Automatically mount after booting

A nice idea: automounting your /home

When I work with my notebook I usually have my Windowmaker desktop on X11. When I boot I want X to be start directly. Because of this I use graphical login on RedHat 9 which starts a displaymanager (gdm in this case) and let me log in. Since I do not want to switch to the console and mount my encrypted /home manually I use the following mechanism which ask for the passphrase, fsck's the partition and mount it, just before Windowmaker starts.

PreSession with gdm

GDM has the feature of executing commands after login, before starting the users X11 setup. Some addional commands in the PreSession script of gdm are enough to detect if /home is mounted, and provides a passphrase dialog otherwise, allowing to mount it then directly. Also I added a fsck to that function to make sure everything is ok and allow to repair otherwise. Some small issues need a work around, namely the authority handling which need to save the ~/.Xauthority file before /home is mounted and restore it afterwards. If you use RedHat 9 just add the following lines to /etc/X11/gdm/PreSession/Default (after the xsetroot block), or download my Default script. The patch will also work with Fedora Core 1, a prepatched version is available here. For Fedora Core 2 just use this version. Fedora Core 3 has different fsck-options, so use this version for ext2/3 filesystems. With Fedora Core 4 and LUKS the setup is slightly different, so use this version. x11-ssh-askpass is gone on Fedora Core 5, so use this version for LUKS (Note: on FC5 the file is located in /etc/gdm/PreSession/Default).

###################################
### Setup crypted homepartition ###
###################################

TMPPATH=`mktemp`.$USER.$$
if [ -e "$TMPPATH" ]; then
  echo "$0: FATAL: $TMPPATH exists, cannot proceed."
  exit
fi

mkdir $TMPPATH
TMPXA=$TMPPATH/.Xauthority
TMPXC=$TMPPATH/.Xconsole

echo "Setting up home partition" >$TMPXC
set -m
xconsole -file $TMPXC -geometry 500x200+0+0 &

echo "copying ~/.Xauthority for later restore on /home" >>$TMPXC
cp -a ~/.Xauthority "$TMPXA"

force=""
while [ "X`grep '/home ' /proc/mounts`" = "X" ]; do
  echo "/home not mounted" >>$TMPXC
  if [ "X`grep '/mnt/memstick ' /proc/mounts`" = "X" ]; then
    echo "/mnt/memstick not mounted, mounting it now" >>$TMPXC
    mount /mnt/memstick >>$TMPXC 2>>$TMPXC
  fi

  echo "setting up loopback-device" >>$TMPXC
  echo "enter \"fsck\" to force fsck" >>$TMPXC
  pass=`/usr/libexec/openssh/x11-ssh-askpass`
  if [ "$pass" = "fsck" ]; then
    force="-f"
    echo "fsck will be forced, please enter password now" >>$TMPXC
    pass=`/usr/libexec/openssh/x11-ssh-askpass`
  fi

  echo $pass | losetup -F /dev/loop5 -p 0 >>$TMPXC 2>>$TMPXC
  losetup /dev/loop5 >>$TMPXC 2>>$TMPXC
  if [ $? -eq 1 ]; then
    echo "loopback is not there" >>$TMPXC
  else
    echo "fsck'ing filesystem" >>$TMPXC
    fsck -a -C $force /dev/loop5 >>$TMPXC 2>>$TMPXC
    if [ $? -gt 1 ]; then
      echo "some error occured on fsck, please switch to a console and \
            correct this problem, press ENTER afterwards" >>$TMPXC
      read
      losetup -d /dev/loop5 >>$TMPXC 2>>$TMPXC
    else
      mount /dev/loop5 /home >>$TMPXC 2>>$TMPXC
    fi
  fi

  if [ "X`grep '/home ' /proc/mounts`" = "X" ]; then
    echo "/home is still not mounted, retry" >>$TMPXC
    sleep 2
  else
    echo "trying to umount memstick device" >>$TMPXC
    umount /mnt/memstick >>$TMPXC 2>>$TMPXC
  fi
done

cd /
cd ~
echo "copying ~/.Xauthority" >>$TMPXC
mv "$TMPXA" ~/.Xauthority

echo "continue with normal X startup procedure" >>$TMPXC
cat "$TMPXC" >> ~/.xsession-errors
sleep 1
builtin kill %xconsole
rm -rf "$TMPPATH"

###################################

The example above uses /mnt/memstick as device on which the keyfile and keyring is stored. To get it work you also need openssh-askpass for the password dialog. Output will go to a xconsole which is part of XFree86.

When using Fedora Core 4 with LUKS you have to change the block which checks and mounts the filesystem like this:

  echo $pass | gpg --homedir=/mnt/memstick/HomeAES --passphrase-fd 0 --no-tty -d \
     /mnt/memstick/HomeAES/keyfile.gpg | \
     cryptsetup luksOpen /dev/MyVolGrp/home homedm >>$TMPXC 2>>$TMPXC
  losetup /dev/loop5 >>$TMPXC 2>>$TMPXC
  cryptsetup status homedm >>$TMPXC 2>>$TMPXC
  if [ $? -eq 1 ]; then
    echo "loopback is not there" >>$TMPXC
  else
    echo "fsck'ing filesystem" >>$TMPXC
    e2fsck -p -C 0 $force /dev/mapper/homedm >>$TMPXC 2>>$TMPXC
    if [ $? -gt 1 ]; then
      echo "some error occured on fsck, please switch to a console and \
            correct this problem, press ENTER afterwards" >>$TMPXC
      read
      cryptsetup luksClose homedm >>$TMPXC 2>>$TMPXC
    else
      mount /dev/mapper/homedm /home >>$TMPXC 2>>$TMPXC
    fi
  fi

Go here if you need a download overview.

MHENSLER.de/cryptohome/boot_en.php#20060320-203132$1.13  [20108] © Matthias Hensler 2002-12, All Rights Reserved