LUKS disk encryption plugin

  • What is the workaround to get this plugin installed prior to the release of OMV v2.1.19?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • git clone it and adjust the control file for version of OMV required. Then build your own package.


    Line from control file
    Depends: openmediavault (>= 2.1.19)


    If you don't understand this you should wait.

    • Offizieller Beitrag

    wget http://omv-extras.org/debian/pool/main/o/openmediavault-luksencryption/openmediavault-luksencryption_1.1.0_all.deb
    dpkg --force-all -i openmediavault-luksencryption_1.1.0_all.deb

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • wget http://omv-extras.org/debian/pool/main/o/openmediavault-luksencryption/openmediavault-luksencryption_1.1.0_all.deb
    dpkg --force-all -i openmediavault-luksencryption_1.1.0_all.deb


    Cool, and thanks.


    So the bit "openmediavault-luksencryption depends on cryptsetup (>= 1.4); however:
    Package cryptsetup is not installed." can be safely ignored?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    That will ignore control file? and force it to install?


    I didn't try it but it should. Otherwise, I will just change the depends since it does work with 2.18 even though there is a visual issue.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • OK, I used the suggested method to force the install, but when I attempt to use +Create there are no Devices in the dropdown list. I did add a new hard disk before trying this and it is seen in Physical Disks.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Does cryptsetup need to be entered differently in the control file??? 2:1-4


    Code
    apt-cache policy cryptsetup
    cryptsetup:
      Installed: (none)
      Candidate: 2:1.4.3-4
      Version table:
         2:1.6.4-4~bpo70+1 0
            100 http://ftp.debian.org/debian/ wheezy-backports/main amd64 Packages
            100 http://http.debian.net/debian/ wheezy-backports/main amd64 Packages
         2:1.4.3-4 0
            995 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
  • @ryecoaaron's method is best, manually force the deb to install with dpkg. As observed, this doesn't bring in dependencies, so then you'll to manually install the crypt utilities with apt-get install cryptsetup cryptsetup-bin ( gderf this should fix your issues).
    apt-get -f install will not work because it will attempt to remove openmedia-luksencryption (until OMV 2.1.19 is out).


    @tekkb not sure if the control file deps is written properly or not. It does however, work i.e. bring in all the right crypt stuff, when installing the plugin (for older versions that didn't have the 2.1.19 req that is). I actually probably don't need the min v1.4 dep, but I put that on because I hadn't tested with older cryptsetup and 1.4 is what is in wheezy anyway.


    Hopefully OMV 2.1.19 will be released soon anyway, it's only a small patch.

    • Offizieller Beitrag

    When I wrote the instructions, I was assuming people were upgrading the plugin and already had cryptsetup installed :)


    Your control file is fine. As far as the cryptsetup version, if the version in the normal wheezy repo is acceptable, I wouldn't put a version on it but it doesn't hurt anything.

    omv 7.0-32 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.9 | compose 7.0.9 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Edit: Nevermind. I was trying with a disk that had a filesystem on it. When I removed the partition, the plugin was able to detect the now empty disk.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Ah yes, much like the rest of OMV, if you want to work with encrypted partitions you have to create them yourself via the command line or some other means.
    Having said that, even then it's not straightforward at the moment with the encryption plugin, encrypted partitions will show up in the interface, but unlocking doesn't work, I haven't tried the key stuff on a partition, but might also be problems.
    I do plan to look into this so that existing partitions are better supported, but it will remain largely a 'you're on your own' situation to some extent.
    Moreover, partitions on top of encrypted devices will never be supported - I highly advise against this method.

  • I see that the plugin is now up to v1.3.2.


    Would it be possible to change the control file so that it can be installed into OMV 2.1.18 and kept current via the OMV GUI, now instead of waiting for OMV 2.1.19?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Perhaps I was a bit hasty, I thought 2.1.19 would be out quickly, given that 2.1.18 came out quickly when I submitted a patch for that.
    If 2.1.19 is not out by the time I next release a version, I will downgrade the dependency to 2.1.18 again.
    I appreciate it's inconvenient, but to be fair the plugin is still in testing/development.

  • I am finding the plugin very useful, thanks for this.


    When I unlock a disk, it mounts automatically, neat!


    I have some aufs br: mountpoints in my fstab and these are mounted automatically at boot.


    But one of these aufs br: mountpoints, a new one, is inside the encrypted disk. To make it accessible after unlocking the encrypted disk, I run 'mount -a' from the shell. Is there some way this could be incorporated into the plugin, ie via a button, or if not otherwise harmful, just run 'mount -a' after unlocking and mounting an encrypted disk? Or is there some other method that would not require any user interaction?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • I don't know anything about aufs br - is it radically different from other filesystems? It's an overlay thing of some type, right?
    I don't think causing the plugin to run 'mount -a' is a good idea, as this causes the system to mount all filesystems in /etc/fstab - a user might have unmounted a particular filesystem on purpose and this would cause it to remount, which would be an unexpected side effect (i.e. violates the principle of 'least surprises' - or at least, the bad ones!).
    The plugin will mount a filesystem inside an encrypted container when unlocking if the filesystem is 'known' to OMV, that is, it is found in the /etc/openmediavault/config.xml file. The most likely way that this can occur is if you have clicked the 'Mount' button on the Filesystem panel in the WebGUI, this causes it to be written to the config file and also /etc/fstab, along with setting up the requisite mountpoint directory.
    So this would seem to suggest your aufs filesystem is not mounted in this way - is this so?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!