** Description changed:
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is
connected gnome-volume-manager calls gnome-mount which prompts for the
encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and
"sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be
run manually.
As a first step to providing full support for key-files I have modified
the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt
for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted
volume gnome-mount will *still* ask you for a password but you can type
in anything (it will be ignored) and press Enter. gnome-mount will
execute the hal script which will check for a key-file and use it if
found. If there is no matching key-file the script will try to use the
password as before.
If you save the password you typed either for the session, or forever,
you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check
/etc/crypttab and match it against the argument passed to gnome-mount by
gnome-volume-manager, e.g:
--hal-
udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column.
like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a
/media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file,
and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <[EMAIL PROTECTED]>
# Copyright (C) 2006 David Zeuthen <[EMAIL PROTECTED]>
# Copyright (C) 2007 TJ <[EMAIL PROTECTED]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print
$0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
- if ! $CRYPTSETUP luksOpen $DEVICE $MAPPER --key-file $KEYFILE 2>
/dev/null; then
+ if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID
--key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE
luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre
="hal-luks-remove" > /dev/null 2>&1
exit 0
--
hal: Patch to auto-mount LUKS key-file encrypted volumes
https://bugs.launchpad.net/bugs/133520
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
