On 24.08.2013 17:40, Steffen Vogel wrote: > Dear list, > > Today I worked on a simple way to mount/umount luks encrypted disks: > > I know, there a several ways to do this: cryptmount, cryptsetup, initd > scripts etc.. > > But I was looking for a way to use the standard mount (8) utility for > this. I came up with mount "helper" scripts as used sometimes with > ntfs-3g, fuse or nfs filesystems. These helper scripts are located > in /sbin/mount.FSTYPE and executed in precendence if they exist. > I introduced a "virtual" FSTYPE named "luks" to identify my luks > encrypted drives. > > My version a simple Bash script which is based on cryptsetup: > > https://github.com/stv0g/snippets/blob/master/bash/mount.luks.sh > (Please note the comments in the script for further tech details.) > > Now I'm able to mount my drives with a simple call to mount (8): > > mount -t luks /dev/sda1 /home > > Or use a line in my /etc/fstab for this: > > /dev/sda/ /home luks defaults,compress 0 0 > > Followed by a std "mount /home" > > At the moment my script has some minor drawbacks which could be > fixed for the future: > > 1. Mount has to automatically determine the real filesystem type. > If it fails with this, my script wont work. Hmmm. I don't know if it works for everything, but i know it works for fuse mount -t fuse.sshfs ... Which calls /sbin/mount.fuse and it gets the information that it should mount a sshfs. If it's a generic solution this should work: mount -t luks.xfs ... Which you maybe have to parse before you pass it to the second mount-process you have to be calling. > 2. Currently, passphrases can only supplied via STDIN. > > > > I'm curious about your feedback. And perhaps we could add this to the > cryptsetup tarball as it's a helper script based on cryptsetup. > > Or do you think thats its up to the distro maintainers to include such a > enhancement? Personally i "solved" this by renaming /bin/mount to /bin/mount.orig and putting a shell-script as /bin/mount that checks if i want to mount a /dev/mapper/XXX and does the setup of XXX before it calls /bin/mount.orig. "Back then" when i implemented that about 1.5 years ago i tried to explain to Karel Zak (util-linux maintainer) that a generic "premount" and "postumount" command in (u)mount could solve this generic problem. The Problem that all cryptographic-setups need (at least) one more step to setup(/tear-down) a device. But that didn't happen and i didn't try to open the issue again. -- Matthias _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
