** Description changed:
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is
connected gnome-volume-manager calls gnome-mount which prompts for the
encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and
- "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be
+ "sudo cryptsetup luksOpen /dev name --key-file file.key" is needed to be
run manually.
As a first step to providing full support for key-files I have modified
the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
- I am working on a modification to gnome-mount too so it won't prompt
+ I am working on a modification to gnome-mount too, so it won't prompt
for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted
volume gnome-mount will *still* ask you for a password but you can type in
anything (it will be ignored) and press Enter. gnome-mount will execute the hal
script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog
reporting "bad key-file?" and then ask for a password as before. This gives a
chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever,
you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check
/etc/crypttab and match it against the argument passed to gnome-mount by
gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_408e7dbc-1cad-
4eff-9a06-1b1f9f60d22a
The entry in /etc/crypttab *must* use the UUID in the device column,
like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a
/media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file,
and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <[EMAIL PROTECTED]>
# Copyright (C) 2006 David Zeuthen <[EMAIL PROTECTED]>
# Copyright (C) 2007 TJ <[EMAIL PROTECTED]>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID
--key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE
luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre
="hal-luks-remove" > /dev/null 2>&1
exit 0
--
hal: Patch to auto-mount LUKS key-file encrypted volumes
https://bugs.launchpad.net/bugs/133520
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
