Comments (19)
I agree, this would be nice. Sorry for the late response.
Udiskie relies on udisks to execute root commands and I'm afraid udisks currently doesn't care about keyfiles. I posted a related issue on their bugtracker recently and they seem unresponsive :(
So there is not much udiskie can do without root permissions.
Maybe the chances to get it fixed will be higher by submitting a patch and hope for its inclusion. The corresponding udisks code is in src/udiskslinuxencrypted.c
, specifically handle_unlock
. I'm not sure how long it will take - if they include it at all (not sure there is someone behind that project who has time at the moment). If you don't feel confident writing the patch yourself, I could go for it in a few days/week or so.
As a workaround, you could unlock your device using a udev rule and ignore it in udiskie. Something like
ACTION=="add", ENV{ID_FS_UUID}=="f73f0991-2c3f-456b-a03a-70fcae7ee235", RUN+="/usr/bin/cryptsetup luksOpen /dev/%k ring --key-file /etc/key/keyfile"
from udiskie.
Thanks a lot for your advice. Hadn't thought of udev before.
I'm not that firm in c and unforunately don't think i'm able to write a patch for udisks.
from udiskie.
Alright, I took a look around, and found that there is already an open udisks ticket from 2012. I'll notify you here if that gets patched.
from udiskie.
udisks2 docs now have mumblings about /etc/luks-keys
, so there may be some update to this.
from udiskie.
Oh, can you provide a link? I did write a patch for this feature a while back and notified them on their mailing list, but I didn't get any useful response for now. See here and here.
from udiskie.
It looks like in order to do it, you set up a "configuration" for the block device which udisks then writes to /etc/crypttab
(it seems).
In any case, what seems to be asked for here is to provide a file that is not in crypttab
and instead have udiskie
read it and plumb it over. That would be possible for non-binary data. What needs to happen for it to work in general is to have some Unlock
-like method which takes binary data (ay
) as a passphrase and then basically just .read_all()
from the given path into that parameter.
from udiskie.
Yeah. I don't think the "configuration" stuff is what many users would want.
As I mentioned, I implemented a patch for udisks to accept an additional ay
binary blob containing the keyfile, but I got no response so far.
from udiskie.
Now that a patch exists, maybe pinging the fdo bug would help?
from udiskie.
Any progress on this one? I would love to define a configuration in which I state that my external device xyz should be unlocked using my key foo_bar. Additionally, custom mount points would be awesome as well, not sure if this is already possible though?
from udiskie.
I will ping the udisks devs and work on the issue in the next weeks.
from udiskie.
What about now? :)
from udiskie.
Sorry, you are right, I postponed this all too long. Working on it. By any chance, can you run all of udisks integration tests or do you know on which distro they work?
from udiskie.
I just tried to run them on my arch setup, but it failed horribly. Going from one error to the next I just stopped at the fourth one. Sorry .. :/
from udiskie.
Thanks for trying anyway.
I've pinged it on the bugtracker with patches attached. Hope this gets it rolling again.
from udiskie.
It's really hard to get response from the udisks maintainer (who admits udisks is heavily undermaintained and wants to merge storaged). I'll try to submit it in storaged.
from udiskie.
created PR for storaged, see here.
from udiskie.
For the wishlist: would be awesome if udiskie LUKS configuration would not only take a filename, but would also work based on a user-specified shell command that generates the key content, e.g. from an encrypted keyring. 🐨
from udiskie.
update: patch is now integrated in storaged. The feature will be available once they merge with udisks and release.
from udiskie.
Implemented now in udiskie. You have to wait for udisks 2.6.4 to appear to make it work.
@eigengrau For now only files are supported. I might add your suggestion later. Taking this to another issue.
Keyfiles can only be unlocked using the config file ~/.config/udiskie/config.yml
like this (using the UUID of the crypto device, not the unlocked partition of course):
device_config:
- id_uuid: ...
keyfile: /path/to/your/keyfile
from udiskie.
Related Issues (20)
- Autostart at boot HOT 2
- Locking LUKS device: Not authorized HOT 4
- Open file manager by click on notification HOT 5
- Unable to automount internal device HOT 6
- Configure file permission HOT 5
- Automount mounts in Read only HOT 15
- Automount only specific device HOT 1
- Automatic unmounting from file manager HOT 1
- Tell daemon to pause automounting HOT 1
- Tray menu shows invalid entry on first launch and icons are hard to see HOT 1
- Unmounting Btrfs partition: Error finding object for block device
- shell completions: need to escape spaces in labels HOT 2
- Not showing "internal HDD" HOT 1
- When use together with `tomb`, it cause problem because of the loop device password prompt. HOT 1
- make appimage or static binary file HOT 1
- Not authorized to mount on Linux Mint HOT 1
- Hide unpower (at least for optical devices) HOT 2
- Fedora package is wrong name on the installation manual HOT 1
- Why does the polkit rule grants permission to users in storage group? HOT 2
- Flat menu style not working HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from udiskie.