#!/bin/bash # uDS - micro Data Security v0.9, 2008-2011 # Author: Peter MATO # Web: http://www.fixme.hu/uds # # Licence: GPLv2 # Please send fixes and improvements. -> # # WARNING: # This is a proof of concept tool. Use it carefully! I have been using # it without problem for half year, but I think further testing reqiured. # # Other comments: # Ideas: # Marcell ZAMBO, Adam MAULIS, Zoltan BORBELY, Janos FARAGO # # History: # v0.5 first usable version # v0.7 RAID: re-add, mostly-write, write-behind # mount: noatime -> relatime # v0.8 explicit cypher, keysize and hashtype to create # v0.9 autostop autostarted RAID arrays, more AI # # needed Debian/Ubuntu packages: mdadm cryptsetup # needed kernel modules: loop dm_crypt # todo: # better (haha) sync detect # store state # auto functions (autocreate, autosync, auto create loop) # zenity, kdialog, whiptail and text output for noobs # auto umount, crypt remove # ext2 -> ext4 nojournal CFS_NAME=cfs2 # FIXME find a better way RAID_SD_PART_SIZE=7718490 RAID_SD_PART=`awk "/ $RAID_SD_PART_SIZE sd/ "'{ print $4 }' /proc/partitions` RAID_SD_PART=/dev/$RAID_SD_PART CFS_FILE=$HOME/$CFS_NAME.dat # CFS_MOUNTPOINT=$HOME/$CFS_NAME CFS_MOUNTPOINT=$HOME/$CFS_NAME MD_DEVICE=/dev/md11 STAMP_EXTENSION='.stamp' DEBUG='yes' DATE=`date +%F` if [ ! -x /sbin/mdadm ]; then echo "mdadm not found." exit 1 fi if [ ! -x /sbin/cryptsetup ]; then echo "cryptsetup not found." exit 1 fi if [ "$DEBUG" == "yes" ]; then echo "RAID SD device: $RAID_SD_PART" echo "RAID file: $CFS_FILE" fi if [ ! -d $CFS_MOUNTPOINT ]; then echo "ERROR[2]: Cfs mountpoint does not exist ($CFS_MOUNTPOINT)" exit 2 fi check_for_sd_dev() { if [ ! -b $RAID_SD_PART ]; then echo "RAID SD's block device file not found." exit 1 fi } check_for_loopfile() { if [ ! -e $CFS_FILE ]; then echo "ERROR[3]: RAID data file does not exist ($CFS_FILE)" exit 3 fi } start_loop_device() { if ! losetup -j $CFS_FILE | grep -q '.'; then losetup -f $CFS_FILE fi if ! losetup -j $CFS_FILE | grep -q '.'; then echo "ERROR[4]: Can't associate data file to a loop device ($CFS_FILE)" exit 4 fi CFS_LOOP_DEV=`losetup -j $CFS_FILE | sed 's/:.*//'` echo "lodev: $CFS_LOOP_DEV" sleep 1 } sudo echo -n "" case $1 in status) echo "Not yet ready for use" echo "All device status:" echo "mdadm --detail /dev/md127" mdadm --detail /dev/md127 echo "Only $RAID_SD_PART:" echo "mdadm --examine $RAID_SD_PART" mdadm --examine $RAID_SD_PART ;; create) check_for_loopfile check_for_sd_dev start_loop_device echo "homehost option must be checked" sudo mdadm --create --verbose \ --homehost=nowhere \ --bitmap=internal --name=$CFS_NAME $MD_DEVICE --level=mirror \ --raid-devices=2 --write-mostly --write-behind $RAID_SD_PART $CFS_LOOP_DEV sudo cryptsetup --verify-passphrase create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE sudo mkfs.ext2 -L $CFS_NAME -m 0 /dev/mapper/$CFS_NAME ;; start) check_for_loopfile check_for_sd_dev start_loop_device echo "Starting up $CFS_NAME ..." # if there is an md, what is involved, we have to stop it for DEV in $CFS_LOOP_DEV $RAID_SD_PART; do DEV_NAME=`basename $DEV` MDI=`grep $DEV_NAME /proc/mdstat | sed 's/ :.*//'` if [ ! -z "$MDI" ]; then sudo mdadm --stop /dev/$MDI fi done # sudo mdadm --readwrite $MD_DEVICE sudo mdadm --assemble $MD_DEVICE $RAID_SD_PART $CFS_LOOP_DEV sleep 2 sudo cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE sudo mount -t ext2 -o relatime /dev/mapper/$CFS_NAME $CFS_MOUNTPOINT echo "## Started $CFS_NAME successfully." ;; start_nomount) check_for_loopfile check_for_sd_dev start_loop_device echo "Starting up $CFS_NAME (nomount) ..." sudo mdadm --assemble $MD_DEVICE $RAID_SD_PART $CFS_LOOP_DEV sleep 2 sudo cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE echo "Started $CFS_NAME successfully. Not mounted." echo "ext2 device is: /dev/mapper/$CFS_NAME" ;; partstart_loop) check_for_loopfile start_loop_device start_loop_device echo "Starting up $CFS_NAME without SD ..." sudo mdadm --assemble --run $MD_DEVICE $CFS_LOOP_DEV # sudo mdadm --run $MD_DEVICE sleep 2 sudo cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE sudo mount -t ext2 -o relatime /dev/mapper/$CFS_NAME $CFS_MOUNTPOINT echo "Started $CFS_NAME successfully." ;; partstart_sd) check_for_sd_dev echo "Starting up $CFS_NAME without loop ..." sudo mdadm --assemble --run $MD_DEVICE $RAID_SD_PART # sudo mdadm --run $MD_DEVICE sleep 2 sudo cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE sudo mount -t ext2 -o relatime /dev/mapper/$CFS_NAME $CFS_MOUNTPOINT echo "Started $CFS_NAME successfully." ;; partstart_sd_nomount) check_for_sd_dev echo "Starting up $CFS_NAME without loop ..." sudo mdadm --assemble --run $MD_DEVICE $RAID_SD_PART # sudo mdadm --run $MD_DEVICE sleep 2 sudo cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 $CFS_NAME $MD_DEVICE echo "Started $CFS_NAME successfully. Not mounted." echo "ext2 device is: /dev/mapper/$CFS_NAME" ;; adddev_sd) check_for_sd_dev echo "Adding SD device to $CFS_NAME ..." echo "mdadm --manage /dev/md_d11 -S" sudo mdadm --re-add $MD_DEVICE --write-mostly $RAID_SD_PART echo "SD device successfully added." ;; adddev_loop) check_for_loopfile start_loop_device echo "Adding loop device to $CFS_NAME ..." sudo mdadm --re-add $MD_DEVICE $CFS_LOOP_DEV echo "loop device successfully added." ;; stop) echo "Shutting down $CFS_NAME ..." sudo umount /dev/mapper/$CFS_NAME sudo cryptsetup remove $CFS_NAME sleep 1 sudo mdadm --stop $MD_DEVICE # losetup -a | /dev/loop0: [0803]:560004 (./entropy.dat) LOOPDEV=`losetup -j $CFS_FILE | sed 's/:.*//'` if [ -z "$LOOPDEV" ]; then echo "No loopdevice detected" else # echo "Loopdev: $LOOPDEV" sleep 1 # FIXME sometimes this is not necessary losetup -d $LOOPDEV fi echo "Shut down $CFS_NAME successfully." ;; destroy) check_for_loopfile check_for_sd_dev start_loop_device # FIXME better destroy utility (from Darik's CD - DBAN) sudo dd if=/dev/zero of=$CFS_LOOP_DEV bs=64M sudo dd if=/dev/zero of=$RAID_SD_PART bs=64M ;; *) echo "Usage: start_sd_raid " echo " " echo " " exit 100 ;; esac exit 0