cryfs-automount/cryfs-automount

#!/bin/bash
#/##################################################################\
#| Basic scrypt to encrypt with CryFS file hosting services like    |
#| Dropbox, MEGA, Drive, etc.                                       |
#| Guzmán Castanedo (guzman@castanedo.es)                           |
#| November 2016                                                    |
#| Licence: GPL 3.0 -> https://www.gnu.org/licenses/gpl-3.0.en.html |
#| NOTE: It's necesary to configure Dropbox to basedir folder       |
#|       before run this script, because it need to be empty or     |
#|       Dropbox client will move to a new folder.                  |
#| NEXT: I want to implement auto config the Dropbox client, but    |
#|       it use a encrypted SQLite database. So it's harder.        |
#\##################################################################/

#Functions
function usage {
	printf "USAGE:\t"$(basename "$0")" [OPTIONS] name\n"
	printf "NAME:\n"
	printf "\tSet the automount name (without spaces).\n"
	printf "\tIt's usefull if you wanty to encrypt more than one file hosting service.\n"
	printf "\tThis parameter is OBLIGATORY.\n"
	printf "OPTIONS:\n"
	printf "\t-b, --basedir basedir\n"
	printf "\t\tSet the encrypted folder that Dropbox client are going to\n"
	printf "\t\tupload.\n"
	printf "\t\tDefault: /home/$USER/.MegaEncrypted/ENCRYPTED\n"
	printf "\t-m, --mountdir mountdir\n"
	printf "\t\tSet the decrypted folder.\n"
	printf "\t\tDefault: /home/$USER/MEGA\n"
	printf "\t-v, --verbose\n"
	printf "\t\tSet verbose mode.\n"
	printf "\t\tDefault: false\n"
	printf "\t-p, --password password\n"
	printf "\t\tSet password for CryFS encrypted volume.\n"
	printf "\t\tIf not set it'll ask iteractively.\n"
	printf "\t-c, --config cryfsconfig\n"
	printf "\t\tSet the configuration file for CryFS.\n"
	printf "\t\tDefault: basedir/cryfs.config\n"
	printf "\t--not-start-at-login\n"
	printf "\t\tNot start cryfs at login time.\n"
	printf "\t\tDefault: true\n"
	printf "\t\tCAUTION: plain password will be saved in:\n"
	printf "\t\t~/.config/autostart/cryfs-dropbox.desktop\n"
	printf "\t--new-volume\n"
	printf "\t\tCreate a new volume.\n"
	printf "\t\tDefault: false\n"
	printf "\t--blocksize\n"
	printf "\t\tChange the ciphertext block size in bytes\n"
	printf "\t\tDefault: 524288 (512 KB)\n"
	printf "\t\tCryFS use by default 32KB, but a 17 GB volume can generate\n"
	printf "\t\tup to 400,000 files with this...\n"
	printf "\t\tThe Dropbox client get crazzy!\n"
}

function createautostart {
	#createautostart $basedir $mountdir $cryfsconfig $pass $name
	if [ ! $# -eq 5 ];then
		echo "ERROR: Internal error generating autostart file."
		exit 1
	fi
	startfile=/home/$USER/.config/autostart/cryfs-$5.desktop
	if [ ! -d /home/$USER/.config/autostart ]; then
		#Create directory (parents if needed)
		mkdir -p /home/$USER/.config/autostart
	fi
	#Need to check existance because we're going to overwrite
	if [ -f $startfile ];then
		grep "Exec=$(basename "$0") -b $1 -m $2 -c $3 -p $4 $5" $startfile > /dev/null
		if [ $? -ne 0 ];then
			printpaths $name $basedir $mountdir $cryfsconfig
			printf "\nERROR:\tThere is another $(basename "$0") using that name (%s).\n" $5
			printf "\tUse a diferent name.\n"
			exit 1
		fi
	fi
	echo "[Desktop Entry]" | tee $startfile > /dev/null
	echo "Type=Application" | tee -a $startfile > /dev/null
	echo "Exec=$(basename "$0") -b $1 -m $2 -c $3 -p $4 $5" | tee -a $startfile > /dev/null
	echo "X-GNOME-Autostart-enabled=true" | tee -a $startfile > /dev/null
	echo "NoDisplay=false" | tee -a $startfile > /dev/null
	echo "Hidden=false" | tee -a $startfile > /dev/null
	echo "Name=CryFS-Dropbox" | tee -a $startfile > /dev/null
	echo "Comment=Automount CryFS for Dropbox" | tee -a $startfile > /dev/null
	echo "X-GNOME-Autostart-Delay=0" | tee -a $startfile > /dev/null
}

function printpaths {
	#printpaths $name $basedir $mountdir $cryfsconfig
	printf "Name:\t\t%s\n" $1
	printf "Base Dir:\t%s\n" $2
	printf "Mount Dir:\t%s\n" $3
	printf "CryFS Dir:\t%s\n" $4
	echo
}

#Bash main
export CRYFS_FRONTEND=noninteractive
basedir=/home/$USER/.MegaEncrypted/ENCRYPTED
mountdir=/home/$USER/MEGA
blocksize=524288
verbose=false
startlogin=true
configset=false
newvolume=false

#Parse args
#With getopts
TEMP="$(getopt -q -o b:m:p:vhc: --long basedir:,mountdir:,password:,verbose,help,config:,not-start-at-login,new-volume,blocksize: -n "$(basename "$0")" -- "$@")"
eval set -- "$TEMP"
unset TEMP
while true; do
	case "$1" in
		-b|--basedir)
			#basedir
			basedir=$2
			shift 2
			;;
		-m|--mountdir)
			#mountdir
			mountdir=$2
			shift 2
			;;
		-p|--password)
			#password
			pass=$2
			shift 2
			;;
		-v|--verbose)
			#verbose
			verbose=true
			shift
			;;
		-h|--help)
			#Help
			usage
			exit 0
			;;
		-c|--config)
			#CryFS Config File
			cryfsconfig=$2
			configset=true
			shift 2
			;;
		--not-start-at-login)
			startlogin=false
			shift
			;;
		--new-volume)
			newvolume=true
			shift
			;;
		--blocksize)
			blocksize=$2
			shift 2
			;;
		--)
			#Last one
			shift
			break
			;;
		*)
			#Unspected
			usage
			echo "ERROR: Invalid option $1"
			exit 1
			;;
	esac
done

if [ ! $# -eq 1 ]; then
	echo "ERROR: You must set only one name for the installation"
	exit 1
fi
name=$1

#Check if cryfs is installed
if [ ! -x /usr/local/bin/cryfs ]; then
	echo "ERROR: CryFS is not installed."
	echo "https://www.cryfs.org/#download"
	exit 1
fi

#Check if cryfs-automount is installed
if [ ! -x /usr/local/bin/$(basename "$0") ]; then
	echo "WARNING: "$(basename "$0")" is not installed."
	echo "We'll use root access only for installation."
	test=$(sudo whoami)
	if [ $test = "root" ]; then
		sudo cp ./$0 /usr/local/bin/
		sudo chmod +x /usr/local/bin/$(basename "$0")
	else
		echo "ERROR: No root access!"
		exit 1
	fi
	echo "Installation Success!"
	echo
fi

#Check if directories exist
if [ ! -d $basedir ]; then
	printpaths $name $basedir $mountdir $cryfsconfig
	echo "ERROR: $basedir is not a directory."
	exit 1
fi

if [ ! -d $mountdir ]; then
	printpaths $name $basedir $mountdir $cryfsconfig
	echo "ERROR: $mountdir is not a directory."
	exit 1
fi

#Check encrypt cryfs volume exists (config file)
if [ $configset = false ]; then
	#We use to set it in basedir (CryFS Default)
	cryfsconfig=$basedir/cryfs.config
fi
if [ ! -f $cryfsconfig ]; then
	#Config file doesn't exist
	if [ $newvolume = false ]; then
		printpaths $name $basedir $mountdir $cryfsconfig
		echo "ERROR: $cryfsconfig doesn't exist."
		echo "If this is a new volume enter the tag: --new-volume"
		exit 1
	fi
else
	if [ $newvolume = true ]; then
		printpaths $name $basedir $mountdir $cryfsconfig
		echo "ERROR: Volume exists."
		echo "If you want to load it, remove the tag: --new-volume"
		exit 1
	fi
fi

#Convert to absolute path
basedir=$(realpath $basedir)
mountdir=$(realpath $mountdir)
cryfsconfig=$(realpath $cryfsconfig)

#Verbose
if [ $verbose = true ];then
	printpaths $name $basedir $mountdir $cryfsconfig
fi

#Check if password is set
if [ -z $pass ]; then
	if [ $newvolume = true ]; then
		#Twice
		cont=false
		while [ $cont = false ]; do
			printf "Password:\t"
			read -s pass1
			printf "\nRepeat Password:\t"
			read -s pass2
			echo
			if [ $pass1 = $pass2 ]; then
				pass=$pass1
				cont=true
			else
				printf "Wrong password. Try again:\n"
			fi
		done
		unset cont pass1 pass2
	else
		#Single
		printf "Password:\t"
		read -s pass
		echo
	fi
fi

#Before start let's check if autostart on login
if [ $startlogin = true ]; then
	#Let's create it
	if [ $verbose = true ];then
		printf "Creating start at login.........\t"
	fi
	createautostart $basedir $mountdir $cryfsconfig $pass $name
	if [ $verbose = true ];then
		printf "Done!\n"
		printf "File: %s\n" "/home/$USER/.config/autostart/cryfs-$name.desktop"
	fi
fi

#Mount with CryFS
if [ $verbose = true ]; then
	printf "Starting CryFS..................\t"
fi
echo $pass | cryfs --blocksize $blocksize -c $cryfsconfig $basedir $mountdir 2>&1 > /dev/null
if [ $verbose = true ]; then
	printf "Done!\n"
fi