Add encryption support to CreatePersistentImg.sh (#1130)

Added option to create persistent fs inside LUKS container.
Had to change to #!/bin/bash to parse interactive user input for the encryption passphrase.
The _freeloop=$freeloop part is kind of bad style, but I kept it for now to keep changes minimal.

diff --git a/INSTALL/CreatePersistentImg.sh b/INSTALL/CreatePersistentImg.sh
index 8a4480dbb8931921aea36a0e7a13cbbdc599563d..3041873f4482618c2813dc8bd194c53b9197a8c9 100644 (file)
--- a/INSTALL/CreatePersistentImg.sh
+++ b/INSTALL/CreatePersistentImg.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 
 size=1024
 fstype=ext4
 
 size=1024
 fstype=ext4


@@ -7,13 +7,14 @@ config=''
 outputfile=persistence.dat
 
 print_usage() {
 outputfile=persistence.dat
 
 print_usage() {

-    echo 'Usage:  CreatePersistentImg.sh [ -s size ] [ -t fstype ] [ -l LABEL ] [ -c CFG ]'
+    echo 'Usage:  sudo ./CreatePersistentImg.sh [ -s size ] [ -t fstype ] [ -l LABEL ] [ -c CFG ] [ -e ]'

     echo '  OPTION: (optional)'
     echo '   -s size in MB, default is 1024'
     echo '   -t filesystem type, default is ext4  ext2/ext3/ext4/xfs are supported now'
     echo '   -l label, default is casper-rw'
     echo '   -c configfile name inside the persistence file. File content is "/ union"'
     echo '   -o outputfile name, default is persistence.dat'
     echo '  OPTION: (optional)'
     echo '   -s size in MB, default is 1024'
     echo '   -t filesystem type, default is ext4  ext2/ext3/ext4/xfs are supported now'
     echo '   -l label, default is casper-rw'
     echo '   -c configfile name inside the persistence file. File content is "/ union"'
     echo '   -o outputfile name, default is persistence.dat'

+    echo '   -e enable encryption, disabled by default (only few distros support this)'    

     echo ''
 }
 
     echo ''
 }
 


@@ -33,6 +34,9 @@ while [ -n "$1" ]; do
     elif [ "$1" = "-o" ]; then
         shift
         outputfile=$1
     elif [ "$1" = "-o" ]; then
         shift
         outputfile=$1

+    elif [ "$1" = "-e" ]; then
+        read -s -p "Encryption passphrase: " passphrase
+        echo

     elif [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
         print_usage
         exit 0
     elif [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
         print_usage
         exit 0


@@ -86,6 +90,13 @@ freeloop=$(losetup -f)
 
 losetup $freeloop "$outputfile"
 
 
 losetup $freeloop "$outputfile"
 

+if [ ! -z "$passphrase" ]; then
+    printf "$passphrase" | cryptsetup -q --verbose luksFormat $freeloop -
+    printf "$passphrase" | cryptsetup -q --verbose luksOpen $freeloop persist_decrypted -
+    _freeloop=$freeloop
+    freeloop="/dev/mapper/persist_decrypted"
+fi
+

 mkfs -t $fstype $fsopt -L $label $freeloop 
 
 sync
 mkfs -t $fstype $fsopt -L $label $freeloop 
 
 sync


@@ -104,4 +115,9 @@ if [ -n "$config" ]; then
     rm -rf ./persist_tmp_mnt
 fi
 
     rm -rf ./persist_tmp_mnt
 fi
 

+if [ ! -z "$passphrase" ]; then
+    cryptsetup luksClose $freeloop
+    freeloop=$_freeloop
+fi
+

 losetup -d $freeloop
 losetup -d $freeloop