LUKS code and new method interface
David Zeuthen
davidz at redhat.com
Wed Jul 13 20:35:42 PDT 2005
On Wed, 2005-07-13 at 21:58 -0500, W. Michael Petullo wrote:
> I just got the LUKS cryptographic disk backend working with the new
> method interface. The method interface was the last thing I was waiting
> for and it seems to work well. David Z., I really like that the parameters
> are read from stdin instead of the environment. Thanks.
Sweet.
>
> Anyway, in order to get this stuff to work, do the following:
>
> 1. Install the latest version of my luks-tools package[1]. Version 0.0.5
> includes a hal-luks-setup wrapper script.
I was thinking it might make sense to ship this in the hal tarball so
distros only need to ship cryptsetup-luks? I would appreciate that.
>
> 2. Install a device information file that describes the interface used:
>
> <?xml version="1.0" encoding="ISO-8859-1"?> <!-- -*- SGML -*- -->
>
> <deviceinfo version="0.2">
>
> <device>
> <match key="info.udi" string="/org/freedesktop/Hal/devices/computer">
> <append key="info.interfaces" type="strlist">org.freedesktop.Hal.Device.Luks</append>
> <append key="org.freedesktop.Hal.Device.Luks.method_names" type="strlist">Setup</append>
> <append key="org.freedesktop.Hal.Device.Luks.method_signatures" type="strlist">ss</append>
> <append key="org.freedesktop.Hal.Device.Luks.method_execpaths" type="strlist">/usr/sbin/hal-luks-setup</append>
> </match>
> </device>
> </deviceinfo>
Ah, OK, we can do a little bit better here. Something like
<device>
<match key="volume.fsusage" string="crypto">
<match key="volume.fstype" string="crypto_LUKS">
<append key="info.interfaces" type="strlist">org.freedesktop.Hal.Device.Volume.Crypto</append>
<append key="org.freedesktop.Hal.Device.Volume.Crypto.method_names" type="strlist">Setup</append>
<append key="org.freedesktop.Hal.Device.Volume.Crypto.method_signatures" type="strlist">s</append>
<append key="org.freedesktop.Hal.Device.Volume.Crypto.method_execpaths" type="strlist">/usr/sbin/hal-luks-setup</append>
</match>
</match>
</device>
which should probably go in fdi/policy/10osvendor/15-storage-luks.fdi.
So, this has the following advantages
1. We don't have to pass the device file since hal-luks-setup can find
this in the environment as HAL_PROP_VOLUME_DEVICE
2. If we want to support other crypto types than LUKS the API is the
same only the script is different, e.g.
<device>
<match key="volume.fsusage" string="crypto">
<match key="volume.fstype" string="crypto_SOMETHINGELSE">
<append key="info.interfaces" type="strlist">org.freedesktop.Hal.Device.Volume.Crypto</append>
<append key="org.freedesktop.Hal.Device.Luks.method_names" type="strlist">Setup</append>
<append key="org.freedesktop.Hal.Device.Luks.method_signatures" type="strlist">s</append>
<append key="org.freedesktop.Hal.Device.Luks.method_execpaths" type="strlist">/usr/sbin/hal-someothercrypt-setup</append>
</match>
</match>
</device>
3. It's more natural to invoke methods on the object representing the
crypted volume that at the root computer object (methods/interfaces
on the computer object are for system-wide things only such as
e.g. system suspend)
How about that?
> I still need to add HAL interface support to my gnome-volume-manager
> patch. Until then, you can simulate the interaction with the following
> command:
>
> dbus-send --system --print-reply --dest=org.freedesktop.Hal /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.Luks.Setup string:/dev/DEVICE string:PASSWORD
>
> More information, including the status of this project, is available at [2].
Sweet. Thanks a lot.
Cheers,
David
_______________________________________________
hal mailing list
hal at lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/hal
More information about the Hal
mailing list