nf3 · January 26, 2025 23:19
diff --git a/Makefile_USBKEY b/Makefile_USBKEY
 targets := \
 	header.img \
 	usb-key-plain.img \
 	usb-key-crypt.img

 wait_for_file = \
 	until test -e '$(1)'; do \
 		echo 'waiting for file "$(1)"...' && sleep 1; \
 	done


 .PHONY: all
 all: $(targets)

 dummy.img:
 	dd if=/dev/zero of=$(@) bs=1M count=1

 header.key:
 	head -c 4096 /dev/urandom > $(@)

 header.img: header.key | dummy.img
 	dd if=/dev/zero of=$(@) bs=16M count=1
 	sudo cryptsetup \
 		--header $(@) \
 		--key-file $(^) \
 		luksFormat $(|)
 	@echo '================================='
 	@echo '== This is the password for the "crypt" usb-key'
 	sudo cryptsetup \
 		--key-file $(^) \
 		--iter-time=10000 \
 		luksAddKey $(@)
 	cryptsetup luksDump $(@)


 .PRECIOUS: loop-%.img

 usb-key-%.img:
 	make fs-$(*) fs-format-$(*) fs-deinit-$(*)
 	mv loop-$(*).img $(@)
 	sha256sum $(@)

 fs-%: \
 		/dev/disk/by-label/usb-key-% | loop-%.dev
 	mkdir -p fs-$(*)
 	sudo mount '$(^)' fs-$(*)

 .PHONY: fs-format-crypt
 fs-format-crypt: | fs-crypt/header.img
 	sha256sum header.img $(|)

 .PHONY: fs-format-plain
 fs-format-plain: | fs-plain/header.img fs-plain/header.key
 	sha256sum header.img header.key $(|)

 fs-deinit-%: \
 		| /dev/disk/by-label/usb-key-% loop-%.dev
 	find fs-$(*) | sort
 	sudo umount fs-$(*)
 	rmdir fs-$(*)
 	sudo losetup -d '$(realpath loop-$(*).dev)'

 fs-%/header.img: header.img | fs-%
 	sudo cp $(^) $(@)

 fs-%/header.key: header.key | fs-%
 	sudo cp $(^) $(@)

 /dev/disk/by-label/usb-key-%: \
 		/dev/disk/by-partlabel/usb-key-% | loop-%.dev
 	sudo mkfs.ext4 '$(^)' -L usb-key-$(*)
 	$(call wait_for_file,$(@))

 /dev/disk/by-partlabel/usb-key-%: \
 		conf/sfdisk-%.conf | loop-%.dev
 	cat '$(^)' | sudo sfdisk '$(realpath $(|))'
 	$(call wait_for_file,$(@))

 loop-%.dev: loop-%.img
 	ln -s $$(sudo losetup --show -fP $(^)) $(@)

 loop-%.img:
 	dd if=/dev/urandom of=$(@) bs=1M count=64 status=progress


 .PHONY: clean
 clean:
 	rm -f dummy.img

 .PHONY: clean-all
 clean-all: clean
 	rm -f $(targets) header.key
 	sudo umount fs-plain || true
 	sudo umount fs-crypt || true
 	rmdir fs-plain fs-crypt || true
 	rm -f loop-plain.img loop-crypt.img
 	sudo losetup -d \
 		$$(losetup -ln -O NAME,BACK-FILE \
 			| grep '$(shell pwd)/loop' \
 			| awk '{print $$1}') >/dev/null 2>&1 \
 				|| true

 .PHONY: list
 list:
 	@lsblk -do name,tran,size,type,mountpoint | grep ' usb ' || \
 		for x in /sys/block/*; do \
 			v=$$(udevadm info -q property $$x); \
 			echo '$$v' | grep -q '^ID_BUS=usb' || continue; \
 			echo '$$v' | grep '^DEVLINKS=' | sed 's|DEVLINKS=||g' \
 				| xargs printf '%s\n' | grep '^/dev/disk/by-id/'; \
 		done
	targets := \
	header.img \
	usb-key-plain.img \
	usb-key-crypt.img

	wait_for_file = \
	until test -e '$(1)'; do \
	echo 'waiting for file "$(1)"...' && sleep 1; \
	done


	.PHONY: all
	all: $(targets)

	dummy.img:
	dd if=/dev/zero of=$(@) bs=1M count=1

	header.key:
	head -c 4096 /dev/urandom > $(@)

	header.img: header.key \| dummy.img
	dd if=/dev/zero of=$(@) bs=16M count=1
	sudo cryptsetup \
	--header $(@) \
	--key-file $(^) \
	luksFormat $(\|)
	@echo '================================='
	@echo '== This is the password for the "crypt" usb-key'
	sudo cryptsetup \
	--key-file $(^) \
	--iter-time=10000 \
	luksAddKey $(@)
	cryptsetup luksDump $(@)


	.PRECIOUS: loop-%.img

	usb-key-%.img:
	make fs-$() fs-format-$() fs-deinit-$(*)
	mv loop-$(*).img $(@)
	sha256sum $(@)

	fs-%: \
	/dev/disk/by-label/usb-key-% \| loop-%.dev
	mkdir -p fs-$(*)
	sudo mount '$(^)' fs-$(*)

	.PHONY: fs-format-crypt
	fs-format-crypt: \| fs-crypt/header.img
	sha256sum header.img $(\|)

	.PHONY: fs-format-plain
	fs-format-plain: \| fs-plain/header.img fs-plain/header.key
	sha256sum header.img header.key $(\|)

	fs-deinit-%: \
	\| /dev/disk/by-label/usb-key-% loop-%.dev
	find fs-$(*) \| sort
	sudo umount fs-$(*)
	rmdir fs-$(*)
	sudo losetup -d '$(realpath loop-$(*).dev)'

	fs-%/header.img: header.img \| fs-%
	sudo cp $(^) $(@)

	fs-%/header.key: header.key \| fs-%
	sudo cp $(^) $(@)

	/dev/disk/by-label/usb-key-%: \
	/dev/disk/by-partlabel/usb-key-% \| loop-%.dev
	sudo mkfs.ext4 '$(^)' -L usb-key-$(*)
	$(call wait_for_file,$(@))

	/dev/disk/by-partlabel/usb-key-%: \
	conf/sfdisk-%.conf \| loop-%.dev
	cat '$(^)' \| sudo sfdisk '$(realpath $(\|))'
	$(call wait_for_file,$(@))

	loop-%.dev: loop-%.img
	ln -s $$(sudo losetup --show -fP $(^)) $(@)

	loop-%.img:
	dd if=/dev/urandom of=$(@) bs=1M count=64 status=progress


	.PHONY: clean
	clean:
	rm -f dummy.img

	.PHONY: clean-all
	clean-all: clean
	rm -f $(targets) header.key
	sudo umount fs-plain \|\| true
	sudo umount fs-crypt \|\| true
	rmdir fs-plain fs-crypt \|\| true
	rm -f loop-plain.img loop-crypt.img
	sudo losetup -d \
	$$(losetup -ln -O NAME,BACK-FILE \
	\| grep '$(shell pwd)/loop' \
	\| awk '{print $$1}') >/dev/null 2>&1 \
	\|\| true

	.PHONY: list
	list:
	@lsblk -do name,tran,size,type,mountpoint \| grep ' usb ' \|\| \
	for x in /sys/block/*; do \
	v=$$(udevadm info -q property $$x); \
	echo '$$v' \| grep -q '^ID_BUS=usb' \|\| continue; \
	echo '$$v' \| grep '^DEVLINKS=' \| sed 's\|DEVLINKS=\|\|g' \
	\| xargs printf '%s\n' \| grep '^/dev/disk/by-id/'; \
	done