crypt.awk (4069B)
1 /^#/ || /^$/ { next } 2 NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next } 3 { 4 # decode the src variants 5 split($2, o_src, "=") 6 if (o_src[1] == "UUID" || o_src[1] == "PARTUUID") ("blkid -l -o device -t " $2) | getline src; 7 else src=o_src[1]; 8 9 # no password or none is given, ask fo it 10 if ( NF == 2 ) { 11 ccmd="cryptsetup luksOpen " src " " $1; 12 system(ccmd); 13 ccmd=""; 14 } 15 else if (NF == 3 ) { 16 dest=$1 17 key=$3 18 split($3, po, "="); 19 if ( po[1] == "none") ccmd="cryptsetup luksOpen " src " " dest; 20 else ccmd="cryptsetup luksOpen -d " key " " src" " dest; 21 system(ccmd); 22 ccmd=""; 23 } 24 else { 25 # the option field is not empty parse the options 26 dest=$1 27 key=$3 28 split($4, opts, ","); 29 commonopts=""; 30 swapopts=""; 31 luksopts=""; 32 for(i in opts) { 33 split(opts[i], para, "="); 34 par=para[1]; 35 val=para[2]; 36 if ( par == "readonly" || par == "read-only") commonopts=commonopts "-r "; 37 else if ( par == "discard" ) commonopts=commonopts "--allow-discards "; 38 else if ( par == "no-read-workqueue" ) commonopts=commonopts "--perf-no_read_workqueue "; 39 else if ( par == "no-write-workqueue" ) commonopts=commonopts "--perf-no_write_workqueue "; 40 else if ( par == "tries" ) commonopts=commonopts "-T " val " "; 41 else if ( par == "swap" ) makeswap="y"; 42 else if ( par == "cipher" ) swapopts=swapopts "-c " val " "; 43 else if ( par == "size" ) swapopts=swapopts "-s " val " "; 44 else if ( par == "hash" ) swapopts=swapopts "-h " val " "; 45 else if ( par == "offset" ) swapopts=swapopts "-o " val " "; 46 else if ( par == "skip" ) swapopts=swapopts "-p " val " "; 47 else if ( par == "verify" ) swapopts=swapopts "-y "; 48 #else if ( par == "noauto" ) 49 #else if ( par == "nofail" ) 50 #else if ( par == "plain" ) 51 #else if ( par == "timeout" ) 52 #else if ( par == "tmp" ) 53 else if ( par == "luks" ) use_luks="y"; 54 else if ( par == "keyscript" ) {use_keyscript="y"; keyscript=val;} 55 else if ( par == "keyslot" || par == "key-slot" ) luksopts=luksopts "-S " val " "; 56 else if ( par == "keyfile-size" ) luksopts=luksopts "-l " val " "; 57 else if ( par == "keyfile-offset" ) luksopts=luksopts "--keyfile-offset=" val " "; 58 else if ( par == "header" ) luksopts=luksopts "--header=" val " "; 59 else { 60 print "option: " par " not supported " >"/dev/stderr"; 61 makeswap=""; 62 use_luks=""; 63 use_keyscript=""; 64 next; 65 } 66 } 67 if ( makeswap == "y" && use_luks != "y" ) { 68 ccmd="cryptsetup " swapopts commonopts "-d " key " create " dest " " src; 69 ccmd_2="mkswap /dev/mapper/" dest; 70 makeswap=""; 71 use_luks=""; 72 use_keyscript=""; 73 system(ccmd); 74 system(ccmd_2); 75 ccmd=""; 76 ccmd_2=""; 77 next; 78 } 79 if ( use_luks == "y" && makeswap != "y" ){ 80 if ( use_keyscript == "y") { 81 ccmd=keyscript " | cryptsetup " luksopts commonopts "luksOpen -d - " src " " dest; 82 use_keyscript=""; 83 } 84 else { 85 if ( key == "none" ){ 86 ccmd="cryptsetup " luksopts commonopts "luksOpen " src " " dest; 87 } 88 else { 89 ccmd="cryptsetup " luksopts commonopts "luksOpen -d " key " " src " " dest; 90 } 91 } 92 } 93 else { 94 print "use swap OR luks as option" >"/dev/stderr"; 95 ccmd=""; 96 } 97 makeswap=""; 98 use_luks=""; 99 use_keyscript=""; 100 if ( ccmd != ""){ 101 system(ccmd); 102 ccmd="" 103 } 104 } 105 }