2007-08-19 17:37:28 |
TJ |
bug |
|
|
added bug |
2007-08-19 17:37:50 |
TJ |
bug |
|
|
assigned to gnome-mount (Baltix) |
2007-08-19 17:39:14 |
TJ |
bug |
|
|
assigned to gnome-mount (Ubuntu) |
2007-08-19 17:39:37 |
TJ |
gnome-mount: status |
New |
Fix Committed |
|
2007-08-19 17:39:37 |
TJ |
gnome-mount: assignee |
|
intuitive-nipple |
|
2007-08-19 17:39:37 |
TJ |
gnome-mount: statusexplanation |
|
|
|
2007-08-19 17:39:49 |
TJ |
hal: status |
New |
Fix Committed |
|
2007-08-19 17:39:49 |
TJ |
hal: assignee |
|
intuitive-nipple |
|
2007-08-19 17:39:49 |
TJ |
hal: statusexplanation |
|
|
|
2007-08-19 17:40:48 |
TJ |
gnome-mount: status |
New |
Invalid |
|
2007-08-19 17:40:48 |
TJ |
gnome-mount: statusexplanation |
Accidentally got the default selection of Baltix in error - please remove this Distro from the bug |
|
|
2007-08-19 18:11:44 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found. If there is no matching key-file the script will try to use the password as before.
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE $MAPPER --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found. If there is no matching key-file the script will try to use the password as before.
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 18:47:56 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found. If there is no matching key-file the script will try to use the password as before.
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 18:54:51 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the target name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 19:02:48 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column. like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 20:12:00 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab | awk '{print $0}'`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 20:18:10 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_a86ed2d8_4868_4a32_92af_fcce82d0696d
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_408e7dbc-1cad-4eff-9a06-1b1f9f60d22a
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-08-19 22:32:45 |
TJ |
bug |
|
|
added attachment 'gnome-mount-0.5-crypto_keyfile.diff' (gnome-mount crypto key-file support) |
2007-08-19 22:41:11 |
TJ |
bug |
|
|
assigned to gnome-mount (upstream) |
2007-08-20 08:01:04 |
Bug Watch Updater |
gnome-mount: status |
Unknown |
New |
|
2007-08-20 22:03:12 |
TJ |
description |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_408e7dbc-1cad-4eff-9a06-1b1f9f60d22a
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-manager calls gnome-mount which prompts for the encrypted volume password.
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" is needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/hal/scripts/linux/hal-luks-setup-linux
I am working on a modification to gnome-mount too, so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-manager, e.g:
--hal-udi=/org/freedesktop/Hal/devices/volume_uuid_408e7dbc-1cad-4eff-9a06-1b1f9f60d22a
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/by-uuid/408e7dbc-1cad-4eff-9a06-1b1f9f60d22a /media/key3/disk.key luks
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/hal/scripts/linux/hal-luks-setup-linux -----------------
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <mike@flyn.org>
# Copyright (C) 2006 David Zeuthen <davidz@redhat.com>
# Copyright (C) 2007 TJ <linux@tjworld.net>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=/sbin/cryptsetup
# detect key-file protected volume
LUKS="`grep \"${HAL_PROP_VOLUME_UUID#*_uuid_}\" /etc/crypttab`"
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID --key-file $KEYFILE 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo "Error setting up $HAL_PROP_BLOCK_DEVICE - bad key-file?" >&2
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.CryptSetupMissing >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - $CRYPTSETUP not found >&2
exit 1
fi
if [ -e /dev/mapper/luks_crypto_$HAL_PROP_VOLUME_UUID ]; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupError >&2
echo $HAL_PROP_BLOCK_DEVICE is already setup? >&2
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then
echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2
echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2
exit 1
fi
fi
hal-set-property --udi=$UDI --key="info.callouts.remove" --strlist-pre="hal-luks-remove" > /dev/null 2>&1
exit 0 |
|
2007-09-02 21:58:34 |
TJ |
gnome-mount: importance |
Undecided |
Low |
|
2007-09-02 21:58:44 |
TJ |
hal: importance |
Undecided |
Low |
|
2007-09-22 20:29:56 |
TJ |
title |
hal: Patch to auto-mount LUKS key-file encrypted volumes |
Patch to auto-mount LUKS key-file encrypted volumes |
|
2007-09-22 20:30:19 |
TJ |
gnome-mount: status |
Fix Committed |
Confirmed |
|
2007-09-22 20:30:27 |
TJ |
hal: status |
Fix Committed |
Confirmed |
|
2008-03-04 06:51:44 |
Greg Grossmeier |
gnome-mount: status |
Confirmed |
Triaged |
|
2008-07-09 01:46:55 |
TJ |
gnome-mount: status |
Triaged |
Fix Released |
|
2008-07-09 01:46:55 |
TJ |
gnome-mount: assignee |
intuitivenipple |
|
|
2008-07-09 01:47:08 |
TJ |
hal: status |
Confirmed |
Fix Released |
|
2008-07-09 01:47:08 |
TJ |
hal: assignee |
intuitivenipple |
|
|
2008-10-19 16:22:50 |
Greg Grossmeier |
hal: status |
Fix Released |
Triaged |
|
2008-10-19 16:22:50 |
Greg Grossmeier |
hal: statusexplanation |
|
If the fix is NOT in Ubuntu then the status should NOT be set to Fix Released. For more information please see point 2-3 under "Fix Released" on this page: https://wiki.ubuntu.com/Bugs/Status
For information on how to get your fix into Ubuntu please see: https://wiki.ubuntu.com/SponsorshipProcess
Thanks. |
|
2008-10-19 16:23:00 |
Greg Grossmeier |
gnome-mount: status |
Fix Released |
Triaged |
|
2009-04-08 20:29:49 |
Michael-Olaf |
removed subscriber Michael-Olaf |
|
|
|
2009-05-27 17:27:49 |
Martijn Vermaat |
attachment added |
|
HAL respects mapping path in /etc/crypttab http://launchpadlibrarian.net/27210512/hal-luks-crypttab.patch |
|
2010-06-10 10:19:46 |
David Futcher |
tags |
|
patch-forwarded-upstream |
|
2010-09-16 06:48:41 |
Bug Watch Updater |
gnome-mount: importance |
Unknown |
Wishlist |
|
2010-12-05 13:04:40 |
fugounashi |
bug |
|
|
added subscriber fugounashi |
2012-02-29 00:30:50 |
Bug Watch Updater |
gnome-mount: status |
New |
Won't Fix |
|
2013-05-24 17:27:27 |
dino99 |
hal (Ubuntu): status |
Triaged |
Invalid |
|
2013-05-24 17:27:33 |
dino99 |
gnome-mount (Ubuntu): status |
Triaged |
Invalid |
|