Hi, I tried to use a LUKS-encrypted usb key, it's correctly detected by hal but nothing asks me a passphrase, and thunar-volman doesn't manage to mount the volume (because it can't see the encrypted part). I suppose the LUKS-support should be integrated in volman (like it is in gnome-volume-manager) but I'm not sure, so feel free to mark it INVALID and point me to another direction (HAL or distro) If you need more output, please ask. Regards, -- Yves-Alexis Perez
Hmhm, in fact the wishlist bug should be against exo because it's exo-mount's job to do this. Reassigning
And it would be nice if one could use it with crypto-containers too. Like having a file named crypto.luks, one could do: exo-mount crypto.luks (or double click on it in thunar), and it would automagically mount it. Currently I guess the losetup part is hard to do without root access, but at one time it would be really nice. (see what mac osx users can do with crypto containers on their disk) Cheers,
Dupe of bug 2788?
Created attachment 1665 Patch to Thunar to avoid ejecting what should be unmounted This patch lets Thunar Unmount instead of Eject, when hal says that eject isn't required. It's needed to avoid ejecting LUKS-encrypted devices.
Created attachment 1666 Patch to send crypto volumes to exo-mount This patch lets thunar-volman send "crypto" volumes to exo-mount instead of doing nothing.
Created attachment 1667 Patch to handle crypto volumes in exo-mount This patch lets exo-mount setup the crypto layer and mount crypto volumes.
Created attachment 1668 Patch v2 to handle crypto volumes in exo-mount Updated patch: clear previous (password) error on success; forcibly unmount instead of eject even if asked.
Also: in fact, the first patch (to Thunar) is not completely necessary; it's just that, given an USB key with two partitions (one clear, one crypted), if trying to eject the first one while the second one is mounted is impossible.
Created attachment 1669 v3 of libexo patch This patch to libexo adds (wrt attachment #1668 ): - mounting of LUKS-crypted FS via device path (/dev/sdb1) in addition to hal-udis - libexo updates to exo_hal_volume_compute_display_name() and exo_hal_volume_compute_icon_list() to be able to return a "gtk-dialog-authentication" icon for crypto containers, and prefix their name with "Encrypted".
Created attachment 1670 Patch to Thunar to handle crypto fs This patch to Thunar supercedes attachment #1665 and adds handling of crypto containers: - Display crypto containers in the list of devices - Specific Setup/Teardown in these devices to avoid having to hack around the mounting/unmounting logics It makes it possible to handle crypted filesystems without thunar-volman (previously Thunar didn't show these filesystems, and if thunar-volman didn't fire an automount for these, they were invisible).
Created attachment 1671 Patch to xfdesktop This patch to xfdesktop (untested due to "Please upgrade libxfce4util-1.0 to atleast version 4.5.0svn-r26490") handles crypto setup/teardown.
At first sight, the patches work fine. I have to do more testing. Benny, it'd be really nice if you could comment on them (and maybe see if it's possible to included it in a not so future point release). Oh and btw the patch includes a soname bump because of struct changes, afaict. Thanks Colin for the work! Cheers,
hmhm, and I'd like to integrate the functionality in Lenny, but the lib-freeze is approaching, and I wont integrate a soname-bump patch if it diverts from upstream. Thus it'd be really nice if those (or equivalent) patches could be integrated (and released!) soon :) Thanks for the work benny, hope to see you soon :) -- Yves-Alexis
Created attachment 1672 Patch to Thunar to handle crypto fs - without eject logic rework This patch is the same as attachment #1670 , apart that it doesn't change the eject/unmount logic, so that people can still use Eject. It may fail with non-obvious error (an application prevents to eject) if trying to eject a normal partition while an ecnrypted one is mounted.
Full Ack on the requests for this :-) I just tested the patches and results are here: http://slackware.com/~rworkman/crypt-dialog.jpg http://slackware.com/~rworkman/crypt-after.jpg After typing correct passphrase in the dialog window, I am prompted for it *again* (and once more if it's entered again), even though the device is successfully mounted after the first time the passphrase is entered correctly. That's a minor issue at this point, as the important part is that the feature works - I'll try to look into the problem later...
Created attachment 1674 v4 of libexo patch Patch against libexo - same as v3, added a fix (fixed overwriting of a GError in case of multiple password failure)
To summarize the patches :) - attachment #1674 against libexo is what makes exo-mount recognize, ask for password, and mount LUKS-encrypted filesystems; it also adds a specific icon and label for crypto containers; - attachment #1672 against Thunar makes it recognize crypto containers and act accordingly (Setup/Teardown crypto layer instead of Mount/Unmount), although the callback is the same, and adds functions to thunar-vfs so that users of this library can recognize crypto containers too; - attachment #1666 against Thunar-Volman makes it pass crypto containers to exo-mount instead of ignoring them, so that if Automount is set, everything's automatic; - attachment #1671 against Xfdesktop makes it recognize crypto containers and act accordingly (Setup/Teardown crypto layer instead of Mount/Unmount).
Created attachment 1676 v5 of libexo.patch This 5th revision implements (offline) comments from Benedikt: better handling of errors.
Created attachment 1689 libexo.patch New batch of patches, following Benny's review. They fix: - coding style - leak on error in the libexo patch - possible races in thunar patch
Created attachment 1690 thunar.patch
Created attachment 1691 thunar-volman.patch
Created attachment 1692 xfdesktop.patch
The patches work for me. Options to use a keyfile instead of entering the passphrase manually, and to hide encrypted root and home partitions (or any other that are mounted during bootup) would be nice.
(In reply to comment #23) > The patches work for me. > Options to use a keyfile instead of entering the passphrase manually, and to > hide encrypted root and home partitions (or any other that are mounted during > bootup) would be nice. > Home and root partition doesn't appear here, but maybe that's because what is encrypted is the lvm volume group. But yes, an option for loading a keyfile could be nice :)
(In reply to comment #24) > But yes, an option for loading a keyfile could be nice :) I'll probably do it once these will be in svn :)
Created attachment 1762 Thunar-volman patch to setup crypto
Created attachment 1763 Exo-mount patch to teardown crypto on unmount these two last patches are the result of an offline conversation with Benny. He says they're OK to commit :)
Created attachment 1764 Thunar-volman patch to setup crypto (with new files) Patch was missing new files
Created attachment 1765 Exo-mount patch to teardown crypto on unmount (typos fixed)
*** Bug 2788 has been marked as a duplicate of this bug. ***
This is implemented in the 4.6 codebase. Thanks, Colin!