Lurkos wrote:
On Fri, Jun 13, 2008 at 6:34 PM, Farkas Levente <lfarkas@xxxxxxxxxxx> wrote:
my home directory is a luks encrypted volume. the key for this volume is on
my pendrive. before i'd like to login i just plug my pendrive and it then:
- udev recognize my pendrive
- mount one of the partition on it (which hold the keyfile)
- use the keyfile on the mounted partition and open the luks partirion
- mount the device mapper as my home
- umount my pendrive
I can't help you in solving this problem, but I would be very
interested in knowing how you have realized this solution.
Can you explain me how to configure GNU/Linux (probably init scripts)
to realize this situation?
Thanks a lot.
and the scripts:-)
--
Levente "Si vis pacem para bellum!"
ACTION=="add", KERNEL=="sd[a-z]", SUBSYSTEM=="block", ATTR{size}=="2880", ATTRS{serial}=="07530736300A", ATTRS{product}=="USB DISK Pro", SYMLINK+="lfarkas", RUN+="/root/bin/home-up /dev/System/lfarkas"
ACTION=="remove", KERNEL=="sd[a-z]", SUBSYSTEM=="block", ENV{ID_SERIAL}=="_USB_DISK_Pro_07530736300A*", RUN+="/root/bin/home-down lfarkas"
#!/bin/bash
OUT=/tmp/udev-remove
echo " ------ $ACTION ------------" > $OUT
set >> $OUT
if [ -z "`ps -u $1|grep gnome-session|egrep -v grep`" ]; then
killall -u $1
umount /media/*
sleep 5
/sbin/service nfs condrestart &>/dev/null
/root/bin/luks-down /home/$1 >>$OUT
echo DONE >> $OUT
fi
KEY="/root/.something_dsa"
[ -f $KEY ] && rm -f $KEY
#!/bin/bash
OUT=/tmp/udev-add
#echo " ------ $ACTION ------------" > $OUT
#set >> $OUT
DIR=`basename $1`
[ $# -eq 2 ] && DIR=$2
#echo $1 $DIR >> $OUT
#cat /proc/mounts >> $OUT
TMPDEV="/mnt/tmp"
mount -t vfat $DEVNAME $TMPDEV
if [ -z "`grep /home/$DIR /proc/mounts`" ]; then
KEY="$TMPDEV/.$DIR.key"
[ ! -f $KEY ] && exit 1
/root/bin/luks-up $1 /home/$DIR < $KEY
RES=$?
#echo DONE >> $OUT
fi
KEY=".something_dsa"
[ -f $TMPDEV/$KEY ] && cp $TMPDEV/$KEY /root/ && chmod 600 /root/$KEY
umount $TMPDEV
exit $RES
#!/bin/bash
if [ $# != 1 ] || [ ! -d $1 ]; then
echo "usage: $0 <dir name>"
exit 2
fi
if [ -z "`grep $1 /proc/mounts`" ]; then
echo "$1 is not mounted!"
exit 1
fi
NAME=`grep $1 /proc/mounts|cut -d" " -f1|cut -d"/" -f4`
LOOP=`/sbin/cryptsetup status $NAME|grep device|sed "s,.*/dev/,/dev/,"`
umount /dev/mapper/$NAME || exit 1
fsck.ext3 -p -C 0 /dev/mapper/$NAME
/sbin/cryptsetup luksClose $NAME
RES=$?
if [[ "$LOOP" =~ "/dev/loop.*" ]]; then
/sbin/losetup -d $LOOP
fi
exit $RES
#!/bin/bash
if [[ ! ( $# == 2 && ( -f $1 || -b $1 ) && -d $2 ) ]]; then
echo "usage: $0 <dm-crypt file> <user directory>"
exit 2
fi
if [ -n "`grep $2 /proc/mounts`" ]; then
exit 1
fi
if [ -f $1 ]; then
LOOP=`/sbin/losetup -f`
echo "Used device: $LOOP"
/sbin/losetup $LOOP $1
TARGET=$LOOP
else
TARGET=$1
fi
D=`dirname "$2"`
B=`basename "$2"`
DIR="`cd \"$D\" 2>/dev/null && pwd || echo \"$D\"`/$B"
NAME=`echo $DIR|sed -e "s,/$,," -e "s,^/,," -e "s,/,-,g"`
#echo "Used device mapper name: $NAME"
cat |/sbin/cryptsetup luksOpen $TARGET $NAME
fsck.ext3 -p -C 0 /dev/mapper/$NAME
mount /dev/mapper/$NAME $DIR
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
