hjp
/
simba
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Use LUKS encryption if available

This commit is contained in:
hjp 2018-10-01 20:48:07 +00:00
parent 18c9936606
commit 86f05574e5
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/backup
View File

@ -30,6 +30,7 @@ $ca->log_level(9);
# of /backup. Another way might be to check all USB disks. # of /backup. Another way might be to check all USB disks.
my $st = stat("/backup/"); my $st = stat("/backup/");
my $base_device = $st->dev; my $base_device = $st->dev;
my %luks_devices;
for (glob("/backup/*")) { for (glob("/backup/*")) {
my $st = stat($_); my $st = stat($_);
my $dir_device = $st->dev; my $dir_device = $st->dev;
@ -37,7 +38,18 @@ for (glob("/backup/*")) {
if ($base_device == $dir_device) { if ($base_device == $dir_device) {
# not a mount point # not a mount point
(my $basedir = $_) =~ s{^/backup/}{}; (my $basedir = $_) =~ s{^/backup/}{};
if (-e "/dev/disk/by-id/$basedir") { if ($basedir =~ /^luks-(.*)/) {
my $key = $1;
for my $dev (glob("/dev/disk/by-id/*$key*")) {
my ($devbase) = $dev =~ m{([^/]+$)};
if (-e "/backup/keys/$devbase") {
$ca->log(0, "opening /dev/disk/by-id/$devbase on $_");
system("/sbin/cryptsetup", "open", $dev, $basedir, "--key-file", "/backup/keys/$devbase");
$ca->log(0, "mounting /dev/mapper/$basedir on $_");
system("/bin/mount", "-o", "nodev,noexec,nomand,nosuid", "/dev/mapper/$basedir", $_);
}
}
} elsif (-e "/dev/disk/by-id/$basedir") {
# matching device exists # matching device exists
$ca->log(0, "mounting /dev/disk/by-id/$basedir on $_"); $ca->log(0, "mounting /dev/disk/by-id/$basedir on $_");
system("/bin/mount", "-o", "nodev,noexec,nomand,nosuid", "/dev/disk/by-id/$basedir", $_); system("/bin/mount", "-o", "nodev,noexec,nomand,nosuid", "/dev/disk/by-id/$basedir", $_);
@ -87,6 +99,10 @@ for (@backup_dirs) {
next if $_->[0] eq $backup_dir; next if $_->[0] eq $backup_dir;
$ca->log(0, "unmounting $_->[0]"); $ca->log(0, "unmounting $_->[0]");
system("/bin/umount", $_->[0]); system("/bin/umount", $_->[0]);
if ($_->[0] =~ m{(luks-[^/]+)}) {
$ca->log(0, "closing $1");
system("/sbin/cryptsetup", "close", $1)
}
} }
chdir($backup_dir); # prevent accidental umount chdir($backup_dir); # prevent accidental umount
@ -97,3 +113,7 @@ $ca->run();
chdir("/"); chdir("/");
$ca->log(0, "unmounting $backup_dir"); $ca->log(0, "unmounting $backup_dir");
system("/bin/umount", $backup_dir); system("/bin/umount", $backup_dir);
if ($backup_dir =~ m{(luks-[^/]+)}) {
$ca->log(0, "closing $1");
system("/sbin/cryptsetup", "close", $1)
}