Bug 152946 - Add support for encrypted volumes to gnome-volume-manager
Add support for encrypted volumes to gnome-volume-manager
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: gnome-volume-manager (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: John (J5) Palmieri
: FutureFeature
Depends On: 169322
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-31 00:27 EST by W. Michael Petullo
Modified: 2013-03-13 00:48 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-02 23:44:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
SRPM with patch to add encrypted volume support to gnome-volume-manager (280.78 KB, application/octet-stream)
2005-03-31 00:33 EST, W. Michael Petullo
no flags Details
Patch to add encrypted volume support to gnome-volume-manager (13.93 KB, patch)
2005-04-01 00:00 EST, W. Michael Petullo
no flags Details | Diff
Patch to add encrypted volume support to gnome-volume-manager (17.05 KB, patch)
2005-04-18 21:10 EDT, W. Michael Petullo
no flags Details | Diff
Patch to add encrypted volume support to gnome-volume-manager (19.02 KB, patch)
2005-07-14 22:35 EDT, W. Michael Petullo
no flags Details | Diff
Patch to add encrypted volume support to gnome-volume-manager (19.20 KB, patch)
2005-07-20 13:02 EDT, W. Michael Petullo
no flags Details | Diff
Patch to add encrypted volume support to gnome-volume-manager (13.31 KB, patch)
2006-01-10 20:47 EST, W. Michael Petullo
no flags Details | Diff
Patch to add encrypted volume support to gnome-volume-manager (13.90 KB, patch)
2006-01-13 17:35 EST, W. Michael Petullo
no flags Details | Diff
Alternative patch from Debian (46.57 KB, patch)
2006-02-10 10:11 EST, W. Michael Petullo
no flags Details | Diff

  None (edit)
Description W. Michael Petullo 2005-03-31 00:27:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7.6) Gecko/20050313 Epiphany/1.5.8

Description of problem:
An effort is underway to allow hal to understand volumes encrypted using dm-crypt [1].  This effort uses LUKS [2] to store encryption parameters on disk.  The end state of this effort is that when a user attaches an encrypted device to the system, the user is prompted for a passphrase and that device is then mounted.

This requires a patch to gnome-volume-manager so that g-v-m recognizes an encrypted volume, prompts the user for a passphrase and provides that passphrase to hald so that hald can properly set up the associated plaintext device.

[1] http://lists.freedesktop.org/archives/hal/2004-December/001423.html
[2] http://luks.endorphin.org/

Version-Release number of selected component (if applicable):
gnome-volume-manager-1.1.3-3

How reproducible:
Always

Steps to Reproduce:
Notice that gnome-volume-manager does not recognize encrypted volumes.

Additional info:
Comment 1 W. Michael Petullo 2005-03-31 00:33:43 EST
Created attachment 112504 [details]
SRPM with patch to add encrypted volume support to gnome-volume-manager

The patch contained in this SRPM is really just a shell.  Much of the
functionality must still be implemented.  At this point, gnome-volume-manager
simply detects that a volume is encrypted and ignores it.
Comment 2 John (J5) Palmieri 2005-03-31 11:24:18 EST
can you please post the patch.  I am in the middle of releasing 1.3.1 of g-v-m
and then packaging it in Fedora.  I want to evaluate the patch before I decide
to put it in.
Comment 3 W. Michael Petullo 2005-03-31 11:30:05 EST
As I mentioned, the patch isn't ready for use yet.  I still have to implement
the passphrase prompt and the luks-setup request.  I submitted an SRPM to make
it clear that this patch is against Red Hat's patched hal.  Once I am complete
with the remaining implementation, I will submit a naked patch.  Don't wait on
this for 1.3.1.

Thanks for your interest.
Comment 4 W. Michael Petullo 2005-04-01 00:00:27 EST
Created attachment 112563 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch implements everything except the request for hald to execute
luks-setup.  I am waiting for a forthcoming feature in hald to allow the daemon
to execute this request.  See item four at:

http://lists.freedesktop.org/archives/hal/2005-March/002266.html

for mention of this feature.

This patch was made against gnome-volume-manager 1.1.3 with the following
patches already applied:

1.  gnome-volume-manager-0.9.10.add-to-base.patch
2.  gnome-volume-manager-1.1.0.addheader.patch
3.  gnome-volume-manager-1.1.0-rh-defaults.patch
4.  gnome-volume-manager-1.1.3-hal-api.patch
Comment 5 John (J5) Palmieri 2005-04-14 15:56:29 EDT
So most likely this isn't going to get into FC4 unless I get some time to look
over it between now and the freeze which I doubt.  I susspect we need to get all
the UI bit first anyway so as soon as FC5 rolls around I think we can start
lending some time to getting this stuff workable.  I'll leave the bug open, keep
me updated on the progress of all the different components.
Comment 6 John (J5) Palmieri 2005-04-14 15:57:40 EDT
Of course by FC5 rolling around I mean rawhide starting to target FC5 not
waiting for the FC5 release ;-)
Comment 7 W. Michael Petullo 2005-04-18 21:10:33 EDT
Created attachment 113351 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch does everything the previous patch does plus it adds the ability to
store passphrases using the gnome-keyring-manager system.

I'm still waiting on hald's method invocation interface.
Comment 8 W. Michael Petullo 2005-04-19 16:08:51 EDT
Please see also http://www.flyn.org/easycrypto/easycrypto.html.
Comment 9 W. Michael Petullo 2005-07-14 22:35:35 EDT
Created attachment 116788 [details]
Patch to add encrypted volume support to gnome-volume-manager
Comment 10 W. Michael Petullo 2005-07-14 22:38:23 EDT
Comment on attachment 116788 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch now takes advantage of hald's new method invocation interface.  The
methods interface was committed to hal's CVS tree on July 12, 2005.  With this
patch, gnome-volume-manager identifies a newly present encrypted device,
prompts the user for a password and asks hald to setup the encrypted device.
Comment 11 W. Michael Petullo 2005-07-20 13:02:57 EDT
Created attachment 116987 [details]
Patch to add encrypted volume support to gnome-volume-manager

This patch contains the following changes:

- free GnomeKeyringAttributeLists
- clean out some debug messages
- use foo () instead of foo()
- hal_luks_setup () now returns an error message
Comment 12 Tim Niemueller 2006-01-10 10:59:54 EST
Is there any chance that we will see this upstream soon and thus in FC5?
Comment 13 John (J5) Palmieri 2006-01-10 11:22:41 EST
Michael, is this upstream yet?  HAL has the correct scripts and I can build it
into g-v-m if it is not yet upstream.
Comment 14 W. Michael Petullo 2006-01-10 12:45:12 EST
I have not submitted this patch upstream yet.  I made a mistake and assumed 
Red Hat engineers had the lead on g-v-m.  I now see that Robert Love is the 
man.

I will submit this patch to GNOME's bugzilla and will submit a link to this 
bug.  I hope to do this later today.

In the meantime, could Fedora provide my patch?  Two issues:

1.  I need to test this patch against the most recent version of gnome-volume-
manager.

2.  Bug #166035 is also required.  The luks-tools package provides luks-setup, 
a utility that sets up a crypto device in a way that HAL will identify it.
Comment 15 John (J5) Palmieri 2006-01-10 12:48:08 EST
I'll get it in tomorrow.
Comment 16 W. Michael Petullo 2006-01-10 20:47:17 EST
Created attachment 123025 [details]
Patch to add encrypted volume support to gnome-volume-manager 

I modified the patch to work with gnome-volume-manager 1.5.7.
Comment 17 W. Michael Petullo 2006-01-10 20:49:40 EST
See also: http://bugzilla.gnome.org/show_bug.cgi?id=326553. 
Comment 18 Ray Strode [halfline] 2006-01-11 14:33:14 EST
Hey guys, this needs luks-setup which is not in rawhide as of test 2.  It is too
late to add this for fc5.  Dropping off target list.
Comment 19 W. Michael Petullo 2006-01-13 17:35:17 EST
Created attachment 123182 [details]
Patch to add encrypted volume support to gnome-volume-manager

1.  label_header_text is now dynamically allocated.

2.  Removed unused variable declarations.

3.  Use the term "password" not "secret."

4.  Remove GDK_WINDOW_TYPE_HINT_DIALOG.

5.  Fix GUI code, including remove use of gtk_dialog_run().

6.  Password prompt disappears if device removed.
Comment 20 W. Michael Petullo 2006-02-10 10:11:11 EST
Created attachment 124499 [details]
Alternative patch from Debian

This is the patch that Debian applies to their unstable gnome-volume-manager
package.  It is different than mine in that most of the work is performed by
pmount.  Gnome-volume-manager identifies that a volume is a LUKS volume,
obtains a password and passes it on to pmount using a FIFO.

The maintainer of gnome-volume-manager has suggested that we modify gnome-mount
instead of gnome-volume-manager to support LUKS volumes.  This seems like a
decent idea.

This Debian patch is being submitted for reference.
Comment 21 W. Michael Petullo 2006-02-23 11:05:39 EST
David Zeuthen's recent work (http://blog.fubar.dk/?p=64) should satisfy this 
RFE.  Once his changes are available in the Fedora packages, this RFE should 
be closed.
Comment 22 W. Michael Petullo 2006-03-02 23:44:18 EST
Works in Raw Hide as of 02 Mar 06.  Thank you David Zeuthen!

Note You need to log in before you can comment on or make changes to this bug.