On Tuesday 14 October 2008 13:15:00 Carlos E. R. wrote:
On Tuesday, 2008-10-14 at 11:38 +0100, Bob Williams wrote:
How do get the system to mount the USB memory stick *before* it tries to mount /home, so that the alternative passphrase can be found?
That part I know :-)
You can not use "fstab", or the system will fail booting if the stick is not in, and go into fsck mode. But you can add an init script that mounts the stick if present. The stick filesystem should have a label to make this easier.
If you don't know how to make that script, ask again :-)
Great! Yes, please. I'm ready for my script writing tutorial :)
The reason I want to do this is 1) I like learning new tricks, 2) I'd like to make it difficult for anyone who stole/found my laptop to get into it. OTOH I don't want it to be too cumbersome for me to use, hence this compromise between an open system and a long passphrase held in 'biological memory'.
Ok!
Many thanks, Carlos. I'll look at this in more detail in a couple of days, when I have more time, but an initial run of 'myusb start' threw up the following: /sbin/myusb: line 24: ./etc/rc.status: No such file or directory #but I've looked and it's there! /sbin/myusb: line 25: rc_reset: command not found #but I can see it on line 77 of rc.status! /sbin/myusb: line 38: rc_status: command not found /sbin/myusb: line 74: rc_exit: command not found
First thing is to add a label to the stick filesystem; this is usually done while formatting, but there are tools for doing it later. ext2/3, reiser, xfs... I'm not sure vfat is supported, maybe it is. Just assume the label is "mylabel", and it will thus be visible in "/dev/disk/by-label/". You can connect your stick and see if it is there, most do have a label.
Add a line for your stick in fstab, like:
LABEL=mylabel /mnt/usb/myusbstick reiserfs noatime,nodiratime,user,noauto,acl,user_xattr 0 0
Done this
Create the mount point (change it to your liking, but I prefer leaving /media for automated mount only), and check that you can mount it by issuing the command:
mount /mnt/usb/myusbstick
Done this
The script is placed in /etc/init.d. I'm going to write it, based on another of mine, without checking it, I leave that to you :-)
(have a look at the script 'skeleton', man init.d, and also the suse book, it is explained there).
Which suse book?
#! /bin/sh # /sbin/rchelloworld
MYLABEL="mylabel" MYSTICK="/mnt/usb/myusbstick"
### BEGIN INIT INFO # Provides: HelloWorld # Required-Start: $syslog $remote_fs $local_fs $kbd # Required-Stop: $syslog $remote_fs $local_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Mounts usb stick ### END INIT INFO
# Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_reset clear local rc status (overall remains) # rc_exit . /etc/rc.status rc_reset
case "$1" in start) ISDISK=`ls /dev/disk/by-label | grep $MYLABEL` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk" rc_failed else /etc/init.d/boot.crypto start Something fi
# Remember status and be verbose rc_status -v ;; stop) /etc/init.d/boot.crypto stop Something rc_status -v ;; try-restart) $0 stop && $0 start rc_status ;; restart) $0 stop $0 start rc_status ;; force-reload) $0 stop && $0 start rc_status
;; reload) echo -n "not supported" rc_status -v
# If it does not support reload: ;; status) $0 start #rc_status ;; probe) ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit
Name it, rcmyusb, for instance, and make a symlink to it in /sbin named mysub. Give it execute permission. You have to test it by running "mysusb start". Check how it fails when stick is not present, I'm not sure it will produce the correct output.
You also have to check the correct data to give to "/etc/init.d/boot.crypto" so that it mounts your stick. I think there is another method if it is of the new... hold on, I goofed. Your stick is not encrypted, is it? Then the start section should be:
No encrypted (it's the /home inside the laptop that's encrypted) so I used this:
start) ISDISK=`ls /dev/disk/by-label | grep $MYLABEL` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk" rc_failed else mount $MYSTICK fi
# Remember status and be verbose rc_status -v ;; stop) umount $MYSTICK rc_status -v ;;
Another:
status) ISDISK=`mount | grep $MYSTICK` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk or not mounted" rc_failed fi rc_status -v ;;
Do I need this section (above), or is it an alternative?
When it works, activate it:
There's the rub :(
chkconfig mysub on
and you should be done :-)
Usual disclaimers apply. If you go up in smoke, don't blame me, just quit smoking cigars :-p
Gave up twenty years ago :)
-- Cheers, Carlos E. R.
-- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.11-0.1-default, KDE 4.1.1 Intel Celeron 2.53GB, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org