Add encryption support to CreatePersistentImg.sh (#1130)

Added option to create persistent fs inside LUKS container.
Had to change to #!/bin/bash to parse interactive user input for the encryption passphrase.
The _freeloop=$freeloop part is kind of bad style, but I kept it for now to keep changes minimal.
This commit is contained in:
salevdns 2021-11-25 04:44:31 +01:00 committed by GitHub
parent f4987fd7f4
commit 9eeb94e8b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 2 deletions

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
size=1024 size=1024
fstype=ext4 fstype=ext4
@ -7,13 +7,14 @@ config=''
outputfile=persistence.dat outputfile=persistence.dat
print_usage() { print_usage() {
echo 'Usage: CreatePersistentImg.sh [ -s size ] [ -t fstype ] [ -l LABEL ] [ -c CFG ]' echo 'Usage: sudo ./CreatePersistentImg.sh [ -s size ] [ -t fstype ] [ -l LABEL ] [ -c CFG ] [ -e ]'
echo ' OPTION: (optional)' echo ' OPTION: (optional)'
echo ' -s size in MB, default is 1024' echo ' -s size in MB, default is 1024'
echo ' -t filesystem type, default is ext4 ext2/ext3/ext4/xfs are supported now' echo ' -t filesystem type, default is ext4 ext2/ext3/ext4/xfs are supported now'
echo ' -l label, default is casper-rw' echo ' -l label, default is casper-rw'
echo ' -c configfile name inside the persistence file. File content is "/ union"' echo ' -c configfile name inside the persistence file. File content is "/ union"'
echo ' -o outputfile name, default is persistence.dat' echo ' -o outputfile name, default is persistence.dat'
echo ' -e enable encryption, disabled by default (only few distros support this)'
echo '' echo ''
} }
@ -33,6 +34,9 @@ while [ -n "$1" ]; do
elif [ "$1" = "-o" ]; then elif [ "$1" = "-o" ]; then
shift shift
outputfile=$1 outputfile=$1
elif [ "$1" = "-e" ]; then
read -s -p "Encryption passphrase: " passphrase
echo
elif [ "$1" = "-h" ] || [ "$1" = "--help" ]; then elif [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
print_usage print_usage
exit 0 exit 0
@ -86,6 +90,13 @@ freeloop=$(losetup -f)
losetup $freeloop "$outputfile" losetup $freeloop "$outputfile"
if [ ! -z "$passphrase" ]; then
printf "$passphrase" | cryptsetup -q --verbose luksFormat $freeloop -
printf "$passphrase" | cryptsetup -q --verbose luksOpen $freeloop persist_decrypted -
_freeloop=$freeloop
freeloop="/dev/mapper/persist_decrypted"
fi
mkfs -t $fstype $fsopt -L $label $freeloop mkfs -t $fstype $fsopt -L $label $freeloop
sync sync
@ -104,4 +115,9 @@ if [ -n "$config" ]; then
rm -rf ./persist_tmp_mnt rm -rf ./persist_tmp_mnt
fi fi
if [ ! -z "$passphrase" ]; then
cryptsetup luksClose $freeloop
freeloop=$_freeloop
fi
losetup -d $freeloop losetup -d $freeloop