Bug 133461 - [PATCH] automount encrypted removable disks
[PATCH] automount encrypted removable disks
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Zeuthen
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-09-24 03:43 EDT by W. Michael Petullo
Modified: 2013-03-05 22:41 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-27 14:07:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proof of concept for adding support for encrypted filesystems to fstab-snyc (7.80 KB, patch)
2004-09-24 03:45 EDT, W. Michael Petullo
no flags Details | Diff

  None (edit)
Description W. Michael Petullo 2004-09-24 03:43:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.2)
Gecko/20040809 Epiphany/1.3.8

Description of problem:
The fstab-sync utility that is included in hal does a great job of
ensuring /etc/fstab gives users the ability to mount removable media.
 It would be great if this was also the case when the media contained
an encrypted filesystem.

I have written a patch against hal that demonstrates this concept. 
The patch is nowhere near complete (and breaks a few minor things) but
does work and illustrates the idea well.  I am submitting it now
hoping to get some dialog going.

Basically, if an entry corresponding to a device's USB serial number
exists in /etc/crypttab like this:

test    SERIAL=230760A44039A55F /etc/test-key   cipher=aes

then fstab-sync will treat the disk as encrypted using the kernel's
dm-crypt interface.  Fstab-sync will create the appropriate entry in
/dev/mapper using cryptsetup before updating /etc/fstab.  /etc/fstab
is updated with /dev/mapper/test instead of /dev/sda1.

Some issues I have not yet figured out:

USB serial numbers are great, but what about Firewire, etc.?

Can I tie this into gnome-keyring so that the key does not have to
exist in plain sight on the filesystem (/etc/test-key above)?

Is my patch approaching this in the right manner?

How do I support multiple partitions using the SERIAL= technique?

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Notice that fstab-sync does not handle encrypted disks.

Additional info:
Comment 1 W. Michael Petullo 2004-09-24 03:45:40 EDT
Created attachment 104250 [details]
Proof of concept for adding support for encrypted filesystems to fstab-snyc
Comment 2 W. Michael Petullo 2004-09-25 03:58:41 EDT
See also:

Comment 3 David Zeuthen 2004-09-27 14:07:32 EDT
Since you raised this upstream on the hal mailing list I suggest that
we continue the discussion there.


Note You need to log in before you can comment on or make changes to this bug.