From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050313 Epiphany/1.5.8 Description of problem: An effort is underway to allow hal to understand volumes encrypted using dm-crypt [1]. This effort uses LUKS [2] to store encryption parameters on disk. The end state of this effort is that when a user attaches an encrypted device to the system, the user is prompted for a passphrase and that device is then mounted. This requires a patch to gnome-volume-manager so that g-v-m recognizes an encrypted volume, prompts the user for a passphrase and provides that passphrase to hald so that hald can properly set up the associated plaintext device. [1] http://lists.freedesktop.org/archives/hal/2004-December/001423.html [2] http://luks.endorphin.org/ Version-Release number of selected component (if applicable): gnome-volume-manager-1.1.3-3 How reproducible: Always Steps to Reproduce: Notice that gnome-volume-manager does not recognize encrypted volumes. Additional info:
Created attachment 112504 [details] SRPM with patch to add encrypted volume support to gnome-volume-manager The patch contained in this SRPM is really just a shell. Much of the functionality must still be implemented. At this point, gnome-volume-manager simply detects that a volume is encrypted and ignores it.
can you please post the patch. I am in the middle of releasing 1.3.1 of g-v-m and then packaging it in Fedora. I want to evaluate the patch before I decide to put it in.
As I mentioned, the patch isn't ready for use yet. I still have to implement the passphrase prompt and the luks-setup request. I submitted an SRPM to make it clear that this patch is against Red Hat's patched hal. Once I am complete with the remaining implementation, I will submit a naked patch. Don't wait on this for 1.3.1. Thanks for your interest.
Created attachment 112563 [details] Patch to add encrypted volume support to gnome-volume-manager This patch implements everything except the request for hald to execute luks-setup. I am waiting for a forthcoming feature in hald to allow the daemon to execute this request. See item four at: http://lists.freedesktop.org/archives/hal/2005-March/002266.html for mention of this feature. This patch was made against gnome-volume-manager 1.1.3 with the following patches already applied: 1. gnome-volume-manager-0.9.10.add-to-base.patch 2. gnome-volume-manager-1.1.0.addheader.patch 3. gnome-volume-manager-1.1.0-rh-defaults.patch 4. gnome-volume-manager-1.1.3-hal-api.patch
So most likely this isn't going to get into FC4 unless I get some time to look over it between now and the freeze which I doubt. I susspect we need to get all the UI bit first anyway so as soon as FC5 rolls around I think we can start lending some time to getting this stuff workable. I'll leave the bug open, keep me updated on the progress of all the different components.
Of course by FC5 rolling around I mean rawhide starting to target FC5 not waiting for the FC5 release ;-)
Created attachment 113351 [details] Patch to add encrypted volume support to gnome-volume-manager This patch does everything the previous patch does plus it adds the ability to store passphrases using the gnome-keyring-manager system. I'm still waiting on hald's method invocation interface.
Please see also http://www.flyn.org/easycrypto/easycrypto.html.
Created attachment 116788 [details] Patch to add encrypted volume support to gnome-volume-manager
Comment on attachment 116788 [details] Patch to add encrypted volume support to gnome-volume-manager This patch now takes advantage of hald's new method invocation interface. The methods interface was committed to hal's CVS tree on July 12, 2005. With this patch, gnome-volume-manager identifies a newly present encrypted device, prompts the user for a password and asks hald to setup the encrypted device.
Created attachment 116987 [details] Patch to add encrypted volume support to gnome-volume-manager This patch contains the following changes: - free GnomeKeyringAttributeLists - clean out some debug messages - use foo () instead of foo() - hal_luks_setup () now returns an error message
Is there any chance that we will see this upstream soon and thus in FC5?
Michael, is this upstream yet? HAL has the correct scripts and I can build it into g-v-m if it is not yet upstream.
I have not submitted this patch upstream yet. I made a mistake and assumed Red Hat engineers had the lead on g-v-m. I now see that Robert Love is the man. I will submit this patch to GNOME's bugzilla and will submit a link to this bug. I hope to do this later today. In the meantime, could Fedora provide my patch? Two issues: 1. I need to test this patch against the most recent version of gnome-volume- manager. 2. Bug #166035 is also required. The luks-tools package provides luks-setup, a utility that sets up a crypto device in a way that HAL will identify it.
I'll get it in tomorrow.
Created attachment 123025 [details] Patch to add encrypted volume support to gnome-volume-manager I modified the patch to work with gnome-volume-manager 1.5.7.
See also: http://bugzilla.gnome.org/show_bug.cgi?id=326553.
Hey guys, this needs luks-setup which is not in rawhide as of test 2. It is too late to add this for fc5. Dropping off target list.
Created attachment 123182 [details] Patch to add encrypted volume support to gnome-volume-manager 1. label_header_text is now dynamically allocated. 2. Removed unused variable declarations. 3. Use the term "password" not "secret." 4. Remove GDK_WINDOW_TYPE_HINT_DIALOG. 5. Fix GUI code, including remove use of gtk_dialog_run(). 6. Password prompt disappears if device removed.
Created attachment 124499 [details] Alternative patch from Debian This is the patch that Debian applies to their unstable gnome-volume-manager package. It is different than mine in that most of the work is performed by pmount. Gnome-volume-manager identifies that a volume is a LUKS volume, obtains a password and passes it on to pmount using a FIFO. The maintainer of gnome-volume-manager has suggested that we modify gnome-mount instead of gnome-volume-manager to support LUKS volumes. This seems like a decent idea. This Debian patch is being submitted for reference.
David Zeuthen's recent work (http://blog.fubar.dk/?p=64) should satisfy this RFE. Once his changes are available in the Fedora packages, this RFE should be closed.
Works in Raw Hide as of 02 Mar 06. Thank you David Zeuthen!