But also note: Luke Smith is not getting any "welcome" here. So please do not add further sources from him or based on him. Thanks!
We do not support people oriented on far-right political ideologies (with pointing on our social contract).
]]>We do not support people oriented on far-right political ideologies (with pointing on our social contract).
]]>#!/bin/bash
# Mounts Android Phones and USB drives (encrypted or not). This script will
# replace the older `dmenumount` which had extra steps and couldn't handle
# encrypted drives.
# TODO: Try decrypt for drives in crtypttab
# TODO: Add some support for connecting iPhones (although they are annoying).
IFS='
'
# Function for escaping cell-phone names.
escape(){ echo "$@" | iconv -cf UTF-8 -t ASCII//TRANSLIT | tr -d '[:punct:]' | tr '[:upper:]' '[:lower:]' | tr ' ' '-' | sed "s/-\+/-/g;s/\(^-\|-\$\)//g" ;}
# Check for phones.
phones="$(simple-mtpfs -l 2>/dev/null | sed "s/^/📱/")"
mountedphones="$(grep "simple-mtpfs" /etc/mtab)"
# If there are already mounted phones, remove them from the list of mountables.
[ -n "$mountedphones" ] && phones="$(for phone in $phones; do
for mounted in $mountedphones; do
escphone="$(escape "$phone")"
[[ "$mounted" =~ "$escphone" ]] && break 1
done && continue 1
echo "$phone"
done)"
# Check for drives.
lsblkoutput="$(lsblk -rpo "uuid,name,type,size,label,mountpoint,fstype")"
# Get all LUKS drives
allluks="$(echo "$lsblkoutput" | grep crypto_LUKS)"
# Get a list of the LUKS drive UUIDs already decrypted.
decrypted="$(find /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-* | sed "s|.*LUKS2-||;s|-.*||")"
# Functioning for formatting drives correctly for dmenu:
filter() { sed "s/ /:/g" | awk -F':' '$7==""{printf "%s%s (%s) %s\n",$1,$3,$5,$6}' ; }
# Get only LUKS drives that are not decrypted.
unopenedluks="$(for drive in $allluks; do
uuid="${drive%% *}"
uuid="${uuid//-}" # This is a bashism.
[ -n "$decrypted" ] && for open in $decrypted; do
[ "$uuid" = "$open" ] && break 1
done && continue 1
echo "🔒 $drive"
done | filter)"
# Get all normal, non-encrypted or decrypted partitions that are not mounted.
normalparts="$(echo "$lsblkoutput"| grep -v crypto_LUKS | grep 'part\|rom\|crypt' | sed "s/^/💾 /" | filter )"
# Add all to one variable. If no mountable drives found, exit.
alldrives="$(echo "$phones
$unopenedluks
$normalparts" | sed "/^$/d;s/ *$//")"
# Quit the script if a sequential command fails.
set -e
test -n "$alldrives"
# Feed all found drives to dmenu and get user choice.
chosen="$(echo "$alldrives" | dmenu -p "Mount which drive?" -i)"
# Function for prompting user for a mountpoint.
getmount(){
mp="$(find /mnt /media /mount /home -maxdepth 1 -type d 2>/dev/null | dmenu -i -p "Mount this drive where?")"
test -n "$mp"
if [ ! -d "$mp" ]; then
mkdiryn=$(printf "No\\nYes" | dmenu -i -p "$mp does not exist. Create it?")
[ "$mkdiryn" = "Yes" ] && (mkdir -p "$mp" || sudo -A mkdir -p "$mp")
fi
}
attemptmount(){
# Attempt to mount without a mountpoint, to see if drive is in fstab.
sudo -A mount "$chosen" || return 1
notify-send "💾Drive Mounted." "$chosen mounted."
exit
}
case "$chosen" in
💾*)
chosen="${chosen%% *}"
chosen="${chosen:1}" # This is a bashism.
attemptmount || getmount
sudo -A mount "$chosen" "$mp" -o uid="$(id -u)",gid="$(id -g)"
notify-send "💾Drive Mounted." "$chosen mounted to $mp."
;;
🔒*)
chosen="${chosen%% *}"
chosen="${chosen:1}" # This is a bashism.
# Number the drive.
while true; do
[ -f "/dev/mapper/usb$num" ] || break
num="$(printf "%02d" "$((num +1))")"
done
# Decrypt in a terminal window
${TERMINAL:-st} -n floatterm -g 60x1 -e sudo cryptsetup open "$chosen" "usb$num"
# Check if now decrypted.
test -b "/dev/mapper/usb$num"
attemptmount || getmount
sudo -A mount "/dev/mapper/usb$num" "$mp" -o uid="$(id -u)",gid="$(id -g)"
notify-send "🔓Decrypted drive Mounted." "$chosen decrypted and mounted to $mp."
;;
📱*)
notify-send "❗Note" "Remember to allow file access on your phone now."
getmount
number="${chosen%%:*}"
number="${chosen:1}" # This is a bashism.
sudo -A simple-mtpfs -o allow_other -o fsname="simple-mtpfs-$(escape "$chosen")" --device "$number" "$mp"
notify-send "🤖 Android Mounted." "Android device mounted to $mp."
;;
esacAs I understand it, you also decrypt disks or usb using the
terminal.What do you think about scripts to automate this process? Can you write
complex scripts?
I don't encrypt full disks as I don't see the usefulness to, putting a
password in BIOS is simpler if needed to protect the system itself at
boot, but even then you can't know that the disks haven't been removed
and executables changed unless you sign them or reinstall the whole
system. But a line in an init script that would decrypt some file using a password at
startup with aescrypt2 for example, and encrypt it at shutdown is a good way of
protecting privacy.
Regarding full usb encryption, use fscrypt:
https://wiki.archlinux.org/title/Fscrypt#ext4.
Compile and install fscryptctl:
https://github.com/google/fscryptctl/bl … README.md.
and follow the instructions
For auto_mounting, you can add a udev rule, for example (supposing you want to enter the password in dmenu):
(inspired by
https://stackoverflow.com/questions/451 … ell-script)
/lib/udev/rules.d/10-usb-decryption-automount.rules
// SPDX-License-Identifier: BSD-3-Clause
ACTION=="add", KERNEL=="sdb[0-9]", SUBSYSTEM=="block", RUN+="auto-mount"
ACTION=="remove", KERNEL=="sdb[0-9]", SUBSYSTEM=="block", RUN+="auto-mount"/usr/bin/auto-mount
// SPDX-License-Identifier: BSD-3-Clause
#!/bin/sh
Name=$(basename $0)
Logger="/usr/bin/logger -p local3.info -t $Name "
Message="$* $DEVNAME $ACTION $ID_FS_LABEL"
$Logger <<< $Message
usb_add ()
{ Message="automounting $DEVNAME $ID_FS_LABEL"
$Logger <<< $Message
/sbin/mount $DEVNAME /mnt && $Logger <<< "mounted" ||
$Logger <<< "failed"
dmenu < /dev/null | fscryptctl add_key /mnt
}
pico_remove ()
{ Message="umounting $DEVNAME $ID_FS_LABEL"
$Logger <<< $Message
/sbin/umount -f /mnt && $Logger <<< "umounted" || $LOGGER "failed"
}
usb_$ACTIONthen: udevadm control --reload-rules && udevadm trigger
]]>