1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
#!/usr/bin/perl -w
# luksformat - wrapper around LUKS-capable cryptsetup and mkfs for easy
# creation of an encrypted device.
#
# (C) 2005 Canonical Ltd.
# Author: Martin Pitt <martin.pitt@ubuntu.com>
# License: GNU General Public License, v2 or any later
# (https://www.gnu.org/copyleft/gpl.html)
use Getopt::Long qw(:config pass_through);
BEGIN {
eval 'use Locale::gettext';
if ($@) {
*gettext = sub { shift };
*textdomain = sub { "" };
*LC_MESSAGES = sub { 5 };
}
eval {
require POSIX;
import POSIX qw(setlocale);
};
if ($@) {
*setlocale = sub { return 1 };
}
}
setlocale(LC_MESSAGES, "");
textdomain("luksformat");
if ($> != 0) {
print STDERR gettext("This program needs to be started as root\n");
exit 1;
}
sub usage() {
print gettext("luksformat - Create and format an encrypted LUKS device
Usage: luksformat [-t <file system>] <device> [ mkfs options ]\n\n");
exit 1;
}
# default file system
$fs = 'vfat';
exit 1 unless GetOptions ('t|type=s' => \$fs);
GetOptions ('help', \$help);
if (($#ARGV < 0) || ($help)) {
usage();
}
$device = shift(@ARGV);
open(MOUNTS, "/proc/mounts");
while (<MOUNTS>) {
die sprintf(gettext("Error: device mounted: %s\n"), $device) if (/\Q$device\E/)
}
if (-x "/usr/sbin/mkfs.$fs") {
$mkfs = "/usr/sbin/mkfs.$fs";
}
elsif (-x "/usr/bin/mkfs.$fs") {
$mkfs = "/usr/bin/mkfs.$fs";
}
elsif (-x "/sbin/mkfs.$fs") {
$mkfs = "/sbin/mkfs.$fs";
}
elsif (-x "/bin/mkfs.$fs") {
$mkfs = "/bin/mkfs.$fs";
}
else {
printf STDERR (gettext("Error: invalid file system: %s\n"), $fs);
exit 1;
}
# generate temporary mapped device name which is not yet used
$name = "";
for ($i = 1; $i < 100; $i++) {
if (! -e "/dev/mapper/luksformat$i") {
$name = "luksformat$i";
last;
}
}
$name or die sprintf(gettext("Error: could not generate temporary mapped device name"));
# we do not need to be overly concerned with race conditions here, cryptsetup
# will just fail if the name already exists now.
printf (gettext("Creating encrypted device on %s...\n"), $device);
if ((system 'cryptsetup', 'luksFormat', $device)) {
die sprintf(gettext("Could not create LUKS device %s"), $device);
}
print gettext("Please enter your passphrase again to verify it\n");
if ((system 'cryptsetup', 'open', '--type', 'luks', $device, $name) != 0) {
print STDERR gettext("The passphrases you entered were not identical\n");
exit 1;
}
$result = system $mkfs, "/dev/mapper/$name", @ARGV;
print "\n";
system 'udevadm', 'settle', '--timeout=30';
system 'cryptsetup', 'luksClose', $name;
die sprintf(gettext("Could not format device with file system %s"), $fs) if $result;
__END__
=head1 NAME
luksformat - Create and format an encrypted LUKS device
=head1 SYNOPSIS
B<luksformat> [B<-t> I<fstype>] I<device> [ mkfs options ]
=head1 DESCRIPTION
B<luksformat> is a wrapper around B<cryptsetup> and B<mkfs> which provides an
easy interface for creating an encrypted device that follows the LUKS standard
and for putting a file system onto the encrypted device.
The default file system is B<vfat> since that is most commonly used on
removable devices. However, you can specify any available file system with the
B<-t> option.
=head1 SEE ALSO
L<cryptsetup(8)>, L<mkfs(8)>
=head1 AUTHOR
This program was written by Martin Pitt <martin.pitt@ubuntu.com>.
|
