ToddGee.commie

When backing up my laptop, the technique I use most often is to back it up to an encrypted disk partition.  I do this because I don't have to control access to the backup media.  Sometimes this takes the form of a USB hard drive I use for other things.  Sometimes it's a remote file store not under my exclusive control (like the DreamHost 50G backup account).  Using a large file holding an encrypted filesystem image, I can let my backups live anywhere.

I have come up with a standard, scripted method of using these encrypted filesystem files.  See the comments in the script below for more information on how to initiate the filesystem and use the script.  Note the script is attached below for your downloading convenience...

#!/bin/bash

# Runs the commands to mount the backup encrypted partition file
# in this directory onto a mount dir.
#
# Run with no options for usage.


# The encrypted filesystem partition file
DEFAULT_PARTITION_FILENAME="backup.dat"

# The directory on which to mount this filesystem
DEFAULT_MOUNT_POINT="mountpoint"

# The crypt setup name.  Will be suffixed by index.
CRYPT_NAME="toddsBackupCrypt"

# The loopback device name.  Will be suffixed by index.
LOOPBACK="/dev/loop"


printUsage() {
	echo -e " "
	echo -e "Usage:"
	echo -e "$0 [ -index  ] [ -partfile  ] [ -mountpoint  ] ( mount | umount )"
	echo -e "where:"
	echo -e "'mount' mounts the encrypted partition; 'umount' unmounts it."
	echo -e ""
	echo -e " is the instance number to run."
	echo -e "\tAllows multiple instances to exist at same time. Needs to be one of [0-4]. Defaults to '0'."
	echo -e " is the (large) partition data file. Defaults to '${DEFAULT_PARTITION_FILENAME}'"
	echo -e " is the (empty) directory on which the filesystem should be mounted. Defaults to '${DEFAULT_MOUNT_POINT}'"
	echo -e ""
}

########

# test root
touch /etc/fstab >/dev/null 2>&1 || {
	echo "Must run as root. Aborting."
	printUsage
	exit 1;
}

# Set defaults
index="0"
partitionFile="${DEFAULT_PARTITION_FILENAME}"
mountPoint="${DEFAULT_MOUNT_POINT}"

# handle flags
while (true); do
	case $1 in
	-index )
		index="${2}"
		shift; shift;
		;;
	-partfile )
		partitionFile="${2}"
		shift; shift;
		;;
	-mountpoint )
		mountPoint="${2}"
		shift; shift;
		;;
	* )
		break;
	esac
done	
	
# Create loopback and crypt names
cryptName="${CRYPT_NAME}${index}"
loopback="${LOOPBACK}${index}"

# Tests
if [ ! -e "${partitionFile}" ]; then
	echo "Partition file '${partitionFile}' doesn't exist. Aborting."
	printUsage
	exit 1
fi
if [ ! -d "${mountPoint}" ]; then
	echo "Mount point '${mountPoint}' doesn't exist. Aborting."
	printUsage
	exit 1
fi

case "$1" in
	mount)
		# Additional tests
		if [ -n "`ls "${mountPoint}"`" ]; then
			echo "Mount point '${mountPoint}' not empty. Aborting."
			printUsage
			exit 1
		fi

		echo "password is fidel root pw"
		/sbin/losetup ${loopback} ${partitionFile}
		/sbin/cryptsetup create ${cryptName} ${loopback} 
		mount -t ext3 /dev/mapper/${cryptName} ${mountPoint}
		;;
	umount)
		umount ${mountPoint}
		/sbin/cryptsetup remove ${cryptName}
		/sbin/losetup -d ${loopback}
		;;
	*)
		printUsage
		exit 1;
esac



##################
# 
# Everything that follows is a HOWTO on mounting and unmounting 
# the encrypted partition file including creating the partition file in the first place.
# 
# See http://deb.riseup.net/storage/encryption/dmcrypt/
#
# Lines starting with "#" are to be run as root...
#
# Create (40G) file for loopback filesystem on drive (only necessary once)
#	$ dd if=/dev/zero of=./backup.dat bs=1G count=40
#
# Create loopback device on this file 
#	# /sbin/losetup /dev/loop0 backup.dat
#
# Create logical volume (w/ cryptsetup).  
# Note: -y flag is used for first invocation to set passphrase.  Omit for remouting.
#	# /sbin/cryptsetup -y create toddsBackupCrypt0 /dev/loop0
#
# Confirm it worked:
#	# /sbin/dmsetup ls
#	toddsBackupCrypt0 (253, 0)
#
# Create Filesystem (only necessary once)
#	# /sbin/mkfs.ext3 /dev/mapper/toddsBackupCrypt0
#
# Mount filesystem:
#	# mount /dev/mapper/toddsBackupCrypt0 {mount point directory}
#
# AT THIS POINT THE PARTITION IS MOUNTED
#
# Unmount filesystem:
#	# umount {mount point directory}
#
# Remove logical volume
#	# cryptsetup remove toddsBackupCrypt0
#
# Remove loopback
#	# losetup -d /dev/loop0
#