SlackwareThis Forum is for the discussion of Slackware Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have encrypted two partitions with cryptsetup, like it is described in the file README_CRYPT.TXT on the Slackware CD. The root partition is not encrypted.
I wondered what I needed to change to make even Slackware 12.0 able to read the passphrase file from an USB memory stick. In my search I stumpled upon a question and wanted to ask it here before I might damage my system.
In /etc/rc.d/rc.S are the commands to map cryptsetup devices and to mount all file systems that are listed in /etc/fstab. Is there any reason why this cryptsetup stuff is performed BEFORE the root filesystem is checked? Can I move it around a little, let's say right above the section where the fstab entries are mounted?
My idea: Let udev assing a individual symlink to the usbstick so that it's always know by a special name, for example /dev/usbstick. In rc.S, move the cryptsetup stuff down, right before fstab stuff. And even before that, mount my usbstick if it is known to the system with its individual udev-symlink. After all known partitions etc. are mounted umount the memory stick again.
Thanks for reading this far Any ideas if this will do any harm to my system or if there any traps I do not see?
It's just an idea since I don't really know about crypted partitions, but maybe the cryptsetup has to be done first in order for the filesystem to be checked. I suppose you could try manually trying to check the filesystem without having setup the crypting first, in order to see if that fails, or what?
You may be interested - a couple of weeks ago LQ member ta0kira posted about and uploaded some scripts that help with managing encrypted FLASH devices. You might get in touch with him to see what he knows about it.
See the thread here: http://www.linuxquestions.org/questi...-token-592505/
Many thanks for the link Gilbert (if I remember right ), I appreciate it. Looks like ta0kira goes one step further, and it will take some time for me to evaluate his/her scripts. From the description it is what I intended in the beginning, but I didn't know how to do this at all.
If you want, I can post the script I have run by the udev rule when the device is inserted. It uses the scripts I posted in the link gnashley posted. Basically it loops the devices/images with crypto, fscks them, unloops them, then mounts them.
yes, that would be nice. I cannot say that I understand fully what your scripts do, but your description in the other thread sounds interesting. Yesterday evening I started looking in your scripts and the docs you packed with it, but my time is very limited at the moment, so I decided to dig into it in a few days. If you could post the script, I appreciate it. It is called with the udev
In the meantime I succeeded to use my much simpler setup and will post a howto on how I did it, in case someone else is interested. A simple udev rule, changing rc.S startup script and of course setting up the encrypted partitions to take a keyfile as authentication. But it does NO error checking at all.
#CALL WITH NO ARGUMENTS TO DAEMONIZE, WITH manual TO KEEP IN FOREGROUND,
#AND WITH disconnect TO DISCONNECT ENCRYPTED PARTITIONS.
#MUST DAEMONIZE WHEN USING udev TO PREVENT FREEZING STARTUP SEQUENCE
if [ $# -eq 0 ]; then
exec $0 daemon &
#disconnect IS CALLED BY rc.0 AND rc.6
if [ "$1" == "disconnect" ]; then
if [ "$1" != "daemon" ] && [ "$1" != "manual" ]; then
#CHECK THE ACTION TYPE WHICH IS SET BY udev
if [ "$ACTION" == "remove" ]; then
#CHECK FILE SYSTEM THEN MOUNT
function setup_fs() # dev mount key
[ `grep -c " \`readlink -f \"$2\"\` " /proc/mounts` -eq 0 ] && \
loop-fs "$1" $check $3 && \
key-mount "$1" "$2" $3
#MAKE SURE udev SET UP A THE SYMLINK
if [ ! -b "/dev/keys" ]; then
#SET UP MOUNT POINT FOR USB DEVICE
install -d /mnt/keys
if [ ! -d "/mnt/keys" ]; then
#MOUNT USB DEVICE
if [ `grep -c "/dev/keys" /proc/mounts` -eq 0 ] && \
! ( mount /dev/keys /mnt/keys -r -o noexec ); then
#MAKE SURE PERTINENT key-scripts ARE EXECUTABLE
if [ ! -x "`which system-keys`" ] || [ ! -x "`which data-keys`" ] || \
[ ! -x "`which key-mount`" ] || [ ! -x "`which clear-data`" ] || \
[ ! -x "`which clear-system`" ]; then
#LOAD SYSTEM AND DATA KEYS (BASED ON /etc/key-scripts.conf)
#USE SHELL FUNCTION TO CHECK AND MOUNT A PARTITION (THIS IS AN IMAGE)
#BLUE ARGUMENT IS THE NAME OF THE KEY
setup_fs /root/root.vault /root system/home "-o sync"
#UNLOAD SYSTEM AND DATA KEYS
#UNMOUNT USB DEVICE
I keep the scripts I posted in the other thread in /usr/sbin so that I can start my system with the USB device attached and the partitions will automatically mount. It will also work to start it without the USB device then insert it at any time later.
PS Here is my /etc/key-scripts.conf:
SYSTEM_CODE="[this will be on the device]"
PPS You don't need to go through all of the system-keys/data-keys business unless you want the key itself encrypted on the USB device. To just leave it in the open, take out the lines in red.
Yeah, I suppose I do need to update and clarify the howtos and add some more comments to the scripts. I actually haven't read through them myself for quite a while.
PS It sounds like all you really need is the fastdm script. All of the others are for a specific purpose, but you can do everything you need to with that (plus losetup if you plan to use images instead of devices.)