[dm-crypt] u?mount (8) helper script for luks encrypted disks

.. ink .. mhogomchungu at gmail.com
Fri Aug 30 01:56:38 CEST 2013

On 29.08.2013 07:50, Milan Broz wrote:
> > On 26.8.2013 10:23, Matthias Schniedermeyer wrote:
> > >Personally i "solved" this by renaming /bin/mount to /bin/mount.orig
> > >and putting a shell-script as /bin/mount that checks if i want to mount
> > >a /dev/mapper/XXX and does the setup of XXX before it calls
> > >/bin/mount.orig.
> >
> > Underlying device construction can be very complex task sometimes
> > (it can be combination of lvm, mdraid, multipath, partitions and
> whatever.)
> >
> > So while it works for your use case, it will not work for other.
> And there will never be a "one size fits all" solution for this.
> Sure, someone could create a "monster" that could cope with anything.
> But that wouldn't be KISS.
Its possible to have a "one size that fits all" without it being a "monster"

In your "mount" script,take a path to an arbitrary device and then do the

On mounting:

1. call "blkid" and check the file system on the device,if its present and
its not "crypto_LUKS",then its a device with a normal file system,just
mount it normally.

2. if the file system is found to be "crypto_LUKS",then call cryptseup to
unlock the path with whatever tool policy you have to create the mapper
path.Then call "blkid" against the mapper path to check the file system and
then mount the mapper normally.

Its just that simple.

On unmounting.
1. Look at the path to be unmounted,if it starts with "/dev/mapper/" then
it could an mdraid path or a cryptsetup mapper path or something else.Its
easy to check which one is it.
2. If its encrypted mapper path,then unmount the mapper and then call
cryptsetup to unmap the mapper.If its not encrypted then just unmount.

The whole thing seem easy enough and can be done by adding a handful of if
statements in the script
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20130829/b1ff5aa3/attachment.html>

More information about the dm-crypt mailing list