From 2b95eb1d48a24c3799ac4971748fe2d50da26228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Sun, 17 Sep 2017 20:07:10 +0200 Subject: Add usbkey script --- install | 4 ++ local/bin/usbkey | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) create mode 100755 local/bin/usbkey diff --git a/install b/install index bd6ef50..c6b769e 100755 --- a/install +++ b/install @@ -114,3 +114,7 @@ fi if ask "Install lxc-net script"; then inst local/bin/lxc-net ~/.local/bin/lxc-net fi + +if ask "Install usbkey script"; then + inst local/bin/usbkey ~/.local/bin/usbkey +fi diff --git a/local/bin/usbkey b/local/bin/usbkey new file mode 100755 index 0000000..5e7648a --- /dev/null +++ b/local/bin/usbkey @@ -0,0 +1,190 @@ +#!/bin/sh +set -e + +UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be" +UUID_WKEY="" + +CRYPT_NAME="usbkey" +MOUNT_PATH="/media/usbkey" + +op_mount() { + # First check if we have key drive + if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then + echo "Can't locate appropriate usb drive." >&2 + exit 1 + fi + # Decrypt drive + if [ -e "/dev/mapper/$CRYPT_NAME" ]; then + echo "USB key seems to be already decrypted" >&2 + else + echo "Decrypting usb key" >&2 + sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME" + fi + # Mount drive + if mount | grep -q "$MOUNT_PATH"; then + echo "USB key is already mounted" >&2 + else + echo "Mounting usb key" + sudo -- mkdir -p "$MOUNT_PATH" + sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH" + fi + + echo "USB key drive mounted" >&2 +} + +op_unmount() { + # Unmount + if mount | grep -q "$MOUNT_PATH"; then + echo "Unmounting usb key" >&2 + sync "$MOUNT_PATH" + sudo -- umount "$MOUNT_PATH" + fi + # Remove mount path + [ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH" + # Close encryption + if [ -e "/dev/mapper/$CRYPT_NAME" ]; then + echo "Closing encryption on usb key" >&2 + sudo -- cryptsetup close "$CRYPT_NAME" + fi + + echo "USB key unmounted" >&2 +} + +check_mount() { + mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME" +} + +op_sync() { + local DOUNMOUNT=false + local EXITC=0 + if ! check_mount; then + DOUNMOUNT=true + op_mount + fi + if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then + # Mount backup usb + sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup" + sudo -- mkdir -p "$MOUNT_PATH-backup" + sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup" + # Sync them + rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/" + # Unmount it + sudo -- umount "$MOUNT_PATH-backup" + sudo -- rmdir "$MOUNT_PATH-backup" + sudo -- cryptsetup close "$CRYPT_NAME-backup" + else + echo "USB backup key seems to not be inserted. Please do so." >&2 + EXITC=1 + fi + if $DOUNMOUNT; then + op_unmount + fi + exit $EXITC +} + +ssh_list() { + check_mount || op_mount + for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do + local N="${KEY#$MOUNT_PATH/ssh/}" + echo -n "${N%.pub}: " + sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY" + done +} + +ssh_generate() { + check_mount || op_mount + if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then + echo "Key $NAME seems to already exists." >&2 + exit 1 + fi + echo -n "Please enter comment: " + read COMMENT + ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT" +} + +ssh_import() { + check_mount || op_mount + if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then + echo "There is no key named $NAME" >&2 + exit 1 + fi + cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/ + cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/ +} + + +unknown_argument() { + echo "Unknown argument: $1" + exit 1 +} +# Parse operation (operation have to be first) +case "$1" in + -h|--help) + echo "Usb key manager" + echo "Usage: usbkey OPERATION ..." + echo + echo "Operations:" + echo " mount: Mount key of usb driver" + echo " unmount: Unmount usb driver" + echo " sync: Synchronize drive to bakup drive" + echo " gpg-import: Import gpg key" + echo " ssh-import: Import ssh key" + echo " ssh-generate: Generate new ssh key" + echo " ssh-list: List all keys in store" + echo " openvpn-get: Get keys for some host" + echo " openvpn-generate: Generate key for new host" + exit 0 + ;; + mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate) + OPERATION="$1" + ;; + *) + unknown_argument "$1" + ;; +esac +shift +# Parse rest of the arguments +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Usb key manager" + case "$OPERATION" in + mount|unmount|sync) + echo "Usage: usbkey $OPERATION [-h]" + ;; + ssh-*) + echo "Usage: usbkey $OPERATION NAME [-h]" + ;; + # TODO + esac + exit 0 + ;; + *) + if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then + NAME="$1" + else + unknown_argument "$1" + fi + ;; + esac + shift +done + +case "$OPERATION" in + mount) + op_mount + ;; + unmount) + op_unmount + ;; + sync) + op_sync + ;; + ssh-list) + ssh_list + ;; + *) + echo "Operation $OPERATION not implemented" >&2 + exit 2 + ;; +esac -- cgit v1.2.3