heads/initrd/bin/mount-usb at 0f9063f9dea915a33f0ef92310d33755e564c5cc · linuxboot/heads · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
#!/bin/bash
# Mount a USB device
. /etc/functions
. /etc/gui_functions
. /etc/luks-functions

TRACE_FUNC

function usage() {
  cat <<USAGE_END
usage: $0 [options...] <--mode [ro|rw]> <--device device> <--mountpoint mountpoint> <--pass passphrase>
       $0 --help

parameters:
  --mode: ro or rw (default ro)
  --device: device to mount (default: first USB device found)
  --mountpoint: where to mount the device (default: /media)
  --pass: passphrase for LUKS device (default: none)
  --help: Show this help
USAGE_END
}

MODE="ro"
DEVICE=""
MOUNTPOINT="/media"
PASS=""


#Only assign --mode, --device, --mountpoint and --pass parameters only if variables following them are not empty
while [ $# -gt 0 ]; do
  case "$1" in
    --mode)
      if [ -n "$2" ]; then
        MODE="$2"
        shift
        shift
      fi
      ;;
    --device)
      if [ -n "$2" ]; then
        DEVICE="$2"
        shift
        shift
      fi
      ;;
    --mountpoint)
      if [ -n "$2" ]; then
        MOUNTPOINT="$2"
        shift
        shift
      fi
      ;;
    --pass)
      if [ -n "$2" ]; then
        PASS="$2"
        shift
        shift
      fi
      ;;
    *)
      usage
      exit 1
      ;;
  esac
done


#Show parameters content but not LUKS passphrase: if empty, show "empty", if provided, show "provided"
DEBUG "Parameters: --mode=$MODE, --device=${DEVICE:-empty}, --mountpoint=$MOUNTPOINT, --pass=${PASS:+provided}"

enable_usb
enable_usb_storage

if [ ! -d "$MOUNTPOINT" ]; then
  DEBUG "Creating $MOUNTPOINT directory"
  mkdir -p "$MOUNTPOINT" > /dev/null 2>&1
else
  DEBUG "Cleaning $MOUNTPOINT directory"
  umount "$MOUNTPOINT" > /dev/null 2>&1 || true
fi


list_usb_storage > /tmp/usb_block_devices
if [ -z "$(cat /tmp/usb_block_devices)" ]; then
  if [ -x /bin/whiptail ]; then
    whiptail_warning --title 'USB Drive Missing' \
      --msgbox "Insert your USB drive and press Enter to continue." 0 80
  else
    echo "+++ USB Drive Missing! Insert your USB drive and press Enter to continue."
    read
  fi
  sleep 1
  list_usb_storage > /tmp/usb_block_devices
  if [ -z "$(cat /tmp/usb_block_devices)" ]; then
    if [ -x /bin/whiptail ]; then
      whiptail_error --title 'ERROR: USB Drive Missing' \
        --msgbox "USB Drive Missing! Aborting mount attempt.\n\nPress Enter to continue." 0 80
    else
      echo "!!! ERROR: USB Drive Missing! Aborting mount. Press Enter to continue."
    fi
    exit 1
  fi
fi

USB_MOUNT_DEVICE=""
# Check if the user has specified a USB device
if [ -n "$DEVICE" ]; then
  DEBUG "Checking if "$DEVICE" is a USB detected block device"
  if grep -q "$DEVICE" /tmp/usb_block_devices; then
    DEBUG "Selected device is a USB block device"
    USB_MOUNT_DEVICE="$DEVICE"
  else
    die "ERROR: Selected $DEVICE is not a USB block device"
  fi
else
  # Check for the common case: a single USB disk with one partition
  if [ $(cat /tmp/usb_block_devices | wc -l) -eq 1 ]; then
    USB_MOUNT_DEVICE="$(cat /tmp/usb_block_devices)"
  fi
  # otherwise, let the user pick
  if [ -z ${USB_MOUNT_DEVICE} ]; then
    > /tmp/usb_disk_list
    for i in $(cat /tmp/usb_block_devices); do
      #appends label to the device name
      echo $i $(blkid | grep $i | grep -o 'LABEL=".*"' | cut -f2 -d '"') >> /tmp/usb_disk_list
    done

    if [ -x /bin/whiptail ]; then
      MENU_OPTIONS=""
      n=0
      while read option
      do
        n=$(expr $n + 1)
        option=$(echo $option | tr " " "_")
        MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
      done < /tmp/usb_disk_list

      MENU_OPTIONS="$MENU_OPTIONS a Abort"
      whiptail --title "Select your USB disk" \
        --menu "Choose your USB disk [1-$n, a to abort]:" 0 80 8 \
        -- $MENU_OPTIONS \
        2>/tmp/whiptail
      if [ $? -ne 0 ]; then
        die "ERROR: Selecting USB disk/partition aborted."
      fi
      option_index=$(cat /tmp/whiptail)
    else
      echo "+++ Select your USB disk:"
      n=0
      while read option
      do
        n=$(expr $n + 1)
        echo "$n. $option"
      done < /tmp/usb_disk_list

      read \
        -p "Choose your USB disk [1-$n, a to abort]: " \
        option_index
    fi

    if [ "$option_index" = "a" ]; then
      exit 5
    fi
    USB_MOUNT_DEVICE=$(head -n $option_index /tmp/usb_disk_list | tail -1 | sed 's/\ .*$//')
  fi
fi

DEBUG "Checking if $USB_MOUNT_DEVICE is a LUKS device/partition"
if cryptsetup isLuks "$USB_MOUNT_DEVICE"; then
  DEBUG "Selected USB partition is a LUKS device"
  # Selected USB partition is a LUKS device
  mapped_name="usb_mount_$(basename "$USB_MOUNT_DEVICE")"
  if [ -e "/dev/mapper/${mapped_name}" ]; then
    DEBUG "Closing currently mapped LUKS device"
    cryptsetup close "${mapped_name}" || true
  fi
  DEBUG "Opening LUKS device $USB_MOUNT_DEVICE"
  # Pass LUKS passphrase to cryptsetup: if PASS provided use key-file, otherwise prompt on console
  if [ -z "$PASS" ]; then
    # Interactive console prompt (no whiptail passwordbox to avoid fbwhiptail issues)
    MAX_TRIES=3
    attempt=1
    while [ $attempt -le $MAX_TRIES ]; do
      echo -n "Enter passphrase for ${USB_MOUNT_DEVICE}: "
      read -r -s PASS
      echo
      DEBUG "LUKS: PASS ${PASS:+non-empty} — prompting on console for ${USB_MOUNT_DEVICE} (attempt ${attempt}/${MAX_TRIES})"
      DEBUG "LUKS: received passphrase (length=${#PASS})"
      DEBUG "LUKS: opening mapping ${mapped_name} (attempt ${attempt})"
      if cryptsetup open "$USB_MOUNT_DEVICE" "${mapped_name}" --key-file <(printf '%s' "$PASS") 2>/tmp/cryptsetup-open.log; then
        DEBUG "LUKS: opening mapping ${mapped_name} succeeded"
        break
      else
        DEBUG "LUKS: opening mapping ${mapped_name} failed (attempt ${attempt})"
        # clear PASS to avoid accidental reuse
        PASS=""
        attempt=$((attempt + 1))
        if [ $attempt -le $MAX_TRIES ]; then
          echo "Passphrase incorrect — try again."
        fi
      fi
    done
    if [ $attempt -gt $MAX_TRIES ]; then
      die "ERROR: Failed to open ${USB_MOUNT_DEVICE} LUKS device after ${MAX_TRIES} attempts"
    fi
  else
    # Non-interactive: use provided PASS via a safe key-file
    DEBUG "LUKS: using provided passphrase via key-file"
    if ! cryptsetup open "$USB_MOUNT_DEVICE" "${mapped_name}" --key-file <(printf '%s' "$PASS"); then
      die "ERROR: Failed to open ${USB_MOUNT_DEVICE} LUKS device"
    fi
  fi

  warn "Note that you cannot boot from a mounted encrypted device"
  DEBUG "Setting USB_MOUNT_DEVICE=/dev/mapper/${mapped_name}"
  USB_MOUNT_DEVICE="/dev/mapper/${mapped_name}"
else
  # Selected USB partition is not a LUKS device
  DEBUG "Selected USB partition is not a LUKS device, continuing..."
fi


# Mount the USB device
if [ "$MODE" = "rw" ]; then
  DEBUG "Mounting $USB_MOUNT_DEVICE as read-write"
  mount -o rw "$USB_MOUNT_DEVICE" "$MOUNTPOINT" || die "ERROR: Failed to mount ${USB_MOUNT_DEVICE} as read-write"
else
  DEBUG "Mounting $USB_MOUNT_DEVICE as read-only"
  mount -o ro "$USB_MOUNT_DEVICE" "$MOUNTPOINT" || die "ERROR: Failed to mount ${USB_MOUNT_DEVICE} as read-only"
fi