Created
November 4, 2020 08:54
-
-
Save shilch/2d319fee5b8640f60b81d0976456af40 to your computer and use it in GitHub Desktop.
Simple FreeBSD rc script for mounting encrypted home directory disk image during boot time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
. /etc/rc.subr | |
# PROVIDE: homecrypt | |
# REQUIRE: FILESYSTEMS | |
# BEFORE: LOGIN | |
name="homecrypt" | |
desc="Home directory encryption" | |
start_cmd="homecrypt_start" | |
stop_cmd="homecrypt_stop" | |
homecrypt_start() | |
{ | |
for user in "$homecrypt_users"; do | |
disk="/home/$user.crypt" | |
if [ ! -f "$disk" ]; then | |
echo "Encrypted home for $user not found at $disk" | |
continue | |
fi | |
unit=$(id -u "$user") | |
if ! mdconfig -a -t vnode -f "$disk" -u $unit; then | |
echo "Mounting the encrypted disk for $user failed" | |
continue | |
fi | |
attempts=0 | |
max_attempts=5 | |
while [ $attempts -ne $max_attempts ]; do | |
echo "Please enter the passphrase for the encrypted home of $user" | |
if geli attach -d "/dev/md$unit"; then | |
echo "Successfully decrypted home of $user" | |
break | |
fi | |
attempts=$(expr $attempts + 1) | |
done | |
if [ $attempts -eq $max_attempts ]; then | |
echo "Entered the wrong passphrase for $user $max_attempts times" | |
continue | |
fi | |
mkdir -p "/home/${user}" | |
if ! mount /dev/md$unit.eli "/home/${user}"; then | |
echo "Mounting decrypted home of $user failed" | |
continue | |
fi | |
done | |
} | |
homecrypt_stop() | |
{ | |
for user in "$homecrypt_users"; do | |
disk="/home/$user.crypt" | |
if ! umount "/home/${user}"; then | |
echo "Failed to unmount /home/$user" | |
continue | |
fi | |
# Geli will detach automatically | |
# ... | |
if ! mdconfig -d -u "$(id -u "$name")"; then | |
echo "Failed to remove memorydisk for $user" | |
continue | |
fi | |
done | |
} | |
load_rc_config $name | |
run_rc_command "$1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage: GELI-encrypted home directory as image file in
/home/{user}.crypt
.In
/etc/rc.conf
:homecrypt_users="{user}"