35 lines
1.5 KiB
Bash
35 lines
1.5 KiB
Bash
|
#!/bin/sh
|
||
|
set -eu
|
||
|
|
||
|
CIPHER="${ECRYPTFS_CIPHER:-aes}"
|
||
|
KEY_BYTES="${ECRYPTFS_KEY_BYTES:-32}"
|
||
|
LOWER_DIR="${ECRYPTFS_LOWER_DIR:-/home}"
|
||
|
UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
|
||
|
ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
|
||
|
PASSPHRASE="${ECRYPTFS_PASSPHRASE:-$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)}"
|
||
|
KEY="${ECRYPTFS_KEY:-passphrase:passphrase_passwd=${PASSPHRASE}}"
|
||
|
SIG="${ECRYPTFS_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase - |/usr/bin/awk '$5 == "sig" {print substr($6,2,16); exit;}')}"
|
||
|
FNEK_SIG="${ECRYPTFS_FNEK_SIG:-$(printf "%s" "${PASSPHRASE}" |/usr/bin/ecryptfs-add-passphrase --fnek - |/usr/bin/awk '$5 == "sig" && NR == 2 {print substr($6,2,16)}')}"
|
||
|
|
||
|
mkdir -p ${LOWER_DIR} ${UPPER_DIR} ${HOME}/.ecryptfs
|
||
|
printf "%s\n" "${LOWER_DIR} ${UPPER_DIR} ecryptfs" > ${HOME}/.ecryptfs/${ALIAS}.conf
|
||
|
printf "%s\n" "${SIG}" > ${HOME}/.ecryptfs/${ALIAS}.sig
|
||
|
printf "%s\n" "${FNEK_SIG}" >> ${HOME}/.ecryptfs/${ALIAS}.sig
|
||
|
# mount.ecryptfs_private ${ALIAS}
|
||
|
|
||
|
/bin/mount -t ecryptfs -o \
|
||
|
key="${KEY}",\
|
||
|
no_sig_cache,\
|
||
|
ecryptfs_cipher="${CIPHER}",\
|
||
|
ecryptfs_enable_filename=y,\
|
||
|
ecryptfs_enable_filename_crypto=y,\
|
||
|
ecryptfs_fnek_sig="${FNEK_SIG}",\
|
||
|
ecryptfs_key_bytes="${KEY_BYTES}",\
|
||
|
ecryptfs_passthrough=n,\
|
||
|
ecryptfs_unlink_sigs\
|
||
|
"${LOWER_DIR}" "${UPPER_DIR}" 1>/dev/null
|
||
|
|
||
|
# Overwrite sensible variables with random data
|
||
|
ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||
|
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|