diff --git a/contrib/gocryptfssh b/contrib/gocryptfssh new file mode 100755 index 0000000..505087f --- /dev/null +++ b/contrib/gocryptfssh @@ -0,0 +1,86 @@ +#!/bin/sh + +# This script mounts an gocryptfs filesystem, starts a shell in the mounted +# directory, and then unmounts the filesystem when the shell exits. This is an +# equivalent of the encfssh script by by David Rosenstrauch. + +canonicalize() { + cd "$1" || return + pwd +} + + +case $1 in "" | -h | --help) + echo "Usage: gocryptfssh encrypted_directory [unencrypted-directory [-p]]" + echo " -p mount the unencrypted directory as public" + exit 1 + ;; +esac + +enc_dir=$1 +unenc_dir_given=false +mount_public=false +if [ ! -z "$2" ]; then + unenc_dir_given=true + unenc_dir=$2 + for arg in "$@" ; do + if [ "$arg" = "-p" ]; then + mount_public=true + fi + done + [ -d "$unenc_dir" ] || mkdir -- "$unenc_dir" +else + unenc_dir=$(mktemp -d .XXXXXXXX) +fi + +if [ ! -d "$enc_dir" ]; then + mkdir -- "$enc_dir" +fi + +enc_dir=$(canonicalize "$enc_dir") +unenc_dir=$(canonicalize "$unenc_dir") + +options= +if [ "$unenc_dir_given" = "true" ]; then + if [ "$mount_public" = "true" ]; then + options="-- -o allow_other" + fi +fi + +# Attach the directory and change into it + +if gocryptfs "$enc_dir" "$unenc_dir" $options; then :; else + echo "gocryptfs failed" + rmdir -- "$unenc_dir" + exit 1 +fi +if ! [ "$unenc_dir_given" = "true" ]; then + chmod 700 "$unenc_dir" +fi +echo "Directory is $unenc_dir" >&2 +cd "$unenc_dir" || exit + +# Fall back to umount if fusermount is not available (e.g., on OS X) +fuse_umount() { + if command -v fusermount >/dev/null 2>&1; then + fusermount -u "$@" + else + umount "$@" # MacOS case + fi +} + +# Honor the SHELL environment variable to select a shell to run +"$SHELL"; retval=$? + +# ensure that this shell isn't itself holding the mounted directory open +# ...but avoid terminating on failure, *or* causing a shellcheck warning for +# failing to check exit status from cd. +cd / ||: + +# if unmount fails, skip rmdir, always use exit status of failure +fuse_umount "$unenc_dir" || exit + +if ! [ "$unenc_dir_given" = true ]; then + rmdir -- "$unenc_dir" +fi +exit "$retval"