[pkg-cryptsetup-devel] u?mount (8) helper script for luks encrypted disks

Sat Aug 24 15:40:18 UTC 2013

Dear list,

Today I worked on a simple way to mount/umount luks encrypted disks:

I know, there a several ways to do this: cryptmount, cryptsetup, initd
scripts etc..

But I was looking for a way to use the standard mount (8) utility for
this. I came up with mount "helper" scripts as used sometimes with
ntfs-3g, fuse or nfs filesystems. These helper scripts are located
in /sbin/mount.FSTYPE and executed in precendence if they exist.
I introduced a "virtual" FSTYPE named "luks" to identify my luks
encrypted drives.

My version a simple Bash script which is based on cryptsetup:

https://github.com/stv0g/snippets/blob/master/bash/mount.luks.sh
(Please note the comments in the script for further tech details.)

Now I'm able to mount my drives with a simple call to mount (8):

	mount -t luks /dev/sda1 /home

Or use a line in my /etc/fstab for this:

	/dev/sda/   /home   luks   defaults,compress   0 0

Followed by a std "mount /home"

At the moment my script has some minor drawbacks which could be
fixed for the future:

1. Mount has to automatically determine the real filesystem type.
   If it fails with this, my script wont work.

2. Currently, passphrases can only supplied via STDIN.

I'm curious about your feedback. And perhaps we could add this to the
cryptsetup tarball as it's a helper script based on cryptsetup.

Or do you think thats its up to the distro maintainers to include such a
enhancement?

Regards,

	Steffen

-- 
Steffen Vogel
Robensstraße 69
52070 Aachen

Mail: post at steffenvogel.de
Mobil: +49 176 34911387
Web: http://www.steffenvogel.de
Jabber: steffen.vogel at jabber.rwth-aachen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20130824/ed42499c/attachment.sig>