Erik/justfiles
1
0
Fork 0
Code Issues Pull requests Wiki Activity
justfiles/luks-portable
History
Erik Grobecker 9313f4fdd3
feat: added portable luks project
2025-04-05 16:14:28 +02:00
..
justfile feat: added portable luks project 2025-04-05 16:14:28 +02:00
README.md feat: added portable luks project 2025-04-05 16:14:28 +02:00

README.md

Portable LUKS Volume Manager (using just)

This justfile provides commands to create, manage, mount, and unmount a portable, encrypted LUKS volume stored in a file. It also includes compression and checksum verification for the volume image.

Features

  • Create a new LUKS encrypted volume within a file.
  • Mount the encrypted volume to a specified mountpoint.
  • Unmount the encrypted volume.
  • Compress the volume image using zstd for portability/storage.
  • Decompress the volume image.
  • Create and verify checksums for the compressed image.
  • Automatically checks for required dependencies.

Requirements

The following dependencies must be installed on your system: cryptsetup, fallocate, mkfs.ext4, zstd, mount, umount, chown, rmdir, mkdir, xxhsum.

The check-deps recipe will verify these before most operations.

Configuration

You can modify these variables at the top of the justfile:

  • MOUNTPOINT: Directory where the decrypted filesystem will be mounted (default: ./mnt).
  • VOLUME_NAME: Internal name used by cryptsetup for the mapped device (default: portable_luks_volume).
  • IMAGE_PATH: Path to the LUKS container file (default: ./luks_container.img).
  • IMAGE_SIZE: Size for the container file when creating it (default: 1G).
  • CHECKSUM: Path to the checksum file (default: xxh.checksum).

Usage

Note: Most commands require sudo privileges for cryptsetup and mount/umount operations. You will likely be prompted for your password.

  1. Create a new encrypted volume:

    just create

    This will:

    • Allocate a file (IMAGE_PATH) of IMAGE_SIZE.
    • Format it as a LUKS volume.
    • Open the LUKS volume.
    • Create an ext4 filesystem inside it.
    • Create the MOUNTPOINT directory.
    • Mount the filesystem to MOUNTPOINT.
    • (Important) After creation, you should immediately just unmount to compress the initial empty image if desired.

  2. Mount the existing volume:

    • If the image is compressed (.zst extension): 
      just mount # or 'just m' or simply 'just' (default)
      This will: check dependencies, verify checksum (if xxh.checksum exists), decompress the image, create the mountpoint, open the LUKS container, mount the filesystem, and set user ownership on the mountpoint.
    • If the image is not compressed: You might need to manually run the steps after decompression or adapt the mount recipe. The default flow assumes starting from a compressed state.

  3. Unmount the volume:

    just unmount # or 'just u'

    This will: unmount the filesystem, close the LUKS container, remove the mountpoint directory, and compress the image file (IMAGE_PATH -> IMAGE_PATH.zst), removing the original.

  4. Manual Compression/Decompression:

    • Compress: just compress (Compresses IMAGE_PATH, removes original)
    • Decompress: just decompress (Decompresses IMAGE_PATH.zst, removes compressed version)

  5. Checksum Management:

    • Create checksum: just create-checksum (Creates xxh.checksum from IMAGE_PATH.zst)
    • Verify checksum: just verify-checksum (Verifies IMAGE_PATH.zst against xxh.checksum)

  6. Check Dependencies:

    just check-deps

    Checks if all required tools are installed and accessible in your PATH.