwx_log_error 8 "Disconnection failure: ${device}"
|
|
fi
|
|
# remove record
|
|
if ! rm "${RWX_CRYPT_ROOT}/${crypt_arg}"; then
|
|
rwx_log_error 9 "Removal failure: ${crypt_arg}"
|
|
fi
|
|
;;
|
|
*) ;;
|
|
esac
|
|
else
|
|
rwx_log_error 3 "Not a file: ${crypt_file}"
|
|
fi
|
|
done
|
|
;;
|
|
*)
|
|
rwx_log_info "Usage:"
|
|
rwx_log_info "${action_close}|${action_open}"
|
|
# TODO list
|
|
;;
|
|
esac
|
|
}
|