On Mon 19 Feb 2024 at 23:53:41 (+0700), Max Nikulin wrote:
> David, feel free to stop discussion if you find me annoying. My
> problem in some sense is close to your one and I am trying to figure
> out if missed some udisks feature and the result is some
> inconvenience.
>
> On 19/02/2024 11:26, David Wright wrote:
> > On Sun 18 Feb 2024 at 12:41:29 (+0700), Max Nikulin wrote:
> > > On 18/02/2024 11:40, David Wright wrote:
> > > > $ udisksctl unlock --block-device /dev/disk/by-partlabel/Nokia01
> >
> > > When sudo is
> > > involved, I still do not see any advantage of udisk[s]ctl over
> > > "cryptsetup open".
> >
> > I'd be more worried about disadvantages. About the only difference
> > I see is that cryptsetup open requires a name.
>
> I find it convenient to have a meaningful name in /dev/mapper in
> addition to /dev/dm-X. So I would not call it pure disadvantage.
True, it makes the NAME in lsblk shorter. But the only time I've
defined a name is when opening the partition tocreate the filesystem:
# cryptsetup --align-payload 2048 luksFormat /dev/sdz9
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
# cryptsetup luksAddKey /dev/sdz9
Enter any existing passphrase:
Enter new passphrase for key slot:
Verify passphrase:
# cryptsetup open --type luks /dev/sdz9 thename
Enter passphrase for /dev/sdz9:
# ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Aug 18 10:35 control
lrwxrwxrwx 1 root root 7 Aug 18 10:35 thename -> ../dm-0
# ls -l /dev/dm-0
brw-rw---- 1 root disk 254, 0 Aug 18 10:35 /dev/dm-0
# mkfs.ext4 -L name09 /dev/mapper/thename
mke2fs 1.44.5 (15-Dec-2018)
Creating filesystem with 105966668 4k blocks and 26492928 inodes
Filesystem UUID: 3c832120-d40a-4998-b927-1318eb1e17f8
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done
# e2label /dev/mapper/thename name09 (if forgotten above).
#
[ … creating, chown-ing, chmod-ing top-level directories ]
# cryptsetup luksClose thename
#
> > > As third option, if I remember it correctly, pmount
> >
> > That would be pointless for me. After udev creates correctly-named
> > mountpoints using my rules, entries in fstab set the appropriate
> > flags for each individual device. That contradicts the expressed main
> > purpose of pmount: "permits normal users to mount removable devices
> > without a matching /etc/fstab entry." — precisely what I don't want.
>
> I consider pmount as a tool does not need separate unlock and mount
> commands, so a shell function becomes unnecessary. In respect to
> permissions (for removable drives) it acts as a substitute for sudo.
>
> I expected that you need to mount a partition under /media into the
> directory with name taken from filesystem LABEL. If so then udisksd
> can do it and /etc/fstab entry is unnecessary. You anyway added an
> udev rule. The following one should change mountpoint from
> /media/$USER/lulu01 to /media/lulu01
>
> SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="lulu01",
> ENV{UDISKS_FILESYSTEM_SHARED}="1"
>
> It seems that mixing of udisksctl and non-udisksctl commands can be avoided.
I hadn't thought about that as an issue. I've just chosen, for
each step, the method that's most convenient (for me). See:
https://lists.debian.org/debian-user/2024/01/msg00737.html
for some details of the first step, which I won't duplicate here.
I group-control the directory /etc/udev/rules.d/my-mountpoints,
hence all the 59 entries.
For decrypting, I use either the PARTLABEL or the device-ID. The
latter's useful for sticks and cards that I wipe more frequently,
which makes the other symlinks variable over time.
For mounting, I use fstab entries because they have the flags defined,
rather than putting them in the mount command. When I need to mount
with sudo, the flags include a private x-mysudo flag, which is picked
up by my wrapper around mount. (The bash function that started this
discussion doesn't say "mount /media/lulu01" but "mmm /media/lulu01".)
Unmounting is also wrapped, not just for sudo, but because it contains
a script to updatedb (for locate), ls -lR (for mc), and create a
listing (using find) that lists modification time, size and filename
in a customised format. After any locking, the three products are
automatically transferred to my other hosts to keep them up-to-date.
It probably all looks hackish to someone running a multiuser system.
Cheers,
David.