Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Add support for encrypted volumes to gnome-volume-manager|
|Product:||[Fedora] Fedora||Reporter:||W. Michael Petullo <redhat>|
|Component:||gnome-volume-manager||Assignee:||John (J5) Palmieri <johnp>|
|Status:||CLOSED RAWHIDE||QA Contact:|
|Fixed In Version:||Doc Type:||Enhancement|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-03-02 23:44:56 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||169322|
Description W. Michael Petullo 2005-03-31 00:27:25 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050313 Epiphany/1.5.8 Description of problem: An effort is underway to allow hal to understand volumes encrypted using dm-crypt . This effort uses LUKS  to store encryption parameters on disk. The end state of this effort is that when a user attaches an encrypted device to the system, the user is prompted for a passphrase and that device is then mounted. This requires a patch to gnome-volume-manager so that g-v-m recognizes an encrypted volume, prompts the user for a passphrase and provides that passphrase to hald so that hald can properly set up the associated plaintext device.  http://lists.freedesktop.org/archives/hal/2004-December/001423.html  http://luks.endorphin.org/ Version-Release number of selected component (if applicable): gnome-volume-manager-1.1.3-3 How reproducible: Always Steps to Reproduce: Notice that gnome-volume-manager does not recognize encrypted volumes. Additional info:
Comment 1 W. Michael Petullo 2005-03-31 00:33:43 EST
Created attachment 112504 [details] SRPM with patch to add encrypted volume support to gnome-volume-manager The patch contained in this SRPM is really just a shell. Much of the functionality must still be implemented. At this point, gnome-volume-manager simply detects that a volume is encrypted and ignores it.
Comment 2 John (J5) Palmieri 2005-03-31 11:24:18 EST
can you please post the patch. I am in the middle of releasing 1.3.1 of g-v-m and then packaging it in Fedora. I want to evaluate the patch before I decide to put it in.
Comment 3 W. Michael Petullo 2005-03-31 11:30:05 EST
As I mentioned, the patch isn't ready for use yet. I still have to implement the passphrase prompt and the luks-setup request. I submitted an SRPM to make it clear that this patch is against Red Hat's patched hal. Once I am complete with the remaining implementation, I will submit a naked patch. Don't wait on this for 1.3.1. Thanks for your interest.
Comment 4 W. Michael Petullo 2005-04-01 00:00:27 EST
Created attachment 112563 [details] Patch to add encrypted volume support to gnome-volume-manager This patch implements everything except the request for hald to execute luks-setup. I am waiting for a forthcoming feature in hald to allow the daemon to execute this request. See item four at: http://lists.freedesktop.org/archives/hal/2005-March/002266.html for mention of this feature. This patch was made against gnome-volume-manager 1.1.3 with the following patches already applied: 1. gnome-volume-manager-0.9.10.add-to-base.patch 2. gnome-volume-manager-1.1.0.addheader.patch 3. gnome-volume-manager-1.1.0-rh-defaults.patch 4. gnome-volume-manager-1.1.3-hal-api.patch
Comment 5 John (J5) Palmieri 2005-04-14 15:56:29 EDT
So most likely this isn't going to get into FC4 unless I get some time to look over it between now and the freeze which I doubt. I susspect we need to get all the UI bit first anyway so as soon as FC5 rolls around I think we can start lending some time to getting this stuff workable. I'll leave the bug open, keep me updated on the progress of all the different components.
Comment 6 John (J5) Palmieri 2005-04-14 15:57:40 EDT
Of course by FC5 rolling around I mean rawhide starting to target FC5 not waiting for the FC5 release ;-)
Comment 7 W. Michael Petullo 2005-04-18 21:10:33 EDT
Created attachment 113351 [details] Patch to add encrypted volume support to gnome-volume-manager This patch does everything the previous patch does plus it adds the ability to store passphrases using the gnome-keyring-manager system. I'm still waiting on hald's method invocation interface.
Comment 8 W. Michael Petullo 2005-04-19 16:08:51 EDT
Please see also http://www.flyn.org/easycrypto/easycrypto.html.
Comment 9 W. Michael Petullo 2005-07-14 22:35:35 EDT
Created attachment 116788 [details] Patch to add encrypted volume support to gnome-volume-manager
Comment 10 W. Michael Petullo 2005-07-14 22:38:23 EDT
Comment on attachment 116788 [details] Patch to add encrypted volume support to gnome-volume-manager This patch now takes advantage of hald's new method invocation interface. The methods interface was committed to hal's CVS tree on July 12, 2005. With this patch, gnome-volume-manager identifies a newly present encrypted device, prompts the user for a password and asks hald to setup the encrypted device.
Comment 11 W. Michael Petullo 2005-07-20 13:02:57 EDT
Created attachment 116987 [details] Patch to add encrypted volume support to gnome-volume-manager This patch contains the following changes: - free GnomeKeyringAttributeLists - clean out some debug messages - use foo () instead of foo() - hal_luks_setup () now returns an error message
Comment 12 Tim Niemueller 2006-01-10 10:59:54 EST
Is there any chance that we will see this upstream soon and thus in FC5?
Comment 13 John (J5) Palmieri 2006-01-10 11:22:41 EST
Michael, is this upstream yet? HAL has the correct scripts and I can build it into g-v-m if it is not yet upstream.
Comment 14 W. Michael Petullo 2006-01-10 12:45:12 EST
I have not submitted this patch upstream yet. I made a mistake and assumed Red Hat engineers had the lead on g-v-m. I now see that Robert Love is the man. I will submit this patch to GNOME's bugzilla and will submit a link to this bug. I hope to do this later today. In the meantime, could Fedora provide my patch? Two issues: 1. I need to test this patch against the most recent version of gnome-volume- manager. 2. Bug #166035 is also required. The luks-tools package provides luks-setup, a utility that sets up a crypto device in a way that HAL will identify it.
Comment 15 John (J5) Palmieri 2006-01-10 12:48:08 EST
I'll get it in tomorrow.
Comment 16 W. Michael Petullo 2006-01-10 20:47:17 EST
Created attachment 123025 [details] Patch to add encrypted volume support to gnome-volume-manager I modified the patch to work with gnome-volume-manager 1.5.7.
Comment 17 W. Michael Petullo 2006-01-10 20:49:40 EST
Comment 18 Ray Strode [halfline] 2006-01-11 14:33:14 EST
Hey guys, this needs luks-setup which is not in rawhide as of test 2. It is too late to add this for fc5. Dropping off target list.
Comment 19 W. Michael Petullo 2006-01-13 17:35:17 EST
Created attachment 123182 [details] Patch to add encrypted volume support to gnome-volume-manager 1. label_header_text is now dynamically allocated. 2. Removed unused variable declarations. 3. Use the term "password" not "secret." 4. Remove GDK_WINDOW_TYPE_HINT_DIALOG. 5. Fix GUI code, including remove use of gtk_dialog_run(). 6. Password prompt disappears if device removed.
Comment 20 W. Michael Petullo 2006-02-10 10:11:11 EST
Created attachment 124499 [details] Alternative patch from Debian This is the patch that Debian applies to their unstable gnome-volume-manager package. It is different than mine in that most of the work is performed by pmount. Gnome-volume-manager identifies that a volume is a LUKS volume, obtains a password and passes it on to pmount using a FIFO. The maintainer of gnome-volume-manager has suggested that we modify gnome-mount instead of gnome-volume-manager to support LUKS volumes. This seems like a decent idea. This Debian patch is being submitted for reference.
Comment 21 W. Michael Petullo 2006-02-23 11:05:39 EST
David Zeuthen's recent work (http://blog.fubar.dk/?p=64) should satisfy this RFE. Once his changes are available in the Fedora packages, this RFE should be closed.
Comment 22 W. Michael Petullo 2006-03-02 23:44:18 EST
Works in Raw Hide as of 02 Mar 06. Thank you David Zeuthen!