On Thu, Jan 13, 2011 at 12:39:43AM -0900, Roger wrote: >On Thu, Jan 13, 2011 at 04:22:17PM +0800, Aaron Lewis wrote: >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>I didn't follow this thread , but if you just want an simple device >>auto-mounter and un-mounter , you should try out kernel auto mounter >>rather than a simple script. > >I got an email also about using the kernel automounter. Just haven't had the >time to test and follow-up on this. > Found something at the following link. The only issue I now have is working around not using a keyfile and trying to integrate into using something like pinentry on CLI on demand. Thanks for the help! http://www.debian-administration.org/articles/127 (Posted by ste (81.174.xx.xx) on Tue 19 Jun 2007 at 18:09) ---snip--- In order to avoid opening the hotplug box, I just hacked up this autofs script. It meets my needs so someone else may find it of use too. It will automount an encrypted block device at /dev/sdb using whatever name you choose. The key files with a corresponding name in /etc is used to decrypt the device. I have a set of removable hard drives that are used for backup (RDX QuikStor). With the following configuration I can insert a cartridge and the backup software (Bacula) can just mount it, making the encryption transparent to it. The mapping for the 'cd' key also appears in this script. That's there because I'm mounting this at /media and hijacking the original, static /etc/auto.media. In /etc/auto.master: /media /etc/auto.media In /etc/auto.media: #!/bin/bash # This is the path beneath this map's root that autofs is looking for key="$1" # A static mapping for the key 'cd' # This is what /etc/auto.media used to do statically if [ "$key" == "cd" ]; then echo -fstype=iso9660,ro,nosuid,nodev / :/dev/cdrom exit 0 fi # The cryptsetup tool from the package of the same name CRYPTSETUP=/sbin/cryptsetup # This is the raw device that we will mount mount_device=/dev/sdb # This is the encryption key file key_file=/etc/quikstor.key # Options to pass to the cryptsetup tool luks_opts="--key-file $key_file" # Mount options for the encrypted fileystem mount_opts="-fstype=xfs,defaults" # The mapped block device crypt_device=/dev/mapper/$key # Give up if there is no key or setup tool [ -r $key_file ] || exit 0 [ -x $CRYPTSETUP ] || exit 0 # If there is an encrypted device mapped in already, it must be from a # previous mount. It may be out-of-date so remove it now. [ -b $crypt_device ] && $CRYPTSETUP remove $key # Give up if the raw device doesn't have a LUKS header $CRYPTSETUP isLuks $mount_device || exit 0 # Open the encrypted block device $CRYPTSETUP luksOpen $mount_device $key $luks_opts >& /dev/null || exit 1 # If we ended up with a block device, echo a mount line for autofs to use if [ -b $crypt_device ]; then echo $mount_opts / $crypt_device fi ---snip--- -- Roger http://rogerx.freeshell.org/ _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
