You are not logged in.

#1 2021-04-11 15:56:55

gtf21
Member
Registered: 2020-06-28
Posts: 107
Website

Automatically mounting luks-encrypted drives

I have an external hard-drive which I use for daily backups of my laptop (when connected). It is luks-encrypted such that the normal process of mounting it would be:

sudo cryptsetup luksOpen /dev/sdc backuplvm --key-file=/path/to/keyfile
sudo mount /dev/mapper/BackupVolGroup-backups /mnt/backup

Unmounting it is a bit more involved, and I have to do the following:

sudo umount /mnt/backup
sudo dmsetup remove BackupVolGroup-backups
sudo cryptsetup close backuplvm

What I'm trying to achieve is a way of this drive automatically mounting when present, so that my daily backup script can run, but not holding anything up if it's not there.

I've tried following various manuals and guides, and adding the following to /etc/crypttab:

backuplvm      UUID=<UUID>    /path/to/keyfile noauto,nofail,luks

and to /etc/fstab:

/dev/mapper/BackupVolGroup-backups /mnt/backup ext4 rw,noexec,nofail,x-systemd.device-timeout=1ms 0 2

There are a few things I don't understand:

1. Will having that line in /etc/fstab automatically mount it when the device is present? Is it the right device to put in there?
2. How do I tell the system to use the definition in /etc/crypttab when mounting this device?
3. How do I control the order things happen in, clearly the luksOpen command equivalent needs to come first?
4. How do I make this happen when the device is plugged in automatically? I read that one shouldn't put mounts into udev as it sits in a different namespace, but I don't quite understand how to make systemd-mount do what I want either.
5. How do I cleanly unmount these things automatically with a basic umount command?

Offline

#2 2021-04-11 16:02:58

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Automatically mounting luks-encrypted drives

4-5) udiskie:

device_config:
  - id_uuid: XXXXXX
    keyfile: /path/to/keyfile

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2021-04-13 21:18:50

gtf21
Member
Registered: 2020-06-28
Posts: 107
Website

Re: Automatically mounting luks-encrypted drives

(Haven't had a chance to try this yet but wanted to say thanks for the tip)

Offline

#4 2021-04-15 08:14:59

gtf21
Member
Registered: 2020-06-28
Posts: 107
Website

Re: Automatically mounting luks-encrypted drives

@jasonwryan this worked well for automatically unlocking the drives, thanks! The only problem is that udisks2 is not obeying /etc/fstab with respect to mount points which is a bit frustrating.

Offline

#5 2021-04-15 18:02:20

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: Automatically mounting luks-encrypted drives

Yeah, for pluggable devices, you are better off with a label; then you know it will always be mounted to /media/$LABEL (or /run/media/$LABEL if you prefer that).


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

Board footer

Powered by FluxBB