shithub: secgefs

Info  •  Files  •  Log  •  Branches

adds files

--- /dev/null

+++ b/README

@@ -1,0 +1,33 @@

+encrypted filesystem using gefs and cryptsetup

+

+

+using mk install, these scripts will be installed in /rc/bin/secgefs.

+

+secgefs/create file size:

+	create a new encrypted gefs at file with the specified size (megabytes).

+	gefs will be configured to not make any snapshots.

+	Will ask for the password three times:

+	- two times for setting up encryption

+	- another time for configuration

+

+secgefs/open file:

+	open the specified file. The basename will be used as the identifier.

+	The scripts try to prevent name collisions, however it's best to

+	avoid duplicate names anyways.

+	Will ask for the password for opening.

+	

+	The service files will take the last part of the file (the filename):

+	- /srv/$name

+	- /srv/$name.cmd

+	

+	The filesystem will not be automatically mounted.

+

+secgefs/close name:

+	close the already opened file.

+	This will try to remove the attached file from /dev/fs as well.

+

+

+create and close will list relevant files to tell you if there is some additional cleanup needed:

+

+- /dev/fs/$name: write "del $name" into /dev/fs/ctl. See fs(3)

+- /srv/$name and /srv/$name.cmd: write "halt" into /srv/$name.cmd. See gefs(8)

--- /dev/null

+++ b/close

@@ -1,0 +1,17 @@

+#!/bin/rc

+

+if (! ~ $#* 1) {

+	echo usage: close name >[1=2]

+	exit usage

+}

+

+if (test -e /srv/$1 && test -e /srv/$1.cmd) {

+	echo halt >> /srv/$1.cmd

+}

+

+if (test -e /dev/fs/$1) {

+	echo del $1 > /dev/fs/ctl

+}

+

+ls /dev/fs/$1 >[2]/dev/null

+ls /srv/$1.cmd >[2]/dev/null

--- /dev/null

+++ b/create

@@ -1,0 +1,42 @@

+#!/bin/rc

+

+if (! ~ $#* 2) {

+	echo usage: mksecgefs name size >[1=2]

+	exit usage

+}

+

+rfork en

+

+filename=$1

+name=`{basename $filename}

+size=`{echo $2 '* 1024' | hoc}

+

+if (test -e $filename) {

+	echo file $filename already exists >[1=2]

+	exit error

+}

+

+if (test -e /srv/$name || test -e /srv/$name.cmd) {

+	echo srv files name collision >[1=2]

+	exit error

+}

+

+dd -if /dev/zero -bs 1024 -count $size > $filename

+disk/cryptsetup -f $filename

+disk/cryptsetup -i $filename

+

+gefs -f /dev/fs/$name -r $user

+gefs -f /dev/fs/$name -n $name

+

+if (! test -e /srv/$name.cmd) {

+	echo /srv/$name.cmd does not exist >[1=2]

+	exit error

+}

+

+echo 'set retain ''''' >> /srv/$name.cmd

+echo halt >>/srv/$name.cmd

+

+echo del $name > /dev/fs/ctl

+

+ls /dev/fs/$name >[2]/dev/null

+ls /srv/$name.cmd >[2]/dev/null

--- /dev/null

+++ b/mkfile

@@ -1,0 +1,15 @@

+BIN=/rc/bin/secgefs

+

+FILES=\

+	create\

+	open\

+	close\

+

+all:VQ:

+	echo use mk install

+

+install:V: ${FILES:%=$BIN/%}

+

+$BIN/%: %

+	mkdir -p $BIN

+	cp $stem $target

--- /dev/null

+++ b/open

@@ -1,0 +1,13 @@

+#!/bin/rc

+

+if (! ~ $#* 1) {

+	echo usage: open name >[1=2]

+	exit usage

+}

+

+diskname=`{basename $1}

+

+disk/cryptsetup -i $1

+gefs -f /dev/fs/$diskname -n $diskname

+rm /env/diskname

+echo mount -c /srv/$diskname /mnt/$diskname

-- 

⑨