3 ### Mount an ephemeral filesystem
5 ### (c) 2012 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This file is part of the distorted.org.uk key management suite.
12 ### distorted-keys is free software; you can redistribute it and/or modify
13 ### it under the terms of the GNU General Public License as published by
14 ### the Free Software Foundation; either version 2 of the License, or
15 ### (at your option) any later version.
17 ### distorted-keys is distributed in the hope that it will be useful,
18 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ### GNU General Public License for more details.
22 ### You should have received a copy of the GNU General Public License
23 ### along with distorted-keys; if not, write to the Free Software Foundation,
24 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
30 USAGE
="usage: $QUIS [-u] [-R RANDOM] [-n BYTES] [-C CIPHER] [-H HASH]
31 [-l LABEL] [-t FSTYPE] [-b BACKING-FILE] MOUNTPOINT [SIZE]"
33 ###--------------------------------------------------------------------------
34 ### Parse the command line.
36 ## Set initial defaults.
46 ## Report version number.
47 version
() { echo "$QUIS, version $VERSION"; }
56 -h Show this help text.
57 -v Show the program's version number.
58 -C CIPHER Cipher to use to encrypt the filesystem [$cipher].
59 -H HASH Hash function for hashing the random data [$hash].
60 -R RANDOM Source of random bytes for key material [$random].
61 -b BACKING Where to store the ciphertext [$backing].
62 -l LABEL Device mapper label [basename of MOUNTPOINT].
63 -n RANDBYTES Number of random bytes to read for the key [$randbytes].
64 -u Unmount the filesystem, destroying all data in it.
68 ## Loop over the options.
69 while getopts "C:H:R:b:hl:n:t:uv" opt
; do
72 v
) echo "$VERSION"; exit 0 ;;
76 n
) randbytes
=$OPTARG ;;
83 shift $
(( $OPTIND - 1 ))
84 case $fail,$mode,$# in
85 nil
,mount
,2) mntpt
=$1 size
=$2 ;;
86 nil
,umount
,1) mntpt
=$1 ;;
87 *) echo >&2 "$USAGE"; exit 1 ;;
90 ## Default omitted arguments.
91 case "${label+t}" in t
) ;; *) label
=${mntpt##*/} ;; esac
93 ###--------------------------------------------------------------------------
99 ## Mount the filesystem.
101 ## Determine a name for the backing file. If BACKING is a directory then
102 ## we should make a file there and delete it once we've created a
103 ## mapping. The directory may be a shared bit of filesystem, so we must
106 if [ -d
"$backing" ]; then
109 gorp
=$
(openssl rand
-base64
6)
110 bkdir
=$backing/mnteph.$$.
$gorp
111 if mkdir
>/dev
/null
2>&1 -m700
"$bkdir"; then break; fi
113 if [ $i -ge
100 ]; then
114 echo >&2 "$QUIS: failed to create backing directory"
119 trap 'rc=$?; rm "$backing"; rmdir "$bkdir"; exit $rc' EXIT
120 trap 'exit 127' INT TERM
124 ## Create the backing file.
125 truncate
-s
"$size" "$backing"
126 loop
=$
(losetup
-f
--show
"$backing")
128 ## Attach a device-mapper entry to the file.
129 dd 2>/dev
/null
if="$random" bs
=1 count
="$randbytes" |
131 --cipher
="$cipher" --hash="$hash" \
133 create
"$label" "$loop"
135 ## Create the filesystem.
136 if spew
=$
(mkfs
2>&1 "/dev/mapper/$label"); then
140 echo >&2 "$QUIS: mkfs failed (rc = $rc)"
141 echo "$spew" |
sed >&2 's/^/| /'
146 mount
"/dev/mapper/$label" "$mntpt"
150 ## Unmount a filesystem.
152 ## Find the numbers of the loopback device.
153 deps
=$
(dmsetup deps
"/dev/mapper/$label")
154 set -- $
(echo "$deps" |
155 sed 's!^.*:.*(\([0-9]\+\),[[:space:]]*\([0-9]\+\)).*$!\1 \2!')
159 echo >&2 "$QUIS: unexpected answer from \`dmsetup deps'"
160 echo "$deps" |
sed >&2 's/^/| /'
166 ## Convert that into a name.
167 dev
=$
(readlink
/sys
/dev
/block
/$maj:$min)
172 echo >&2 "$QUIS: expected a loopback device; found \`$dev'"
177 ## Unmount the filesystem.
180 ## Remove the cryptoloop mapping.
181 if spew
=$
(cryptsetup
2>&1 remove
"$label"); then
185 echo >&2 "$QUIS: cryptsetup failed (rc = $rc)"
186 echo "$spew" |
sed >&2 's/^/| /'
190 ## Disconnect the loopback device.
191 losetup
-d
"/dev/$dev"
196 ###----- That's all, folks --------------------------------------------------