Bug 133461

Summary: [PATCH] automount encrypted removable disks
Product: [Fedora] Fedora Reporter: W. Michael Petullo <redhat>
Component: halAssignee: David Zeuthen <davidz>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mclasen
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-27 18:07:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proof of concept for adding support for encrypted filesystems to fstab-snyc none

Description W. Michael Petullo 2004-09-24 07:43:52 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
The fstab-sync utility that is included in hal does a great job of
ensuring /etc/fstab gives users the ability to mount removable media.
 It would be great if this was also the case when the media contained
an encrypted filesystem.

I have written a patch against hal that demonstrates this concept. 
The patch is nowhere near complete (and breaks a few minor things) but
does work and illustrates the idea well.  I am submitting it now
hoping to get some dialog going.

Basically, if an entry corresponding to a device's USB serial number
exists in /etc/crypttab like this:

test    SERIAL=230760A44039A55F /etc/test-key   cipher=aes

then fstab-sync will treat the disk as encrypted using the kernel's
dm-crypt interface.  Fstab-sync will create the appropriate entry in
/dev/mapper using cryptsetup before updating /etc/fstab.  /etc/fstab
is updated with /dev/mapper/test instead of /dev/sda1.

Some issues I have not yet figured out:

USB serial numbers are great, but what about Firewire, etc.?

Can I tie this into gnome-keyring so that the key does not have to
exist in plain sight on the filesystem (/etc/test-key above)?

Is my patch approaching this in the right manner?

How do I support multiple partitions using the SERIAL= technique?


Version-Release number of selected component (if applicable):
hal-0.2.98-4

How reproducible:
Always

Steps to Reproduce:
Notice that fstab-sync does not handle encrypted disks.
    

Additional info:
Comment 1 W. Michael Petullo 2004-09-24 07:45:40 UTC 
Created attachment 104250 [details]
Proof of concept for adding support for encrypted filesystems to fstab-snyc
Comment 2 W. Michael Petullo 2004-09-25 07:58:41 UTC 
See also:

http://freedesktop.org/pipermail/hal/2004-September/001051.html.
Comment 3 David Zeuthen 2004-09-27 18:07:32 UTC 
Since you raised this upstream on the hal mailing list I suggest that
we continue the discussion there.

Thanks,
David