# Physical block devices (devArray), virtual block devices (mapArray) # and Mount points (mntArray) to be used devArray=(/dev/hda1 /dev/hda2) mapArray=(swap tmp) mntArray=(swap /tmp) # cryptsetup-luks binary LUKS_BIN=/sbin/cryptsetup-luks # Functions to mount and umount devices function do_mount(){ for (( i=0 ; i < ${#devArray[@]} ; ++i )) ; do dev=${devArray[$i]} map=${mapArray[$i]} mnt=${mntArray[$i]} if [ -z "$dev" ] || [ ! -e "$dev" ] ; then echo "Unable to find \"$dev\"" >&2 continue fi # swap and /tmp are re-created on each reboot # there is no need to check the whether it is a LUKS volume if [ $map != "swap" ] && [ $map != "tmp" ] ; then if ! $LUKS_BIN isLuks "$dev" ; then echo "\"$dev\" doesn't seem to be a Luks encrypted volume" >&2 continue fi fi # now check whether device is already opened if [ -z "$map" ] ; then echo "Map name unspecified for \"$dev\"" >&2 continue elif [ -e "/dev/mapper/$map" ]; then echo "\"/dev/mapper/$map\" already exists" >&2 continue fi # there is no mount point for swap, so skip the check for swap if [ $map != "swap" ] ; then if [ -z "$mnt" ] || [ ! -d "$mnt" ] ; then echo "Unable to find mount point for \"$dev\"" >&2 continue fi fi echo "Next device in list is \"$dev\" to be used as \"$map\"." # swap has to be treated separately if [ $map = "swap" ] ; then do_mount_swap; continue fi # /tmp has to be treated separately if [ $map = "tmp" ] ; then do_mount_tmp; continue fi # open and mount device $LUKS_BIN luksOpen "$dev" "$map" /bin/mount "/dev/mapper/$map" "$mnt" done } function do_umount(){ for (( i=0 ; i < ${#devArray[@]} ; ++i )) ; do mnt=${mntArray[$i]} map=${mapArray[$i]} # swap has to be treated separately if [ $map = "swap" ] ; then do_umount_swap; continue fi # during umount /tmp is just an ordinary mount which can be handled # just like any other LUKS file system if grep $mnt /etc/mtab > /dev/null; then fuser -m $mnt > /dev/null || (/bin/umount $mnt; $LUKS_BIN luksClose $map) else echo $mnt is not mounted! if [ -e /dev/mapper/$map ]; then echo "Removing the mapper " $map $LUKS_BIN luksClose $map fi fi done } function do_check_cryptsetup(){ if ! $LUKS_BIN --help | grep -q luksFormat ; then echo "This script requires cryptsetup with LUKS support" >&2 exit 1 fi } function do_mount_swap(){ $LUKS_BIN -s 256 -d /dev/urandom create $map $dev /sbin/mkswap /dev/mapper/$map /sbin/swapon /dev/mapper/$map } function do_umount_swap(){ /sbin/swapoff /dev/mapper/$map $LUKS_BIN remove $map } function do_mount_tmp(){ $LUKS_BIN -s 256 -d /dev/urandom create $map $dev /sbin/mkfs.ext2 > /dev/null /dev/mapper/$map /bin/mount /dev/mapper/$map $mnt } case "$1" in start) echo "Mounting crypto file systems" do_check_cryptsetup do_mount ;; stop) echo "Unmounting crypto file systems" do_check_cryptsetup do_umount ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac