diff --git a/src/meson.build b/src/meson.build index 509d9af..fa1bb45 100644 --- a/src/meson.build +++ b/src/meson.build @@ -1,14 +1,17 @@ # Find scripts +main = find_program('zlevis') encrypt = find_program('zlevis-encrypt') decrypt = find_program('zlevis-decrypt') fetch = find_program('zlevis-fetch') # Test the scripts +test('zlevis', main, args: '--summary') test('zlevis-encrypt', encrypt, args: '--summary') test('zlevis-decrypt', decrypt, args: '--summary') test('zlevis-fetch', fetch, args: '--summary') # Add paths of scripts to bins +bins += join_paths(meson.current_source_dir(), 'zlevis') bins += join_paths(meson.current_source_dir(), 'zlevis-encrypt') bins += join_paths(meson.current_source_dir(), 'zlevis-decrypt') bins += join_paths(meson.current_source_dir(), 'zlevis-fetch') \ No newline at end of file diff --git a/src/zlevis b/src/zlevis new file mode 100644 index 0000000..fc9b701 --- /dev/null +++ b/src/zlevis @@ -0,0 +1,39 @@ +#!/bin/sh + +# Exit immediately if a command exits with a non-zero status +set -e + +# Summary of the script's functionality +summary="A tool that enables automatic decryption of ZFS rpools with TPM2" + +# Display summary if requested +if [ "$1" = "--summary" ]; then + echo "$summary" + exit 0 +fi + +# Display usage information if input is from a terminal +if [ -t 0 ]; then + exec >&2 + echo "Usage: zlevis {decrypt|encrypt} {pool|*} [options]" + exit 2 +fi + +case "$1" in + decrypt) + case "$2" in + pool) zfs list -Ho tpm:jwe $3 | zlevis-decrypt;; + *) zlevis-decrypt $2;; + esac + ;; + encrypt) + case "$2" in + pool) read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt $4) $3;; + *) zlevis-encrypt $2;; + esac + ;; + *) exit 1;; +esac + +# Exit with the status of the last command +exit $? \ No newline at end of file diff --git a/src/zlevis-decrypt b/src/zlevis-decrypt index c839ee7..f079835 100755 --- a/src/zlevis-decrypt +++ b/src/zlevis-decrypt @@ -18,10 +18,7 @@ fi # Display usage information if input is from a terminal if [ -t 0 ]; then exec >&2 - echo "$summary" - echo echo "Usage: \"zlevis-decrypt < file.jwe\"" - echo "Usage ZFS: \"zfs list -Ho tpm:jwe | zlevis-decrypt\"" exit 2 fi diff --git a/src/zlevis-encrypt b/src/zlevis-encrypt index 267e56e..b58c508 100755 --- a/src/zlevis-encrypt +++ b/src/zlevis-encrypt @@ -21,7 +21,7 @@ fi # Display usage information if input is from a terminal if [ -t 0 ]; then exec >&2 - echo "$summary" + echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\"" echo echo "This command uses the following configuration properties:" echo " hash: -> Hash algorithm used in the computation of the object name (default: sha256)." @@ -29,9 +29,6 @@ if [ -t 0 ]; then echo " pcr_bank: -> PCR algorithm bank to use for policy (default: first supported by TPM)." echo " pcr_ids: -> PCR list used for policy. If not present, no policy is used." echo " pcr_digest: -> Binary PCR hashes encoded in base64. If not present, the hash values are looked up." - echo - echo "Usage: \"zlevis-encrypt '{\"property\":\"value\"}' < file.key > file.jwe\"" - echo "Usage ZFS: \"zfs set tpm:jwe=\$(zlevis-encrypt '{\"property\":\"value\"}' < tank.key) \"" exit 2 fi