# Burn your homedirectory (/home/heinz) encrypted (twofish) on a CD.
# The mounting and modprobe has to be done as su !!!
# /etc/fstab should contain the line:
# /dev/loop0  /tmp/topsecret  ext2  noauto,user  0 0

# Debug what is done.
set -vx

# Create a cryptfile that serves as medium for writing (like paper).
# Done only once, the cryprfile can be overrwritten, reused.
if [ -a "/tmp/cryptfile" ]
then
  echo "/tmp/cryptfile exists"
  create_tmp_cryptfile=0
else
  echo "create: /tmp/cryptfile"
  dd if=/dev/urandom of=/tmp/cryptfile bs=1024 count=600000
  create_tmp_cryptfile=1
fi

# Setup the encryption filter on the /dev/loop for read/write.
# The cryptfile serves as medium (like a disk device).
# Module loop_fish2 has to be loaded.
su -c "modprobe loop_fish2"
echo Enter first su passwork than crypt-password:
su -c "losetup -e twofish /dev/loop0 /tmp/cryptfile"

# Make a filesystem on the device, hence on the cryptfile.
# Also this is done only once as long as the cryptfile is reused.
if [ $create_tmp_cryptfile -eq 1 ]
then
  su -c "mkfs  -t ext2 /dev/loop0"
else
  echo "ext2-fs on /tmp/cryptfile should exist already"
fi

# Check if the mountpoint for the cryptfile exists
if [ -d "/tmp/topsecret" ]
then
  echo "/tmp/topsecret exist" 
else
  echo "mkdir /tmp/topsecret" 
  mkdir /tmp/topsecret
  su -c "chmod a+rwx /tmp/topsecret"
fi
# mount the cryptfile with the filesytem via the /dev/loop
# su -c "mount -t ext2 /dev/loop0 /tmp/topsecret"
mount /tmp/topsecret
# Now IO to the cyptfile-system is open.

# Clean up the cryptfile-system (carful!!, Check mount first)
# !!! see above: ( cd /tmp/topsecret ; rm -rf * )
if ( mount | grep "/dev/loop0" | grep "/tmp/topsecret" 2>&1 >/dev/null ) 
then
  echo "loop is mounted"
else
  echo "loop not mounted"
  exit
fi
echo "Clean /tmp/cryptfile"
if [ -d "/tmp/topsecret" ]
then
  ( cd /tmp/topsecret ; rm -rf * )
else
  echo "/tmp/topsecret does not exist" 
  exit
fi

# cp dirs in you home that should be on the CD.
cd /home/heinz 
su heinz -c "cp -u \
data/ \
perl/ \
www/ \
document/ \
 /tmp/topsecret"

#check
cd /tmp/topsecret ; ls ; cd /

Make the iso-filesystem for the CD with only the cryptfile.
su -c "mkisofs -r -o /tmp/cd_image /tmp/cryptfile"

# Burn the CD.
su -c "cdrecord -v speed=2 dev=0,1,0  -data  /tmp/cd_image"

# unmount the /dev/loop 
#su -c "umount /dev/loop0"
umount /tmp/topsecret

# Delete the encrypted connection of /dev/loop to cryptfile.
su -c "losetup -d /dev/loop0"


# Check the cd.
$check_cd="n"
echo "Put the CD in the cdrom drive if you want to check it."
echo "Check the cd (y) or exit (n): (n)"; read check_cd;
if [ $check_cd = "y" ]
then
  echo "perform check...."
else
  echo "no check"
  exit
fi

# Mount the iso cd.
#mount -t iso9660 /dev/cdrom /media/cdrom
# with scsi imulation for the burner:
# su -c "mount -t iso9660 /dev/sr0 /media/cdrom"
mount /media/cdrom

# Try setup the cryptfile-system as above, 
# but with the cryptfile from the CD.
losetup -e twofish /dev/loop0 /media/cdrom/cryptfile 
#su -c "mount -t ext2 /dev/loop0 /tmp/topsecret"
mount /tmp/topsecret"
cd tmp/topsecret 

ls -la

umount  /tmp/topsecret

su -c "losetup -d /dev/loop0"

umount /media/cdrom