-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2008-10-14 at 11:38 +0100, Bob Williams wrote:
How do get the system to mount the USB memory stick *before* it tries to mount /home, so that the alternative passphrase can be found?
That part I know :-)
You can not use "fstab", or the system will fail booting if the stick is not in, and go into fsck mode. But you can add an init script that mounts the stick if present. The stick filesystem should have a label to make this easier.
If you don't know how to make that script, ask again :-)
Great! Yes, please. I'm ready for my script writing tutorial :)
The reason I want to do this is 1) I like learning new tricks, 2) I'd like to make it difficult for anyone who stole/found my laptop to get into it. OTOH I don't want it to be too cumbersome for me to use, hence this compromise between an open system and a long passphrase held in 'biological memory'.
Ok! First thing is to add a label to the stick filesystem; this is usually done while formatting, but there are tools for doing it later. ext2/3, reiser, xfs... I'm not sure vfat is supported, maybe it is. Just assume the label is "mylabel", and it will thus be visible in "/dev/disk/by-label/". You can connect your stick and see if it is there, most do have a label. Add a line for your stick in fstab, like: LABEL=mylabel /mnt/usb/myusbstick reiserfs noatime,nodiratime,user,noauto,acl,user_xattr 0 0 Create the mount point (change it to your liking, but I prefer leaving /media for automated mount only), and check that you can mount it by issuing the command: mount /mnt/usb/myusbstick The script is placed in /etc/init.d. I'm going to write it, based on another of mine, without checking it, I leave that to you :-) (have a look at the script 'skeleton', man init.d, and also the suse book, it is explained there). #! /bin/sh # /sbin/rchelloworld MYLABEL="mylabel" MYSTICK="/mnt/usb/myusbstick" ### BEGIN INIT INFO # Provides: HelloWorld # Required-Start: $syslog $remote_fs $local_fs $kbd # Required-Stop: $syslog $remote_fs $local_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Mounts usb stick ### END INIT INFO # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_reset clear local rc status (overall remains) # rc_exit . /etc/rc.status rc_reset case "$1" in start) ISDISK=`ls /dev/disk/by-label | grep $MYLABEL` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk" rc_failed else /etc/init.d/boot.crypto start Something fi # Remember status and be verbose rc_status -v ;; stop) /etc/init.d/boot.crypto stop Something rc_status -v ;; try-restart) $0 stop && $0 start rc_status ;; restart) $0 stop $0 start rc_status ;; force-reload) $0 stop && $0 start rc_status ;; reload) echo -n "not supported" rc_status -v # If it does not support reload: ;; status) $0 start #rc_status ;; probe) ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit Name it, rcmyusb, for instance, and make a symlink to it in /sbin named mysub. Give it execute permission. You have to test it by running "mysusb start". Check how it fails when stick is not present, I'm not sure it will produce the correct output. You also have to check the correct data to give to "/etc/init.d/boot.crypto" so that it mounts your stick. I think there is another method if it is of the new... hold on, I goofed. Your stick is not encrypted, is it? Then the start section should be: start) ISDISK=`ls /dev/disk/by-label | grep $MYLABEL` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk" rc_failed else mount $MYSTICK fi # Remember status and be verbose rc_status -v ;; stop) umount $MYSTICK rc_status -v ;; Another: status) ISDISK=`mount | grep $MYSTICK` if ! test -n "$ISDISK" ; then echo "*** ERROR: missing disk or not mounted" rc_failed fi rc_status -v ;; When it works, activate it: chkconfig mysub on and you should be done :-) Usual disclaimers apply. If you go up in smoke, don't blame me, just quit smoking cigars :-p - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkj0jUgACgkQtTMYHG2NR9WcdwCcD0dP4m2tMFt+uDo/yVC5qAFF opAAn2XYQjafnOyefm2KCQLNJyWOoVSz =Azcl -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org