search

vmware-archive / usb-login-scripts

A formal repository for the scripts we use on our SSH-loading USB sticks
Apache License 2.0
28 stars 10 forks source link

Script formatting of drive #2

Open davidje13 opened 7 years ago

davidje13 commented 7 years ago

Setting up a new USB stick requires the following manual process (quoted in the readme):

Plug your drive into your computer and open Disk Utility. Eject the volume by clicking the icon in the list on the left, then select the disk (not the volume) on the left and navigate to the "Erase" tab. You'll want to name the volume something simple (such as "keys") to make it easier to access on the command line.

Depending on the format of your USB key's partition table, then the partition table is MBR, which doesn't support encryption, and you won't see encrypted partitions as options in the "Format" dropdown. In that case, you'll have to do a two-step dance, formatting the drive twice:

Once as OS X Extended (Journaled) using the GUID Partition Map, then.. Again, using Mac OS Extended (Case-sensitive, Journaled, Encrypted). Note that you may need to re-eject the volume before doing this. If you see the encrypted options in the dropdown, then just jump straight to #2 above.

This could be completed using a few commands which would be simpler to follow when setting up. See for example: http://www.theinstructional.com/guides/disk-management-from-the-command-line-part-1

Formatting can be done with:

diskutil eraseVolume jhfsx New /Volumes/MyMemoryStick

Need to find out how to apply encryption (and if necessary, how to change partition table type). Also need to ensure safety checks are applied to avoid accidentally reformatting the wrong drive.

davidje13 commented 7 years ago

This has been mostly addressed by 5a8c6499ff951a7f0487b70395c73d93b0d50699, but it would be nice to have it automatic rather than manually entered commands (needs some safety checks and a way to run the code before checking out the repo to the drive).

davidje13 commented 7 years ago

Here's a first pass at how this could look scripted (but untested)

DEV_VIRT="$(diskutil list external virtual | grep '/dev/' | tail -n1 | cut -f1 -d' ')";
DEV_PHYS="$(diskutil list external physical | grep '/dev/' | tail -n1 | cut -f1 -d' ')";
ORIG_VOLUME="$(mount | grep "$DEV_VIRT" | tail -n1 | cut -f 3 -d' ')";
CHOSEN_NAME="keys"; # todo: make customisable

if [[ -z "$DEV_VIRT" ]] || [[ -z "$DEV_PHYS" ]] || [[ -z "$ORIG_VOLUME" ]]; then
    echo "Failed to identify USB drive; have you connected it?";
    exit 1;
fi;

echo "Identified external drive: $DEV_VIRT ($DEV_PHYS) at $ORIG_VOLUME";
echo "Is this correct? (CAREFUL! Confirming will erase and reformat the volume)";
read CONFIRMATION;
if ! [[ "$CONFIRMATION" == "y"* ]]; then
    echo "Aborting";
    exit 1;
fi;

echo "Erasing $ORIG_VOLUME...";
diskutil eraseVolume jhfsx "$CHOSEN_NAME" "$ORIG_VOLUME";
echo "Partitioning $DEV_PHYS...";
diskutil partitionDisk "$DEV_PHYS" GPT JHFS+ "$CHOSEN_NAME" 0b;
echo "Password protecting...";
diskutil cs convert "/Volumes/$CHOSEN_NAME/" -passphrase;

echo "Installing script...";
cd "/Volumes/$CHOSEN_NAME/";
git clone "git@github.com:pivotal/usb-login-scripts.git";
./usb-login-scripts/install.sh;