-
Notifications
You must be signed in to change notification settings - Fork 1
/
pass-crypt-mount.fish
executable file
·168 lines (143 loc) · 4.58 KB
/
pass-crypt-mount.fish
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/usr/bin/env fish
#
# A hastily written shell script for dealing with LUKS drives
# Copyright (C) 2023 Christina E. Sørensen
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# TODO: create uuid validator function
# TODO: cleanup
set --local cm_version "0.7.4"
# get the program name from the file name
set --local pname "$(basename (status -f))"
set --local options h/help 'm/mount=' 'u/unmount=' l/list
argparse $options -- $argv
function luks_open -a block_device uuid label
# TODO: validate uuid
# test if $block_device is actually a block device
if builtin test -b $block_device
echo -e "$(pass show disk/luks/uuid/$uuid)\n" | sudo cryptsetup open $block_device $label
return 0
else
return 1
end
end
function luks_close -a label
# TODO: validate uuid
# test if $block_device is actually a block device
if builtin test -b $block_device
sudo cryptsetup close /dev/mapper/$label
return 0
else
return 1
end
end
function get_uuid -a block_device
# test if $block_device is actually a block device
if builtin test -b $block_device
# find and set uuid of block device
echo $(sudo blkid | rg $block_device | rg '[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}' -o)
return 0
else
return 1
end
end
function udisksctl_unmount -a label
udisksctl unmount -b "/dev/mapper/$label"
return $status
end
function udisksctl_mount -a label
udisksctl mount -b "/dev/mapper/$label"
return $status
end
if set --query _flag_help
printf "cm - Crypt Mount $cm_version\n"
printf "Mount LUKS volumes with GNU pass\n\n"
printf "Usage: $pname [OPTIONS]\n\n"
printf "Options:\n"
printf " -h/--help Prints help and exits\n"
printf " -m/--mount=BLOCK_DEVICE Mount and unlock luks partition\n"
printf " -u/--umount=LABEL Unmount and lock luks partition\n"
printf " -l/--list List luks partitions and passwords in store\n\n"
printf "Examples:\n"
printf " Mount a LUKS volume\n\n"
printf " cm -m /dev/sdg1 vacation-photos\n\n"
printf " Unmount a LUKS volume\n\n"
printf " cm -u vacation-photos\n\n"
printf " List LUKS volumes and pass entries\n\n"
printf " cm -l\n\n"
return 0
end
if set --query _flag_mount
set uuid $(get_uuid $_flag_mount)
if builtin test $status -eq 0
printf "[*] got uuid of $_flag_mount: $uuid\n"
else
echo "Usage: $pname -m <block-device>"
return 1
end
set dec $(luks_open $_flag_mount $uuid $argv[1])
if builtin test $status -eq 0
#echo $dec
#echo "successfully decrypted"
printf "[*] successfully opened luks volume $_flag_mount\n"
else
echo "Usage: $pname -m <block-device>"
return 1
end
set mount_message $(udisksctl_mount $argv[1])
if builtin test $status -eq 0
printf "[*] "
echo $mount_message
else
printf "[-] "
echo $mount_message
echo "Usage: $pname -m <block-device>"
return 1
end
return 0
end
if set --query _flag_unmount
set mount_message $(udisksctl_unmount $_flag_unmount)
if builtin test $status -eq 0
printf "[*] "
echo $mount_message
else
printf "[-] "
echo $mount_message
return 1
end
set dec $(luks_close $_flag_unmount)
if builtin test $status -eq 0
printf "[*] "
echo "successfully closed luks volume"
else
echo "Usage: $pname -m <block-device>"
return 1
end
return 0
end
function list
echo -e "### Pass ###"
pass show disk/luks/uuid
echo -e "\n### Disk ###"
# BUG: output is broken if you have multiple luks partitions on one disk
lsblk --output NAME,FSTYPE,UUID,MOUNTPOINT | rg --color=never -B 1 crypto_LUKS
return 0
end
if set --query _flag_list
list
return 0
end
# Default behavior for when no flags are provided
list