You are not logged in.
Hey there,
so, I had the idea to write a script, which mounts the usb-stick I inserted, unlocks my encrypted disk with luks by using the keyfile on the usb-stick and mounts the mapper device where I want to.
Everything works fine, except the 'mount-part'. It seems that I can't mount the mapper device with udev (see code below). I tested the code in the bash and it works fine.
Do anyone know why udev can't mount this device? I mean it can mount the usb-stick, why not '/dev/mapper/enc'?
Any solution for this?
Script executed by udev when the usb-stick is plugged in (/bin/luksencrypt.sh):
#!/bin/bash
mkdir /root/keydev
mount /dev/keydev /root/keydev
# Mount encrypted disk.
cryptsetup luksOpen --key-slot 1 --key-file /root/keydev/hashfile /dev/sdb1 enc
# udev don't execute this line here?! I tried it in console and it works ...
mount /dev/mapper/enc /mnt/DATA
# Unmount usb.
umount /dev/keydev
rmdir /root/keydev
Last edited by sharX (2014-11-07 21:31:52)
Offline
Please paste your udev rule.
Offline
10-cryptousb.rules:
ACTION=="add", ATTR{size}=="30283008", ATTRS{serial}=="0713C31252A833F7", SYMLINK+="keydev"
ACTION=="add", ATTR{size}=="30283008", ATTRS{serial}=="0713C31252A833F7", RUN+="/bin/luksencrypt.sh"
Offline
This can only be used for very short-running foreground tasks. Running an event process for a long period of time may block all further events for this or a dependent device.
Starting daemons or other long running processes is not appropriate for udev; the forked processes, detached or not, will be unconditionally killed after the event handling has finished.
Your drive is blocked from mounting until after the script is run. Use SYSTEMD_WANTS instead of RUN. See `man systemd.device` for the details.
Offline
Thanks for the fast reply, jasonwryan. This post was also very helpful: https://bbs.archlinux.org/viewtopic.php?id=149419
So I changed the udev-rules:
ACTION=="add", ATTR{size}=="30283008", ATTRS{serial}=="0713C31252A833F7", ENV{SYSTEMD_WANTS}="usbencrypt.service" SYMLINK+="keydev"
Then I created the "/etc/systemd/system/usbencrypt.service"-file:
[Unit]
Description=Auto Encrypt Luks Disk Over USB
[Service]
ExecStart=/bin/luksencrypt.sh
And everything works
Thanks again.
Offline
Yes, that's the post I stole from...
Offline