On Sun, Dec 14, 2008 at 9:40 PM, Mike Rooney <mroo...@ubuntu.com> wrote: > I am working on integrating ecryptfs private directories > (https://help.ubuntu.com/community/EncryptedPrivateDirectory) into the Gnome > desktop, and want to make mounting and unmounting (or unlocking and locking > as we'll perhaps call it) as easy as possible.
Sorry Mike, this email totally slipped through the cracks in my inbox... > As such something like this mock would be great: > http://launchpadlibrarian.net/17440012/mockup.png. Andrew Walton pointed me > towards http://library.gnome.org/devel/gio/stable/GMount.html and said it > should be possible, but what do we need to do on the mount level for this to > work? Currently the mount shows up as: "/home/username/.Private on > /home/username/Private type ecryptfs > (rw,ecryptfs_sig=xxxx,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user=username)", > if that is of any help. > > And what needs to happen on the Nautilus front, to get the banner at the top > either in either case (I assume the custom icons in the sidebar aren't easy > so that isn't necessary)? When the directory is "unmounted" it still exists, > just with no contents, except for currently a symlink to the binary to mount > it, so we want a banner like the mockup. When it is mounted then we would a > similar one allow the user to unmount/lock it. > > Any comments on the idea -- thoughts, criticisms or suggestions for > integration? > > Dustin, I've copied you since you are doing a lot of the underlying > integration work and assume at the least I'll need mentoring on this. It > seems like if we can land this then we don't want the symlink when it is > unmounted but then the terminal ls output isn't particularly useful. The symlink won't be necessary, if it's supported in the graphical file browser. The current use of the symlink is a best-effort, hack to point the user in the right direction for getting access to their encrypted data. Basically, if a user's encrypted Private directory is mounted, they can read/write their data in there as normal. There should simply be a mechanism for a user to unmount that ~/Private mountpoint. The /usr/bin/ecryptfs-umount-private should be called to do this. If a user's encrypted Private directory is not mounted, then: a) the user needs to be informed of this somehow (we're doing this now with a README.txt explaining the situation). If this could be handled more artistically, that would be great. b) the user needs to be able to perform the mount. To do this, the user must enter their login passphrase, this needs to be used to unwrap the mount passphrase, the mount passphrase needs to be added to the kernel keyring, and then the mount needs to happen. All of this is handled in the shell script /usr/bin/ecryptfs-mount-private. This is the code you would either need to call or re-implement to handle this graphically. Hope this helps. Cheers, :-Dustin :-Dustin -- nautilus-list mailing list nautilus-list@gnome.org http://mail.gnome.org/mailman/listinfo/nautilus-list