Ah, nice! So autofs can execute something on mount. Good to know. Arno On Thu, Jan 13, 2011 at 01:00:38AM -0900, Roger wrote: > On Thu, Jan 13, 2011 at 12:39:43AM -0900, Roger wrote: > >On Thu, Jan 13, 2011 at 04:22:17PM +0800, Aaron Lewis wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>I didn't follow this thread , but if you just want an simple device > >>auto-mounter and un-mounter , you should try out kernel auto mounter > >>rather than a simple script. > > > >I got an email also about using the kernel automounter. Just haven't had the > >time to test and follow-up on this. > > > > Found something at the following link. The only issue I now have is > working around not using a keyfile and trying to integrate into using something > like pinentry on CLI on demand. > > Thanks for the help! > > > http://www.debian-administration.org/articles/127 > (Posted by ste (81.174.xx.xx) on Tue 19 Jun 2007 at 18:09) > > ---snip--- > In order to avoid opening the hotplug box, I just hacked up this autofs script. It meets my needs so someone else may find it of use too. It will automount an encrypted block device at /dev/sdb using whatever name you choose. The key files with a corresponding name in /etc is used to decrypt the device. > > I have a set of removable hard drives that are used for backup (RDX QuikStor). With the following configuration I can insert a cartridge and the backup software (Bacula) can just mount it, making the encryption transparent to it. > > The mapping for the 'cd' key also appears in this script. That's there because I'm mounting this at /media and hijacking the original, static /etc/auto.media. In /etc/auto.master: > > /media /etc/auto.media > > In /etc/auto.media: > > #!/bin/bash > > # This is the path beneath this map's root that autofs is looking for > key="$1" > > # A static mapping for the key 'cd' > # This is what /etc/auto.media used to do statically > if [ "$key" == "cd" ]; then > echo -fstype=iso9660,ro,nosuid,nodev / :/dev/cdrom > exit 0 > fi > > # The cryptsetup tool from the package of the same name > CRYPTSETUP=/sbin/cryptsetup > > # This is the raw device that we will mount > mount_device=/dev/sdb > > # This is the encryption key file > key_file=/etc/quikstor.key > > # Options to pass to the cryptsetup tool > luks_opts="--key-file $key_file" > > # Mount options for the encrypted fileystem > mount_opts="-fstype=xfs,defaults" > > # The mapped block device > crypt_device=/dev/mapper/$key > > # Give up if there is no key or setup tool > [ -r $key_file ] || exit 0 > [ -x $CRYPTSETUP ] || exit 0 > > # If there is an encrypted device mapped in already, it must be from a > # previous mount. It may be out-of-date so remove it now. > [ -b $crypt_device ] && $CRYPTSETUP remove $key > > # Give up if the raw device doesn't have a LUKS header > $CRYPTSETUP isLuks $mount_device || exit 0 > > # Open the encrypted block device > $CRYPTSETUP luksOpen $mount_device $key $luks_opts >& /dev/null || exit 1 > > # If we ended up with a block device, echo a mount line for autofs to use > if [ -b $crypt_device ]; then > echo $mount_opts / $crypt_device > fi > ---snip--- > > > -- > Roger > http://rogerx.freeshell.org/ > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
