Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################ IDENT(1)
- #
- # $Title: Makefile to produce GELI encrypted image for use on USB thumb drive $
- #
- ############################################################ OBJECTS
- # Image file
- IMGFILE= secure_thumb.md
- # Sizes (in MB)
- IMGSIZE= 256
- # Sizes (in KB)
- KEYSIZE= 512
- ############################################################ FUNCTIONS
- EVAL2= exec 3<&1; eval2(){ echo "$$*" >&3;eval "$$*"; }
- DISKPROMPT= \
- diskprompt() \
- { \
- DISK=; \
- local disks ndisks ignored _new d n num; \
- disks=$$( sysctl -n kern.disks ); \
- set -- $$disks; \
- ndisks=$$\#; \
- while :; do \
- printf "< Insert physical media and press ENTER > "; \
- read ignored; \
- set -- $$( sysctl -n kern.disks ); \
- if [ $$\# -lt $$ndisks ]; then \
- disks="$$*"; \
- ndisks=$$\#; \
- continue; \
- elif [ "$$*" = "$$disks" ]; then \
- continue; \
- fi; \
- break; \
- done; \
- _new=; \
- for d in $$*; do \
- case "$$disks" in \
- "$$d"|"$$d "*|*" $$d") continue ;; \
- esac; \
- _new="$$_new $$d"; \
- done; \
- set -- $$_new; \
- if [ $$\# -gt 1 ]; then \
- n=1; \
- while :; do \
- echo "Detected disks:"; \
- for d in $$*; do \
- printf "\t%u) %s\n" $$n $$d; \
- n=$$(( $$n + 1 )); \
- done; \
- printf "Choose disk: "; \
- read num; \
- eval set -- \$$$${num}; \
- [ ! "$$1" ] && break; \
- done; \
- fi; \
- DISK="$$1"; \
- }
- YESNO= \
- yesno() \
- { \
- local OPTIND=1 OPTARG flag; \
- local default_no=; \
- while getopts n flag; do \
- case "$$flag" in \
- n) default_no=1 ;; \
- esac; \
- done; \
- shift $$(( $$OPTIND - 1 )); \
- local yesno= prompt="$$*"; \
- while [ ! "$$yesno" ]; do \
- printf "$$prompt"; \
- read yesno; \
- [ ! "$$yesno" ] && \
- [ "$$default_no" ] && \
- break; \
- done; \
- case "$$yesno" in \
- [Yy]|[Yy][Ee][Ss]) return 0 ;; \
- esac; \
- echo "User cancelled (exiting)" >&2; \
- exit 0; \
- }
- DD_WITH_PROGRESS= \
- dd_with_progress() \
- { \
- local arg infile=; \
- for arg in "$$@"; do \
- case "$$arg" in \
- if=*) infile="$${arg\#if=}"; break ;; \
- esac; \
- done; \
- if [ ! "$$infile" ]; then \
- echo "dd_with_progress: No input file given (exiting)" >&2; \
- exit 1; \
- fi; \
- sudo -v || exit 1; \
- trap exit SIGINT; \
- ( eval "eval2 sudo dd $$* 2>&1 &"; \
- local sudo_pid=$$! dd_pid=; \
- while [ ! "$$dd_pid" ]; do \
- dd_pid=$$( sudo ps axo pid,ppid | \
- awk -v ppid="$$sudo_pid" '$$2==ppid{print $$1}' ); \
- sleep 1; \
- done; \
- while sudo kill -INFO $$dd_pid > /dev/null 2>&1; do \
- sleep 1; \
- done; \
- ) | time awk -v total="$$( stat -f%z "$$infile" )" ' \
- BEGIN { \
- w = 40; \
- bar = sprintf("[%*s] (%3s%%)", w, "", ""); \
- } \
- /bytes transferred/ { \
- pct = $$1 * 100 / total; \
- left = int(w * pct / 100); \
- right = w - left; \
- bar = sprintf("%*s", left, ""); \
- gsub(/ /, "=", bar); \
- sub(/.$$/, ">", bar); \
- rate = $$(NF-1); \
- sub(/^\(/, "", rate); \
- printf "\r%10.1f MB [%s%*s] (%3u%%) %10.1f MB/s", \
- $$1 / 1024 / 1024, bar, right, "", \
- pct, rate / 1024 / 1024; \
- fflush(); \
- } \
- END { print "" } \
- '; \
- }
- ############################################################ TARGETS
- .PHONY: all
- all: $(IMGFILE)
- .PHONY: usage help
- usage:
- @exec >&2; \
- echo "Targets:"; \
- echo " all/default: Create $(IMGFILE)"; \
- echo " open: Attach and mount $(IMGFILE)"; \
- echo " close: Unmount and detach $(IMGFILE)"; \
- echo " attach: Attach an md(4) device to $(IMGFILE)"; \
- echo " detach: Detach md(4) device from $(IMGFILE)"; \
- echo " resize: Resize $(IMGFILE) to IMGSIZE MB"; \
- echo " deployusb: Write $(IMGFILE) to physical media"; \
- echo " resizeusb: Resize physical media to use free space"; \
- echo
- help: usage
- $(IMGFILE):
- dd if=/dev/zero of=$(IMGFILE) bs=1m seek=$(IMGSIZE) count=0
- @$(EVAL2); \
- set -e; \
- trap='eval2 sudo mdconfig -d -u "$${md#md}"'; \
- trap "$$trap" EXIT; \
- md=$$( eval2 sudo mdconfig -f $(IMGFILE) ); \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- eval2 sudo gpart create -s MBR "$$md"; \
- eval2 sudo gpart add -t freebsd -i 1 "$$md"; \
- eval2 sudo gpart create -s BSD "$${md}s1"; \
- eval2 sudo gpart add -t freebsd-ufs -i 1 -s 128m "$${md}s1"; \
- eval2 sudo gpart add -t freebsd-ufs -i 4 -s 16m "$${md}s1"; \
- eval2 sudo gpart add -t freebsd-ufs -i 5 "$${md}s1"; \
- eval2 sudo newfs -U -O 1 -f 512 -b 4096 -i 8192 "$${md}s1a"; \
- eval2 mkdir -p mnt; \
- eval2 sudo mount "/dev/$${md}s1a" mnt; \
- trap="eval2 sudo umount mnt && $$trap"; \
- trap "$$trap" EXIT; \
- eval2 sudo mkdir -p mnt/geli; \
- trap "stty echo || :; $$trap" EXIT; \
- stty -echo; \
- printf "Enter new passphrase: "; \
- read pass1; \
- echo; \
- printf "Reenter new passphrase: "; \
- read pass2; \
- echo; \
- stty echo; \
- trap "$$trap" EXIT; \
- if [ "$$pass1" != "$$pass2" ]; then \
- echo "Password mismatch (exiting)" >&2; \
- trap "$$trap && eval2 rm -f $(IMGFILE)" EXIT; \
- exit 1; \
- fi; \
- geli1=mnt/geli/ffthumb-s1d; \
- geli2=mnt/geli/ffthumb-s1e; \
- eval2 sudo dd if=/dev/random of=$$geli1.key bs=1k count=$(KEYSIZE); \
- eval2 sudo dd if=/dev/random of=$$geli2.key bs=1k count=$(KEYSIZE); \
- echo "$$pass1" | eval2 sudo geli init -J- \
- -B $$geli1.backup -K $$geli1.key "$${md}s1d"; \
- echo "$$pass1" | eval2 sudo geli init -J- \
- -B $$geli2.backup -K $$geli2.key "$${md}s1e"; \
- echo "$$pass1" | eval2 sudo geli attach -j- \
- -k $$geli1.key "$${md}s1d"; \
- trap="eval2 sudo geli detach $${md}s1d && $$trap"; \
- trap "$$trap" EXIT; \
- echo "$$pass2" | eval2 sudo geli attach -j- \
- -k $$geli2.key "$${md}s1e"; \
- trap="eval2 sudo geli detach $${md}s1e && $$trap"; \
- trap "$$trap" EXIT; \
- eval2 sudo newfs -U -O 1 -f 512 -b 4096 -i 8192 "$${md}s1d.eli"; \
- eval2 sudo newfs -U -O 1 -f 512 -b 4096 -i 8192 "$${md}s1e.eli"; \
- eval2 sudo mkdir -p mnt/keys; \
- eval2 sudo mount "/dev/$${md}s1d.eli" mnt/keys; \
- trap="eval2 sudo umount mnt/keys && $$trap"; \
- trap "$$trap" EXIT; \
- eval2 sudo cp Makefile.keys mnt/keys/Makefile; \
- eval2 sudo mkdir -p mnt/encstore; \
- eval2 sudo cp mount.sh umount.sh mnt/
- attach: $(IMGFILE)
- @$(EVAL2); \
- set -e; \
- if md=$$( eval2 sudo mdconfig -lf $(IMGFILE) ); then \
- echo "$$md"; \
- echo "$(IMGFILE) already attached (skipping)" >&2; \
- exit 0; \
- fi; \
- md=$$( eval2 sudo mdconfig -f $(IMGFILE) ); \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- echo "$(IMGFILE) successfully attached to $$md" >&2
- open: attach
- @$(EVAL2); \
- set -e; \
- md=$$( eval2 sudo mdconfig -lf $(IMGFILE) ); \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- eval2 mkdir -p mnt; \
- df=$$( eval2 df -nh mnt ); \
- echo "$$df"; \
- dev="/dev/$${md}s1a"; \
- if echo "$$df" | \
- eval2 awk "'\$$1==\"$$dev\"{exit s=1}END{exit !s}'"; \
- then \
- echo "$(IMGFILE) already mounted on mnt (skipping)" >&2; \
- else \
- eval2 sudo mount "$$dev" mnt; \
- echo "$(IMGFILE) successfully mounted on mnt" >&2; \
- fi; \
- [ ! -x mnt/mount.sh ] || eval2 sudo mnt/mount.sh -d
- detach:
- @$(EVAL2); \
- set -e; \
- [ -e $(IMGFILE) ] || exit 0; \
- if ! md=$$( eval2 sudo mdconfig -lf $(IMGFILE) ); then \
- echo "$(IMGFILE) not attached (skipping)" >&2; \
- exit 0; \
- fi; \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- eval2 sudo mdconfig -d -u "$${md#md}" && \
- echo "$$md successfully detached from $(IMGFILE)" >&2
- close:
- @$(EVAL2); \
- set -e; \
- [ -e $(IMGFILE) ] || exit 0; \
- if ! md=$$( eval2 sudo mdconfig -lf $(IMGFILE) ); then \
- echo "$(IMGFILE) not attached (skipping)" >&2; \
- [ ! -e mnt ] || eval2 rmdir mnt; \
- exit 0; \
- fi; \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- if [ ! -e mnt ]; then \
- eval2 sudo mdconfig -d -u "$${md#md}"; \
- exit 0; \
- fi; \
- df=$$( eval2 df -nh mnt ); \
- echo "$$df"; \
- dev="/dev/$${md}s1a"; \
- if echo "$$df" | \
- eval2 awk "'\$$1==\"$$dev\"{exit s=1}END{exit !s}'"; \
- then \
- [ ! -x mnt/umount.sh ] || sudo mnt/umount.sh; \
- eval2 sudo umount mnt; \
- fi; \
- eval2 rmdir mnt; \
- eval2 sudo mdconfig -d -u "$${md#md}"; \
- echo "$(IMGFILE) successfully unmounted and detached" >&2
- clean: close
- @$(EVAL2); \
- $(YESNO); \
- set -e; \
- [ -e $(IMGFILE) ] || exit 0; \
- yesno -n "Delete $(IMGFILE)? [N]: "; \
- eval2 rm -f $(IMGFILE)
- resize:
- @$(EVAL2); \
- set -e; \
- if [ ! -e $(IMGFILE) ]; then \
- echo "$(IMGFILE) does not exist (skipping)" >&2; \
- exit 0; \
- fi; \
- if eval2 sudo mdconfig -lf $(IMGFILE); then \
- echo "$(IMGFILE) attached (detaching)" >&2; \
- eval2 $(MAKE) IMGFILE=$(IMGFILE) close; \
- fi; \
- size=$$( eval2 stat -f%z $(IMGFILE) ); \
- echo "$$size"; \
- size=$$(( $$size / 1024 / 1024 )); \
- if [ $$size -eq $(IMGSIZE) ]; then \
- echo "$(IMGFILE) is already $$size MB (exiting)" >&2; \
- exit 0; \
- elif [ $$size -gt $(IMGSIZE) ]; then \
- echo "Cannot shrink $(IMGFILE)" \
- "from $$size to $(IMGSIZE) MB (exiting)" >&2; \
- exit 1; \
- fi; \
- eval2 dd if=/dev/zero of=$(IMGFILE) bs=1m seek=$(IMGSIZE) count=0; \
- eval2 $(MAKE) IMGFILE=$(IMGFILE) attach; \
- trap 'eval2 $(MAKE) IMGFILE=$(IMGFILE) detach' EXIT; \
- if ! md=$$( eval2 sudo mdconfig -lf $(IMGFILE) ); then \
- echo "$(IMGFILE) not attached (exiting)" >&2; \
- exit 1; \
- fi; \
- echo "$$md"; \
- md="$${md%%[$$IFS]*}"; \
- eval2 sudo gpart resize -i 1 "$$md"; \
- gpart=$$( eval2 gpart show "$${md}s1" ); \
- echo "$$gpart"; \
- oldsize=$$( echo "$$gpart" | \
- eval2 awk "'\$$3==5{print \$$2*512}'" ); \
- echo "$$oldsize"; \
- eval2 sudo gpart resize -i 5 "$${md}s1"; \
- eval2 sudo geli resize -s $$oldsize "$${md}s1e"; \
- trap 'eval2 $(MAKE) IMGFILE=$(IMGFILE) close' EXIT; \
- eval2 $(MAKE) IMGFILE=$(IMGFILE) open; \
- eval2 sudo growfs -y "$${md}s1e.eli"
- deployusb: $(IMGFILE)
- @$(EVAL2); \
- $(DISKPROMPT); \
- $(YESNO); \
- $(DD_WITH_PROGRESS); \
- set -e; \
- diskprompt; \
- echo "LAST CHANCE!!! Will write $(IMGFILE) to /dev/$$DISK"; \
- yesno "OK to overwrite any/all data on $$DISK? [y/n]: "; \
- dd_with_progress if=$(IMGFILE) of=/dev/$$DISK bs=1m
- resizeusb:
- @$(EVAL2); \
- $(DISKPROMPT); \
- $(YESNO); \
- set -e; \
- diskprompt; \
- echo "LAST CHANCE!!! Will resize /dev/$${DISK}s1e"; \
- yesno "OK to expand partition to use free space? [y/n]: "; \
- eval2 sudo gpart resize -i 1 $$DISK; \
- gpart=$$( eval2 gpart show $${DISK}s1 ); \
- echo "$$gpart"; \
- oldsize=$$( echo "$$gpart" | \
- eval2 awk "'\$$3==5{print \$$2*512}'" ); \
- echo "$$oldsize"; \
- eval2 sudo gpart resize -i 5 $${DISK}s1; \
- eval2 sudo geli resize -s $$oldsize $${DISK}s1e; \
- eval2 mkdir -p mnt.$$$$; \
- trap="eval2 rmdir mnt.$$$$"; \
- trap "$$trap" EXIT; \
- eval2 sudo mount /dev/$${DISK}s1a mnt.$$$$; \
- trap="eval2 sudo umount mnt.$$$$ && $$trap"; \
- trap "$$trap" EXIT; \
- eval2 sudo mnt.$$$$/mount.sh -d; \
- trap "eval2 sudo mnt.$$$$/umount.sh && $$trap" EXIT; \
- eval2 sudo growfs -y $${DISK}s1e.eli
- ################################################################################
- # END
- ################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
