crypt.awk (4069B) download
1/^#/ || /^$/ { next }
2NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next }
3{
4 # decode the src variants
5 split($2, o_src, "=")
6 if (o_src[1] == "UUID" || o_src[1] == "PARTUUID") ("blkid -l -o device -t " $2) | getline src;
7 else src=o_src[1];
8
9 # no password or none is given, ask fo it
10 if ( NF == 2 ) {
11 ccmd="cryptsetup luksOpen " src " " $1;
12 system(ccmd);
13 ccmd="";
14 }
15 else if (NF == 3 ) {
16 dest=$1
17 key=$3
18 split($3, po, "=");
19 if ( po[1] == "none") ccmd="cryptsetup luksOpen " src " " dest;
20 else ccmd="cryptsetup luksOpen -d " key " " src" " dest;
21 system(ccmd);
22 ccmd="";
23 }
24 else {
25 # the option field is not empty parse the options
26 dest=$1
27 key=$3
28 split($4, opts, ",");
29 commonopts="";
30 swapopts="";
31 luksopts="";
32 for(i in opts) {
33 split(opts[i], para, "=");
34 par=para[1];
35 val=para[2];
36 if ( par == "readonly" || par == "read-only") commonopts=commonopts "-r ";
37 else if ( par == "discard" ) commonopts=commonopts "--allow-discards ";
38 else if ( par == "no-read-workqueue" ) commonopts=commonopts "--perf-no_read_workqueue ";
39 else if ( par == "no-write-workqueue" ) commonopts=commonopts "--perf-no_write_workqueue ";
40 else if ( par == "tries" ) commonopts=commonopts "-T " val " ";
41 else if ( par == "swap" ) makeswap="y";
42 else if ( par == "cipher" ) swapopts=swapopts "-c " val " ";
43 else if ( par == "size" ) swapopts=swapopts "-s " val " ";
44 else if ( par == "hash" ) swapopts=swapopts "-h " val " ";
45 else if ( par == "offset" ) swapopts=swapopts "-o " val " ";
46 else if ( par == "skip" ) swapopts=swapopts "-p " val " ";
47 else if ( par == "verify" ) swapopts=swapopts "-y ";
48 #else if ( par == "noauto" )
49 #else if ( par == "nofail" )
50 #else if ( par == "plain" )
51 #else if ( par == "timeout" )
52 #else if ( par == "tmp" )
53 else if ( par == "luks" ) use_luks="y";
54 else if ( par == "keyscript" ) {use_keyscript="y"; keyscript=val;}
55 else if ( par == "keyslot" || par == "key-slot" ) luksopts=luksopts "-S " val " ";
56 else if ( par == "keyfile-size" ) luksopts=luksopts "-l " val " ";
57 else if ( par == "keyfile-offset" ) luksopts=luksopts "--keyfile-offset=" val " ";
58 else if ( par == "header" ) luksopts=luksopts "--header=" val " ";
59 else {
60 print "option: " par " not supported " >"/dev/stderr";
61 makeswap="";
62 use_luks="";
63 use_keyscript="";
64 next;
65 }
66 }
67 if ( makeswap == "y" && use_luks != "y" ) {
68 ccmd="cryptsetup " swapopts commonopts "-d " key " create " dest " " src;
69 ccmd_2="mkswap /dev/mapper/" dest;
70 makeswap="";
71 use_luks="";
72 use_keyscript="";
73 system(ccmd);
74 system(ccmd_2);
75 ccmd="";
76 ccmd_2="";
77 next;
78 }
79 if ( use_luks == "y" && makeswap != "y" ){
80 if ( use_keyscript == "y") {
81 ccmd=keyscript " | cryptsetup " luksopts commonopts "luksOpen -d - " src " " dest;
82 use_keyscript="";
83 }
84 else {
85 if ( key == "none" ){
86 ccmd="cryptsetup " luksopts commonopts "luksOpen " src " " dest;
87 }
88 else {
89 ccmd="cryptsetup " luksopts commonopts "luksOpen -d " key " " src " " dest;
90 }
91 }
92 }
93 else {
94 print "use swap OR luks as option" >"/dev/stderr";
95 ccmd="";
96 }
97 makeswap="";
98 use_luks="";
99 use_keyscript="";
100 if ( ccmd != ""){
101 system(ccmd);
102 ccmd=""
103 }
104 }
105}