Patch to auto-mount LUKS key-file encrypted volumes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-mount |
Won't Fix
|
Wishlist
|
|||
gnome-mount (Baltix) |
Invalid
|
Undecided
|
Unassigned | ||
gnome-mount (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
hal (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
Binary package hint: hal
Feisty + Gnome, gnome-mount
With a LUKS encrypted volume on an external device, when the device is connected gnome-volume-
If the volume is *only* protected by a key-file gnome-mount fails and "sudo cryptsetup luksOpen /dev name --key-file file.key" is needed to be run manually.
As a first step to providing full support for key-files I have modified the hal script:
/usr/lib/
I am working on a modification to gnome-mount too, so it won't prompt for a password if a valid key-file is available.
Once the patched script is installed, when plugging in a LUKS encrypted volume gnome-mount will *still* ask you for a password but you can type in anything (it will be ignored) and press Enter. gnome-mount will execute the hal script which will check for a key-file and use it if found.
If there is no matching key-file the script will show an error-dialog reporting "bad key-file?" and then ask for a password as before. This gives a chance to insert the key-file device (I have it on a USB flash key).
If you save the password you typed either for the session, or forever, you won't get the password prompt again unless the key-file isn't found.
I've added functionality at the start of the script to check /etc/crypttab and match it against the argument passed to gnome-mount by gnome-volume-
--
The entry in /etc/crypttab *must* use the UUID in the device column, like this, for the script to work:
# <target name> <source device> <key file> <options>
mobile120 /dev/disk/
The script will match the UUID, get the device name and the key-file, and call cryptsetup luksOpen.
----- /usr/lib/
#!/bin/bash
# Copyright (C) 2005 W. Michael Petullo <email address hidden>
# Copyright (C) 2006 David Zeuthen <email address hidden>
# Copyright (C) 2007 TJ <email address hidden>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2.
CRYPTSETUP=
# detect key-file protected volume
LUKS="`grep \"${HAL_
MAPPER="`echo $LUKS | awk '{print $1}'`"
DEVICE="`echo $LUKS | awk '{print $2}'`"
KEYFILE="`echo $LUKS | awk '{print $3}'`"
# if there is a key-file, attempt to open the LUKS device with it
if [ "x${KEYFILE}" != "x" ]; then
if ! $CRYPTSETUP luksOpen $DEVICE luks_crypto_
echo org.freedesktop
echo "Error setting up $HAL_PROP_
exit 1
fi
else
read PASSWORD
if [ ! -f $CRYPTSETUP ]; then
echo org.freedesktop
echo Error setting up $HAL_PROP_
exit 1
fi
if [ -e /dev/mapper/
echo org.freedesktop
echo $HAL_PROP_
exit 1
fi
if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_
echo org.freedesktop
echo Error setting up $HAL_PROP_
exit 1
fi
fi
hal-set-property --udi=$UDI --key="
exit 0
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in gnome-mount: | |
status: | Unknown → New |
description: | updated |
Changed in gnome-mount: | |
importance: | Undecided → Low |
Changed in hal: | |
importance: | Undecided → Low |
Changed in gnome-mount: | |
status: | Fix Committed → Confirmed |
Changed in hal: | |
status: | Fix Committed → Confirmed |
Changed in gnome-mount: | |
status: | Confirmed → Triaged |
tags: | added: patch-forwarded-upstream |
Changed in gnome-mount: | |
importance: | Unknown → Wishlist |
Changed in gnome-mount: | |
status: | New → Won't Fix |
Accidentally got the default selection of Baltix in error - please remove this Distro from the bug