This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 152946

Summary: Add support for encrypted volumes to gnome-volume-manager
Product: [Fedora] Fedora Reporter: W. Michael Petullo <redhat>
Component: gnome-volume-managerAssignee: John (J5) Palmieri <johnp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jkeck
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-02 23:44:56 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 169322    
Bug Blocks:    
Attachments:
Description Flags
SRPM with patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Patch to add encrypted volume support to gnome-volume-manager
none
Alternative patch from Debian none

Description W. Michael Petullo 2005-03-31 00:27:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050313 Epiphany/1.5.8

Description of problem:
An effort is underway to allow hal to understand volumes encrypted using dm-crypt [1].  This effort uses LUKS [2] to store encryption parameters on disk.  The end state of this effort is that when a user attaches an encrypted device to the system, the user is prompted for a passphrase and that device is then mounted.

This requires a patch to gnome-volume-manager so that g-v-m recognizes an encrypted volume, prompts the user for a passphrase and provides that passphrase to hald so that hald can properly set up the associated plaintext device.

[1] http://lists.freedesktop.org/archives/hal/2004-December/001423.html
[2] http://luks.endorphin.org/

Version-Release number of selected component (if applicable):
gnome-volume-manager-1.1.3-3

How reproducible:
Always

Steps to Reproduce:
Notice that gnome-volume-manager does not recognize encrypted volumes.

Additional info:
Comment 1 W. Michael Petullo 2005-03-31 00:33:43 EST
Created attachment 112504 [details]
SRPM with patch to add encrypted volume support to gnome-volume-manager

The patch contained in this SRPM is really just a shell.  Much of the
functionality must still be implemented.  At this point, gnome-volume-manager
simply detects that a volume is encrypted and ignores it.
Comment 2 John (J5) Palmieri 2005-03-31 11:24:18 EST
can you please post the patch.  I am in the middle of releasing 1.3.1 of g-v-m
and then packaging it in Fedora.  I want to evaluate the patch before I decide
to put it in.
Comment 3 W. Michael Petullo 2005-03-31 11:30:05 EST
As I mentioned, the patch isn't ready for use yet.  I still have to implement
the passphrase prompt and the luks-setup request.  I submitted an SRPM to make
it clear that this patch is against Red Hat's patched hal.  Once I am complete
with the remaining implementation, I will submit a naked patch.  Don't wait on
this for 1.3.1.

Thanks for your interest.
Comment 4 W. Michael Petullo 2005-04-01 00:00:27 EST
Created attachment 112563 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch implements everything except the request for hald to execute
luks-setup.  I am waiting for a forthcoming feature in hald to allow the daemon
to execute this request.  See item four at:

http://lists.freedesktop.org/archives/hal/2005-March/002266.html

for mention of this feature.

This patch was made against gnome-volume-manager 1.1.3 with the following
patches already applied:

1.  gnome-volume-manager-0.9.10.add-to-base.patch
2.  gnome-volume-manager-1.1.0.addheader.patch
3.  gnome-volume-manager-1.1.0-rh-defaults.patch
4.  gnome-volume-manager-1.1.3-hal-api.patch
Comment 5 John (J5) Palmieri 2005-04-14 15:56:29 EDT
So most likely this isn't going to get into FC4 unless I get some time to look
over it between now and the freeze which I doubt.  I susspect we need to get all
the UI bit first anyway so as soon as FC5 rolls around I think we can start
lending some time to getting this stuff workable.  I'll leave the bug open, keep
me updated on the progress of all the different components.
Comment 6 John (J5) Palmieri 2005-04-14 15:57:40 EDT
Of course by FC5 rolling around I mean rawhide starting to target FC5 not
waiting for the FC5 release ;-)
Comment 7 W. Michael Petullo 2005-04-18 21:10:33 EDT
Created attachment 113351 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch does everything the previous patch does plus it adds the ability to
store passphrases using the gnome-keyring-manager system.

I'm still waiting on hald's method invocation interface.
Comment 8 W. Michael Petullo 2005-04-19 16:08:51 EDT
Please see also http://www.flyn.org/easycrypto/easycrypto.html.
Comment 9 W. Michael Petullo 2005-07-14 22:35:35 EDT
Created attachment 116788 [details]
Patch to add encrypted volume support to gnome-volume-manager
Comment 10 W. Michael Petullo 2005-07-14 22:38:23 EDT
Comment on attachment 116788 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch now takes advantage of hald's new method invocation interface.  The
methods interface was committed to hal's CVS tree on July 12, 2005.  With this
patch, gnome-volume-manager identifies a newly present encrypted device,
prompts the user for a password and asks hald to setup the encrypted device.
Comment 11 W. Michael Petullo 2005-07-20 13:02:57 EDT
Created attachment 116987 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch contains the following changes:

- free GnomeKeyringAttributeLists
- clean out some debug messages
- use foo () instead of foo()
- hal_luks_setup () now returns an error message
Comment 12 Tim Niemueller 2006-01-10 10:59:54 EST
Is there any chance that we will see this upstream soon and thus in FC5?
Comment 13 John (J5) Palmieri 2006-01-10 11:22:41 EST
Michael, is this upstream yet?  HAL has the correct scripts and I can build it
into g-v-m if it is not yet upstream.
Comment 14 W. Michael Petullo 2006-01-10 12:45:12 EST
I have not submitted this patch upstream yet.  I made a mistake and assumed 
Red Hat engineers had the lead on g-v-m.  I now see that Robert Love is the 
man.

I will submit this patch to GNOME's bugzilla and will submit a link to this 
bug.  I hope to do this later today.

In the meantime, could Fedora provide my patch?  Two issues:

1.  I need to test this patch against the most recent version of gnome-volume-
manager.

2.  Bug #166035 is also required.  The luks-tools package provides luks-setup, 
a utility that sets up a crypto device in a way that HAL will identify it.
Comment 15 John (J5) Palmieri 2006-01-10 12:48:08 EST
I'll get it in tomorrow.
Comment 16 W. Michael Petullo 2006-01-10 20:47:17 EST
Created attachment 123025 [details]
Patch to add encrypted volume support to gnome-volume-manager 

I modified the patch to work with gnome-volume-manager 1.5.7.
Comment 17 W. Michael Petullo 2006-01-10 20:49:40 EST
See also: http://bugzilla.gnome.org/show_bug.cgi?id=326553. 
Comment 18 Ray Strode [halfline] 2006-01-11 14:33:14 EST
Hey guys, this needs luks-setup which is not in rawhide as of test 2.  It is too
late to add this for fc5.  Dropping off target list.
Comment 19 W. Michael Petullo 2006-01-13 17:35:17 EST
Created attachment 123182 [details]
Patch to add encrypted volume support to gnome-volume-manager

1.  label_header_text is now dynamically allocated.

2.  Removed unused variable declarations.

3.  Use the term "password" not "secret."

4.  Remove GDK_WINDOW_TYPE_HINT_DIALOG.

5.  Fix GUI code, including remove use of gtk_dialog_run().

6.  Password prompt disappears if device removed.
Comment 20 W. Michael Petullo 2006-02-10 10:11:11 EST
Created attachment 124499 [details]
Alternative patch from Debian

This is the patch that Debian applies to their unstable gnome-volume-manager
package.  It is different than mine in that most of the work is performed by
pmount.  Gnome-volume-manager identifies that a volume is a LUKS volume,
obtains a password and passes it on to pmount using a FIFO.

The maintainer of gnome-volume-manager has suggested that we modify gnome-mount
instead of gnome-volume-manager to support LUKS volumes.  This seems like a
decent idea.

This Debian patch is being submitted for reference.
Comment 21 W. Michael Petullo 2006-02-23 11:05:39 EST
David Zeuthen's recent work (http://blog.fubar.dk/?p=64) should satisfy this 
RFE.  Once his changes are available in the Fedora packages, this RFE should 
be closed.
Comment 22 W. Michael Petullo 2006-03-02 23:44:18 EST
Works in Raw Hide as of 02 Mar 06.  Thank you David Zeuthen!