Re: automatic mounting of an encrypted harddrive
On Sun, Nov 08, 2009 at 21:48:05 +0100, Tobias Schula wrote: > Am Sonntag 08 November 2009 14:34:45 schrieb Florian Kulzer: > > On Sun, Nov 08, 2009 at 13:01:36 +0100, Tobias Schula wrote: [...] > > > Ah, I see, this is the output on my computer: > > > # /sbin/blkid -p /dev/sdc1 > > > /dev/sdc1: ambivalent result (probably more filesystems on the device) [...] > > > After these steps I was able to plug it in and the KDE device notifier > > > showed me the new drive. But I didn't set it up in Debian but in Kubuntu > > > if that's important. > > > > I cannot find anything wrong with your procedure. I think the fact that > > you used Kubunutu should not matter. Denken ist Glückssache... [...] > # hd -n 80 /dev/sdc1 > 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKSaes.| > 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || > 0020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 |xts-plai| > 0030 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |n...| > 0040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |sha1| > 0050 > > > Here's one strange thing: I encrypted USB flash drive following the steps > above. But this time it works! What's the difference between the two? [...] > # hd -n 80 /dev/sdc1 > 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKSaes.| > 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || > 0020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |cbc-essi| > 0030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256| > 0040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |sha1| > 0050 > > It seems that Ubuntu uses xts-plain but Sid cbc-essiv and the SHA-256 > algorithm. But it's strange that both drives are recognised by Kubuntu but > only the flash drive by Debian. It looks like blkid has a bug that has been fixed in Ubuntu, see their changelog of util-linux: util-linux (2.16-1ubuntu5) karmic; urgency=low * Always return encrypted block devices as the first detected encryption system (ie. LUKS, since that's the only one) rather than probing for additional metadata and returning an ambivalent result. LP: #428435. -- Scott James Remnant Wed, 21 Oct 2009 14:22:31 +0100 You can file a bug report against Debian's util-linux and ask the maintainer to take over the Ubuntu fix. -- Regards,| Florian | -- To UNSUBSCRIBE, email to debian-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: automatic mounting of an encrypted harddrive
Am Sonntag 08 November 2009 14:34:45 schrieb Florian Kulzer: > On Sun, Nov 08, 2009 at 13:01:36 +0100, Tobias Schula wrote: > > Am Samstag 07 November 2009 17:20:44 schrieb Florian Kulzer: > > [...] > > > > Blkid cannot identify the filesystem on sdc1. It should work like this > > > (my encrypted USB stick is /dev/sda1): > > > > > > $ /sbin/blkid -p /dev/sda1 > > > /dev/sda1: UUID="60160a54-2d59-46f7-b46f-3490a767e820" VERSION="256" > > > TYPE="crypto_LUKS" USAGE="crypto" > > > > Ah, I see, this is the output on my computer: > > # /sbin/blkid -p /dev/sdc1 > > /dev/sdc1: ambivalent result (probably more filesystems on the device) > > [ snip: util-linux, libblkid1 and libuuid1 are all up-to-date ] > > > > Also, are you sure that you have a standard crypto_LUKS partition? How > > > did you set it up? […] > > > > After these steps I was able to plug it in and the KDE device notifier > > showed me the new drive. But I didn't set it up in Debian but in Kubuntu > > if that's important. > > I cannot find anything wrong with your procedure. I think the fact that > you used Kubunutu should not matter. > > Please show me the partition table of the disk/stick and the beginning > of the LUKS partition, i.e. the output of: > > fdisk -l /dev/sdc # fdisk -l /dev/sdc Disk /dev/sdc: 640.1 GB, 640135028736 bytes 255 heads, 63 sectors/track, 77825 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x257dbcd5 Device Boot Start End Blocks Id System /dev/sdc1 1 77825 625129281 83 Linux > hd -n 80 /dev/sdc1 # hd -n 80 /dev/sdc1 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKSaes.| 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || 0020 00 00 00 00 00 00 00 00 78 74 73 2d 70 6c 61 69 |xts-plai| 0030 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |n...| 0040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |sha1| 0050 Here's one strange thing: I encrypted USB flash drive following the steps above. But this time it works! What's the difference between the two? The following output is from my flash drive: # fdisk -l /dev/sdc Disk /dev/sdc: 8039 MB, 8039300608 bytes 255 heads, 63 sectors/track, 977 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0xe807 Device Boot Start End Blocks Id System /dev/sdc1 1 977 7847721b W95 FAT32 # hd -n 80 /dev/sdc1 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKSaes.| 0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || 0020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |cbc-essi| 0030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256| 0040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |sha1| 0050 It seems that Ubuntu uses xts-plain but Sid cbc-essiv and the SHA-256 algorithm. But it's strange that both drives are recognised by Kubuntu but only the flash drive by Debian. Regards Tobias -- To UNSUBSCRIBE, email to debian-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: automatic mounting of an encrypted harddrive
On Sun, Nov 08, 2009 at 13:01:36 +0100, Tobias Schula wrote: > Am Samstag 07 November 2009 17:20:44 schrieb Florian Kulzer: [...] > > Blkid cannot identify the filesystem on sdc1. It should work like this > > (my encrypted USB stick is /dev/sda1): > > > > $ /sbin/blkid -p /dev/sda1 > > /dev/sda1: UUID="60160a54-2d59-46f7-b46f-3490a767e820" VERSION="256" > > TYPE="crypto_LUKS" USAGE="crypto" > > Ah, I see, this is the output on my computer: > # /sbin/blkid -p /dev/sdc1 > /dev/sdc1: ambivalent result (probably more filesystems on the device) [ snip: util-linux, libblkid1 and libuuid1 are all up-to-date ] > > Also, are you sure that you have a standard crypto_LUKS partition? How > > did you set it up? > > I erased all data it previously contained: > # dd if=/dev/urandom of=/dev/sdc1 > > I set up the crypt device: > # cryptsetup luksFormat /dev/sdc1 > > Opening the device mapper: > # cryptsetup luksOpen /dev/sdc1 crypt_backup > > Formating it with ext3: > # mkfs.ext3 /dev/mapper/crypt_backup > > Mounting the file system: > # mount /dev/mapper/crypt_backup /mnt > > Setting rights: > # chown 1000:1000 /mnt > > Unmounting the file system: > # umount /dev/mapper/crypt_backup > > Closing device mapper: > # cryptsetup luksClose crypt_backup > > After these steps I was able to plug it in and the KDE device notifier showed > me the new drive. But I didn't set it up in Debian but in Kubuntu if that's > important. I cannot find anything wrong with your procedure. I think the fact that you used Kubunutu should not matter. Please show me the partition table of the disk/stick and the beginning of the LUKS partition, i.e. the output of: fdisk -l /dev/sdc hd -n 80 /dev/sdc1 -- Regards,| Florian | -- To UNSUBSCRIBE, email to debian-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: automatic mounting of an encrypted harddrive
Am Samstag 07 November 2009 17:20:44 schrieb Florian Kulzer: > On Sat, Nov 07, 2009 at 15:54:17 +0100, Tobias Schula wrote: > > Am Freitag 06 November 2009 23:21:57 schrieb Florian Kulzer: > > > On Fri, Nov 06, 2009 at 16:37:11 +0100, Tobias Schula wrote: > > > > Am Sonntag 25 Oktober 2009 10:28:34 schrieb Florian Kulzer: > > > > > > [...] > > > > > > > > That probably means that HAL does not set the crypto-related > > > > > properties for the device, which would explain why KDE does not > > > > > know how to handle it. > > [...] > > > > These three lines should look like this: > > > > > > volume.fstype = 'crypto_LUKS' (string) > > > volume.fsusage = 'crypto' (string) > > > volume.fsversion = '256' (string) > > > > > > Udev should set these properties based on the results of running > > > /sbin/blkid on the device, triggered by 60-persistent-storage.rules. We > > > have to find out why this does not happen on your system. > > > > > > Please run > > > > > > udevadm test $(udevadm info --query=path -n /dev/sdc1) > > [...] > > > OK, here's the output: http://debian.pastebin.com/m2a365e1f > > Here is your problem: > > udev_rules_apply_to_event: IMPORT '/sbin/blkid -o udev -p /dev/sdc1' > /lib/udev/rules.d/60-persistent-storage.rules:129 util_run_program: > '/sbin/blkid -o udev -p /dev/sdc1' started > util_run_program: '/sbin/blkid' (stderr) '/dev/sdc1: ambivalent result > (probably more filesystems on the device)' util_run_program: '/sbin/blkid > -o udev -p /dev/sdc1' returned with exitcode 2 > > Blkid cannot identify the filesystem on sdc1. It should work like this > (my encrypted USB stick is /dev/sda1): > > $ /sbin/blkid -p /dev/sda1 > /dev/sda1: UUID="60160a54-2d59-46f7-b46f-3490a767e820" VERSION="256" > TYPE="crypto_LUKS" USAGE="crypto" Ah, I see, this is the output on my computer: # /sbin/blkid -p /dev/sdc1 /dev/sdc1: ambivalent result (probably more filesystems on the device) > > Make sure you have the up-to-date versions of these packages: > > $ dpkg -l util-linux libblkid1 libuuid1 | awk '/^ii/{print $2,$3}' > libblkid1 2.16.1-4 > libuuid1 2.16.1-4 > util-linux 2.16.1-4 All up to date: # dpkg -l util-linux libblkid1 libuuid1 | awk '/^ii/{print $2,$3}' libblkid1 2.16.1-4 libuuid1 2.16.1-4 util-linux 2.16.1-4 > > Also, are you sure that you have a standard crypto_LUKS partition? How > did you set it up? > I erased all data it previously contained: # dd if=/dev/urandom of=/dev/sdc1 I set up the crypt device: # cryptsetup luksFormat /dev/sdc1 Opening the device mapper: # cryptsetup luksOpen /dev/sdc1 crypt_backup Formating it with ext3: # mkfs.ext3 /dev/mapper/crypt_backup Mounting the file system: # mount /dev/mapper/crypt_backup /mnt Setting rights: # chown 1000:1000 /mnt Unmounting the file system: # umount /dev/mapper/crypt_backup Closing device mapper: # cryptsetup luksClose crypt_backup After these steps I was able to plug it in and the KDE device notifier showed me the new drive. But I didn't set it up in Debian but in Kubuntu if that's important. Regards Tobias -- To UNSUBSCRIBE, email to debian-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org