cleanup
This commit is contained in:
parent
5809878004
commit
15e846e3a4
|
@ -21,17 +21,12 @@ if ! grep -q "${LOWER_DIR} ${UPPER_DIR} ecryptfs " /proc/mounts 2>/dev/null; the
|
||||||
key="${KEY}",\
|
key="${KEY}",\
|
||||||
no_sig_cache,\
|
no_sig_cache,\
|
||||||
ecryptfs_cipher="${CIPHER}",\
|
ecryptfs_cipher="${CIPHER}",\
|
||||||
ecryptfs_enable_filename=y,\
|
|
||||||
ecryptfs_enable_filename_crypto=y,\
|
|
||||||
ecryptfs_fnek_sig="${FNEK_SIG}",\
|
ecryptfs_fnek_sig="${FNEK_SIG}",\
|
||||||
ecryptfs_key_bytes="${KEY_BYTES}",\
|
ecryptfs_key_bytes="${KEY_BYTES}",\
|
||||||
ecryptfs_passthrough=n,\
|
|
||||||
ecryptfs_unlink_sigs\
|
ecryptfs_unlink_sigs\
|
||||||
"${LOWER_DIR}" "${UPPER_DIR}" >/dev/null
|
"${LOWER_DIR}" "${UPPER_DIR}" >/dev/null
|
||||||
|
|
||||||
# Overwrite sensible variables with random data
|
# Overwrite sensible variables with random data
|
||||||
ECRYPTFS_KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
|
||||||
ECRYPTFS_PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
|
||||||
KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
KEY="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
PASSPHRASE="$(/usr/bin/base64 /dev/urandom |/usr/bin/head -c 64)"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
[ -n "${DEBUG}" ] && set -x
|
[ -n "${DEBUG}" ] && set -x
|
||||||
|
|
||||||
# if auto-mount ecryptfs
|
|
||||||
if [ -f "${HOME}/.ecryptfs/auto-mount" ]; then
|
|
||||||
|
|
||||||
LOWER_DIR="${1:-${ECRYPTFS_LOWER_DIR:-${HOME}/Secure}}"
|
LOWER_DIR="${1:-${ECRYPTFS_LOWER_DIR:-${HOME}/Secure}}"
|
||||||
UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
|
UPPER_DIR="${ECRYPTFS_UPPER_DIR:-${LOWER_DIR}}"
|
||||||
ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
|
ALIAS="${ECRYPTFS_ALIAS:-${LOWER_DIR##*/}}"
|
||||||
|
@ -53,15 +50,15 @@ if [ -f "${HOME}/.ecryptfs/auto-mount" ]; then
|
||||||
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
|
if [ ! -f "${HOME}/.ecryptfs/${ALIAS}.sig" ]; then
|
||||||
printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
|
printf "%s\n" "${SIG}" > "${HOME}/.ecryptfs/${ALIAS}.sig"
|
||||||
printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
|
printf "%s\n" "${FNEK_SIG}" >> "${HOME}/.ecryptfs/${ALIAS}.sig"
|
||||||
# mount ecryptfs
|
fi
|
||||||
/sbin/mount.ecryptfs_private "${ALIAS}"
|
|
||||||
else
|
|
||||||
# check authentication tokens to prevent mounting with bad ones
|
# check authentication tokens to prevent mounting with bad ones
|
||||||
if grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null \
|
if grep "${SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null \
|
||||||
&& grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null; then
|
&& grep "${FNEK_SIG}" "${HOME}/.ecryptfs/${ALIAS}.sig" >/dev/null; then
|
||||||
# mount ecryptfs
|
# mount ecryptfs
|
||||||
/sbin/mount.ecryptfs_private "${ALIAS}"
|
/sbin/mount.ecryptfs_private "${ALIAS}"
|
||||||
fi
|
else
|
||||||
|
echo "WARNING: Bad authentication token ${SIG} for ecryptfs mount ${ALIAS}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
|
@ -70,5 +67,3 @@ if [ -f "${HOME}/.ecryptfs/auto-mount" ]; then
|
||||||
fi
|
fi
|
||||||
# if not already mounted
|
# if not already mounted
|
||||||
fi
|
fi
|
||||||
# if auto-mount ecryptfs
|
|
||||||
fi
|
|
||||||
|
|
Loading…
Reference in New Issue