When I work with my notebook I usually have my Windowmaker desktop on X11. When I boot I want X to be start directly. Because of this I use graphical login on RedHat 9 which starts a displaymanager (gdm in this case) and let me log in. Since I do not want to switch to the console and mount my encrypted /home manually I use the following mechanism which ask for the passphrase, fsck's the partition and mount it, just before Windowmaker starts.
GDM has the feature of executing commands after login, before starting the users X11 setup. Some addional commands in the PreSession script of gdm are enough to detect if /home is mounted, and provides a passphrase dialog otherwise, allowing to mount it then directly. Also I added a fsck to that function to make sure everything is ok and allow to repair otherwise. Some small issues need a work around, namely the authority handling which need to save the ~/.Xauthority file before /home is mounted and restore it afterwards. If you use RedHat 9 just add the following lines to /etc/X11/gdm/PreSession/Default (after the xsetroot block), or download my Default script. The patch will also work with Fedora Core 1, a prepatched version is available here. For Fedora Core 2 just use this version. Fedora Core 3 has different fsck-options, so use this version for ext2/3 filesystems. With Fedora Core 4 and LUKS the setup is slightly different, so use this version. x11-ssh-askpass is gone on Fedora Core 5, so use this version for LUKS (Note: on FC5 the file is located in /etc/gdm/PreSession/Default).
###################################
### Setup crypted homepartition ###
###################################
TMPPATH=`mktemp`.$USER.$$
if [ -e "$TMPPATH" ]; then
echo "$0: FATAL: $TMPPATH exists, cannot proceed."
exit
fi
mkdir $TMPPATH
TMPXA=$TMPPATH/.Xauthority
TMPXC=$TMPPATH/.Xconsole
echo "Setting up home partition" >$TMPXC
set -m
xconsole -file $TMPXC -geometry 500x200+0+0 &
echo "copying ~/.Xauthority for later restore on /home" >>$TMPXC
cp -a ~/.Xauthority "$TMPXA"
force=""
while [ "X`grep '/home ' /proc/mounts`" = "X" ]; do
echo "/home not mounted" >>$TMPXC
if [ "X`grep '/mnt/memstick ' /proc/mounts`" = "X" ]; then
echo "/mnt/memstick not mounted, mounting it now" >>$TMPXC
mount /mnt/memstick >>$TMPXC 2>>$TMPXC
fi
echo "setting up loopback-device" >>$TMPXC
echo "enter \"fsck\" to force fsck" >>$TMPXC
pass=`/usr/libexec/openssh/x11-ssh-askpass`
if [ "$pass" = "fsck" ]; then
force="-f"
echo "fsck will be forced, please enter password now" >>$TMPXC
pass=`/usr/libexec/openssh/x11-ssh-askpass`
fi
echo $pass | losetup -F /dev/loop5 -p 0 >>$TMPXC 2>>$TMPXC
losetup /dev/loop5 >>$TMPXC 2>>$TMPXC
if [ $? -eq 1 ]; then
echo "loopback is not there" >>$TMPXC
else
echo "fsck'ing filesystem" >>$TMPXC
fsck -a -C $force /dev/loop5 >>$TMPXC 2>>$TMPXC
if [ $? -gt 1 ]; then
echo "some error occured on fsck, please switch to a console and \
correct this problem, press ENTER afterwards" >>$TMPXC
read
losetup -d /dev/loop5 >>$TMPXC 2>>$TMPXC
else
mount /dev/loop5 /home >>$TMPXC 2>>$TMPXC
fi
fi
if [ "X`grep '/home ' /proc/mounts`" = "X" ]; then
echo "/home is still not mounted, retry" >>$TMPXC
sleep 2
else
echo "trying to umount memstick device" >>$TMPXC
umount /mnt/memstick >>$TMPXC 2>>$TMPXC
fi
done
cd /
cd ~
echo "copying ~/.Xauthority" >>$TMPXC
mv "$TMPXA" ~/.Xauthority
echo "continue with normal X startup procedure" >>$TMPXC
cat "$TMPXC" >> ~/.xsession-errors
sleep 1
builtin kill %xconsole
rm -rf "$TMPPATH"
###################################
The example above uses /mnt/memstick as device on which the keyfile and keyring is stored. To get it work you also need openssh-askpass for the password dialog. Output will go to a xconsole which is part of XFree86.
When using Fedora Core 4 with LUKS you have to change the block which checks and mounts the filesystem like this:
echo $pass | gpg --homedir=/mnt/memstick/HomeAES --passphrase-fd 0 --no-tty -d \
/mnt/memstick/HomeAES/keyfile.gpg | \
cryptsetup luksOpen /dev/MyVolGrp/home homedm >>$TMPXC 2>>$TMPXC
losetup /dev/loop5 >>$TMPXC 2>>$TMPXC
cryptsetup status homedm >>$TMPXC 2>>$TMPXC
if [ $? -eq 1 ]; then
echo "loopback is not there" >>$TMPXC
else
echo "fsck'ing filesystem" >>$TMPXC
e2fsck -p -C 0 $force /dev/mapper/homedm >>$TMPXC 2>>$TMPXC
if [ $? -gt 1 ]; then
echo "some error occured on fsck, please switch to a console and \
correct this problem, press ENTER afterwards" >>$TMPXC
read
cryptsetup luksClose homedm >>$TMPXC 2>>$TMPXC
else
mount /dev/mapper/homedm /home >>$TMPXC 2>>$TMPXC
fi
fi
Go here if you need a download overview.