24
qr-code

Mandriva Linux, encrypted partitions

I have recently upgraded my main home system from Mandrake Linux 10.1 Official to Mandriva Linux 2006.0 (Official). There have been some issues with this and the first that I have solved is as follows:

I used the drakloop facility in the older version to create an encrypted partition in my home directory. Whenever I logged onto the system using KDM, I was prompted for my passphrase in order to allow the partition to be mounted. However, after I upgraded the system, there was no attempt to mount the partition whenever I logged in.

I can't remember how I discovered how to create the file system in the first place, but some looking around with Google showed up that the utility drakloop as provided by the distro was what I used. I now have a vague memory of seeing a menu item or a button and thinking "That would be nice…"

Calling drakloop presented me with the information on my partition, and provided me with an interface to mount it. However, whenever I did, providing the correct passphrase, the following appeared on the terminal from which I called drakloop:

file=/home/eibhear//home/eibhear/special
/encfile eol
/home/eibhear//home/eibhear/special
/encfile: No such file or directory
Broken pipe

I looked around on the system itself to see if there was any configuration file for this, and there was. It's ${HOME}/.mountlooprc and contained the following:

$ cat .mountlooprc
aes256 /home/eibhear/special/encfile /home/eibhear/special

It appears that this file is saying that the existing file /home/eibhear/special/encfile is a loopback partition to be mounted on /home/eibhear/special and is encrypted using AES256. I knew this to be what I expected, so I wondered why it didn't work. I created a backup of the file encfile, and used drakloop to create a new partition. After having done so, ${HOME}/.mountlooprc was changed as follows:

$ cat .mountlooprc
aes256 /home/eibhear/special/encfile /home/eibhear/special
aes256 /home/eibhear/special1/encfile /home/eibhear/special1 yes

Which is slightly different. There is the "yes" at the end of the new line, which signifies that the partition is to be mounted at "On boot" (in reality, it's when I log in using the display manager interface, kdm). However, the real problem was not the "yes". It's that the new encrypted file to be mounted was created in /home/eibhear//home/eibhear/special1/. This is why the mounting failed. The older version of drakloop interpreted the file specifications as absolute paths, but the newer version believed them to be relative. Relative to what, I don't know. At a guess I'd say it's relative to the ${HOME} directory of the user running drakloop, but I am open to correction. Therefore, I changed ${HOME}/.mountlooprc to look like this:

$ cat .mountlooprc
aes256 special/encfile special yes
aes256 /home/eibhear/special1/encfile /home/eibhear/special1 yes

And drakloop was able to mount the encrypted partition. I used drakloop to remove the second partition (i.e. on /home/eibhear//home/eibhear/special1/) to tidy up. After I logged out and back in again, I was prompted for the passphrase to mount the partition, and once I was fully logged in, I could see my secret data.

Éibhear