Red Hat Bugzilla – Bug 133461
[PATCH] automount encrypted removable disks
Last modified: 2013-03-05 22:41:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.2)
Description of problem:
The fstab-sync utility that is included in hal does a great job of
ensuring /etc/fstab gives users the ability to mount removable media.
It would be great if this was also the case when the media contained
an encrypted filesystem.
I have written a patch against hal that demonstrates this concept.
The patch is nowhere near complete (and breaks a few minor things) but
does work and illustrates the idea well. I am submitting it now
hoping to get some dialog going.
Basically, if an entry corresponding to a device's USB serial number
exists in /etc/crypttab like this:
test SERIAL=230760A44039A55F /etc/test-key cipher=aes
then fstab-sync will treat the disk as encrypted using the kernel's
dm-crypt interface. Fstab-sync will create the appropriate entry in
/dev/mapper using cryptsetup before updating /etc/fstab. /etc/fstab
is updated with /dev/mapper/test instead of /dev/sda1.
Some issues I have not yet figured out:
USB serial numbers are great, but what about Firewire, etc.?
Can I tie this into gnome-keyring so that the key does not have to
exist in plain sight on the filesystem (/etc/test-key above)?
Is my patch approaching this in the right manner?
How do I support multiple partitions using the SERIAL= technique?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Notice that fstab-sync does not handle encrypted disks.
Created attachment 104250 [details]
Proof of concept for adding support for encrypted filesystems to fstab-snyc
Since you raised this upstream on the hal mailing list I suggest that
we continue the discussion there.