hiro/phoebe
1
0
Fork 0
mirror of https://github.com/vale981/phoebe synced 2025-03-05 09:51:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

secrets: Use /dev/shm if available, then fallback to tmpfs

Browse source
This commit is contained in:
Peter Jones 2019-02-01 09:02:56 -07:00
parent 88a7a614ef
commit 2218deea5e
No known key found for this signature in database
GPG key ID: 9DAFAA8D01941E49
1 changed files with 54 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
bin/secrets.sh
View file

@ -140,6 +140,51 @@ decrypt_file() {
esac esac
} }
################################################################################
mount_via_dev_shm() {
local mount_point=$1
local temp_dir
temp_dir=$(mktemp --directory --tmpdir=/dev/shm secrets.XXXXXXXXXX)
(cd "$(dirname "$mount_point")" && ln -nfs "$temp_dir" "$(basename "$mount_point")")
}
################################################################################
umount_via_dev_shm() {
local mount_point=$1
local temp_dir
temp_dir=$(realpath "$mount_point")
if [ -d "$temp_dir" ] && [ "$(dirname "$temp_dir")" = "/dev/shm" ]; then
rm "$mount_point"
rm -rf "$temp_dir"
fi
}
################################################################################
mount_via_tmpfs() {
local mount_point=$1
local secrets=$2
if ! findmnt "$mount_point" > /dev/null 2>&1; then
mkdir -p "$mount_point"
echo "==> Enter sudo password to mount tmpfs"
sudo mount -t tmpfs \
-o size="$(calculate_fs_size "$secrets")" \
tmpfs "$mount_point"
fi
}
################################################################################
umount_via_tmpfs() {
local mount_point=$1
echo "==> Enter sudo password for unmounting"
sudo umount "$mount_point"
rmdir "$mount_point"
}
################################################################################ ################################################################################
mount_secrets() { mount_secrets() {
local option_secrets="" local option_secrets=""
@ -182,12 +227,10 @@ mount_secrets() {
symmetric_key=$(read_symmetric_key_file "$option_symmetric_key_file") symmetric_key=$(read_symmetric_key_file "$option_symmetric_key_file")
fi fi
if ! findmnt "$option_mount_point" > /dev/null 2>&1; then if [ ! -L "$option_mount_point" ] && [ -d /dev/shm ]; then
mkdir -p "$option_mount_point" mount_via_dev_shm "$option_mount_point"
echo "==> Enter sudo password to mount tmpfs" else
sudo mount -t tmpfs \ mount_via_tmpfs "$option_mount_point" "$option_secrets"
-o size="$(calculate_fs_size "$option_secrets")" \
tmpfs "$option_mount_point"
fi fi
while IFS= read -r -d '' file; do while IFS= read -r -d '' file; do
@ -226,9 +269,11 @@ unmount_secrets() {
exit 1 exit 1
fi fi
echo "==> Enter sudo password for unmounting" if [ -L "$option_mount_point" ]; then
sudo umount "$option_mount_point" umount_via_dev_shm "$option_mount_point"
rmdir "$option_mount_point" else
umount_via_tmpfs "$option_mount_point"
fi
} }
################################################################################ ################################################################################