#!/bin/sh ########################################################################### # # Copyright (c) 2022-2023 Diality Inc. - All Rights Reserved. # # THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN # WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. # # @file crypt_setup.sh # # @author (last) Behrouz NematiPour # @date (last) 15-May-2023 # @author (original) Behrouz NematiPour # @date (original) 15-May-2023 # ############################################################################ IS_MOUNTED=0 ERR_CRYPTSETUP_UNKNOWN=100 ERR_CRYPTSETUP_USAGE=101 ERR_CRYPTSETUP_PASSWORD=102 ERR_CRYPTSETUP_UMOUNT=111 ERR_CRYPTSETUP_CLOSE=112 ERR_CRYPTSETUP_CREATE_MKDIR=121 ERR_CRYPTSETUP_CREATE_FORMAT=122 ERR_CRYPTSETUP_CREATE_OPEN=123 ERR_CRYPTSETUP_CREATE_MKFS=124 ERR_CRYPTSETUP_CREATE_MOUNT=125 ERR_CRYPTSETUP_MOUNT_TYPE=131 ERR_CRYPTSETUP_MOUNT_OPEN=132 ERR_CRYPTSETUP_MOUNT_MOUNT=133 ERR_CRYPTSETUP_MOUNT_ISMOUNT=134 # is used in Application do not modify [DeviceController] ERR_CRYPTSETUP_MOUNT_CRC=135 LOC_DEV="/dev/mmcblk0p7" LOC_DIR="configurations" LOC_MAP="/dev/mapper/"$LOC_DIR LOC_VAR="/var/"$LOC_DIR LOC_CRC="settings.crc" LOC_CFG="/home/root/.config" DEV_TYP="crypto_LUKS" DEV_MNT="/dev/mapper/configurations on /var/configurations type ext4 (rw,relatime)" function isEncrypted () { if [ "$( blkid | grep "$LOC_DEV" | grep "TYPE=$DEV_TYP" )" != "" ]; then echo "not an encrypted partition" exit $ERR_CRYPTSETUP_MOUNT_TYPE fi } function isMounted() { if [ "$( sudo mount | grep "$DEV_MNT" )" != "" ]; then echo "partition already mounted" return $IS_MOUNTED fi return 1 } function checkPassword() { if [ "$PASSWORD" == "" ]; then echo "setup command missing password argument" exit $ERR_CRYPTSETUP_PASSWORD fi } function checkShaSum() { if [ "$(whoami)" == "root" ]; then cd "$LOC_CFG" else cd "$LOC_VAR" fi if [ ! -f "$LOC_CRC" ]; then echo "Settings CRC failed [crc file does not exists]" exit $ERR_CRYPTSETUP_MOUNT_CRC fi out=$( sha256sum -c "$LOC_CRC" | grep "FAILED" ) echo "$(pwd)" > /tmp/checksum.log echo "$out" >> /tmp/checksum.log cd - if [ ! "$out" == "" ]; then echo "Settings CRC FAILED" exit $ERR_CRYPTSETUP_MOUNT_CRC fi } function checkOutput() { if [ "$3" == "" ]; then out=` eval "$1" 2>&1` else out=`echo $3 | eval "$1" 2>&1` fi if [ "$?" -ne 0 ]; then echo $out exit $2 fi } function unmount_luks_partition() { checkOutput "sudo umount $LOC_VAR " $ERR_CRYPTSETUP_UMOUNT checkOutput "sudo cryptsetup luksClose $LOC_DIR " $ERR_CRYPTSETUP_CLOSE } function create_luks_partition() { isMounted && unmount_luks_partition checkOutput "sudo mkdir -p $LOC_VAR " $ERR_CRYPTSETUP_CREATE_MKDIR checkOutput "sudo cryptsetup luksFormat $LOC_DEV " $ERR_CRYPTSETUP_CREATE_FORMAT $PASSWORD checkOutput "sudo cryptsetup luksOpen $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_CREATE_OPEN $PASSWORD checkOutput "sudo mkfs.ext4 $LOC_MAP " $ERR_CRYPTSETUP_CREATE_MKFS checkOutput "sudo mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_CREATE_MOUNT } function mount_luks_partition() { isEncrypted # if encrypted will continue else will exit with error isMounted # if mounted will echo and return 0=IS_MOUNTED if [ ! $? -eq $IS_MOUNTED ]; then # if not mounted, mount it checkOutput "sudo cryptsetup luksOpen $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_MOUNT_OPEN $PASSWORD checkOutput "sudo mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_MOUNT_MOUNT fi checkShaSum # if checksum fails echos and exits } function handleCommand() { # Handle the first argument to script, one of start, stop, erase, restart, force-reload or status case $1 in setup) checkPassword create_luks_partition ;; mount) checkPassword mount_luks_partition ;; umount) unmount_luks_partition ;; *) echo "unknown command" exit $ERR_CRYPTSETUP_UNKNOWN ;; esac } handleCommand $1 $2 exit 0