ANNOUNCE: LSD mount utilities.

ANNOUNCE: LSD mount utilities.

[ls-ocaml-developer-2006]

The LSD mount utilities are written in OCaml, so I hope the
announcement is not OT here.

Don't hesitate either to flame me or ask questions if I'm OT or the
utilities don't work as advertised.

Since those need to be SUID programs help in reviewing them or
discussion of security aspects would be appreciated.

Regards, Markus


         _oOo_


About
-----

The LSD mount utilities allow to automate mounting of encrypted
filesystems in linux with cryptsetup and loopback devices and enable
users (not only root) to mount encrypted filesystems when appropriate
entries to /etc/fstab have been added by root.

The LSD mount utilities are licensed/distributed under the the terms
of the GPL Version 2 (no later version). We'll usually be happy though
to relicense under other OS licenses, but you have to ask and get the
licensing change from us in writing.

The LSD mount utilities can be downloaded from

http://software.m-e-leypold.de/lsd-mount-utilities.


What does it do? How does it work?
----------------------------------

In Linux /sbin/mount calls /sbin/mount.$FSTYPE and /sbin/umount calls
/sbin/umount.$FSTYPE if those programs exist. This leads to the
observation, that the filesystem types either in /etc/fstab or passed
to mount with -t rather more characterize a mounting mechanism than a
file system type.

With the LSD mount utilities this mechanism is used to delegate
mounting of encrypted loopback devices to mount.lcrypt which automates
the steps necessary to set up those devices (like: modprobe, losetup,
cryptsetup).

mount.lcrypt on the other side should know the filesystem of the
decrypted device from a mount option. (This does not work yet,
presently all lcrypt devices have the decrypted filesystem type ext2).


Mounting directly
-----------------

Pass '-t lcrypt' to mount:

 mount -t lcrypt /data/encrypted-image /mnt 

You'll be asked for the passphrase.

With fstab / allow user mounting
---------------------------------

Use lcrypt as filesystem type. Use the option 'user', if non
privileged users should be able to mount the device:

 /data/encrypted-image /secret-mnt lcrypt  rw,noauto,user,exec 0 0 

Any user can now use

 mount /data/encrypted-image 

and is then asked for the passphrase.

ANNOUNCE: LSD mount utilities, version 1.3

[ls-ocaml-developer-2006]

    Release 1.3 of LSD mount utilities with mkfs, fsck and LUKS support
    ___________________________________________________________________
    
    A new version (1.3) of the LSD mount utilities has been released.
    
      - LUKS support has been tested (by Alexander Ulrich) and seems to be OK.
    
      - Basic versions of mkfs.lcrypt and fsck.lcrypt have been added:
        You can now use mkfs to create a file system on your encrypted
        device and fsck to check your file system.
     
      - The file USAGE (see below) is intended to be the beginning of
        a user manual.
    
    LSD mount utilities are written in OCaml.
    
    Regards -- M E Leypold, 16 Feb 2007.
    
    


*   About
    =====

    The LSD mount utilities assist in setting up (creating) and
    mounting of encrypted loopback file systems in Linux 2.4 and 2.6.

    They also enable users (not only root) to mount encrypted
    file systems if appropriate entries have been added to /etc/fstab.

    The LSD mount utilities are licensed/distributed under the the
    terms of the GPL Version 2 (no later version). We'll usually be
    happy though to relicense under other OS licenses, but you have to
    ask and get the licensing change from us in writing.

    The LSD mount utilities are available from
    http://software.m-e-leypold.de. Read the README file from the
    distribution before using the software!
    

*   How to get more information and help
    ====================================

    Information on recent development and plans and updated
    documentation will be posted at

      http://www.etc-network.de/blog/mel/projects/lsd-mount-utilities

    If you need help, have questions concerning the LSD mount
    utilities or have suggestions for further implementation you can
    write the developer at

       development-2006-8ecbb5cc8a-REMOVE-THIS@AND-THAT-m-e-leypold.de.

    I don't guarantee support, but will usually do my best to help.


    
*   How to use (excerpt from USAGE)
    ===============================
    
    PLEASE DO READ the file USAGE in the distribution. The following
    excerpt is only intended to give you a basic idea how things work
    with LSD mount utilities (i.e. that the hide all losetup and
    cryptsetup stuff from the user).
    
    
**  Creating an encrypted file system
    ---------------------------------

    Before you can make an encrypted file system you need to create an
    image file and preferably fill it with random noise:

      dd if=/dev/urandom of=/secret/image

    Given an image files a encrypted file systems can be initialized
    with plain mkfs:

      mkfs -t lcrypt /secret/image 10000

    The 'blocks' number is optional (you usually can leave it
    out). You'll be asked for the passphrase twice.


**  Checking an encrypted file system
    ---------------------------------

    An encrypted file system can be checked passing '-t lcrypt' to fsck.
 
      fsck -t lcrypt /secret/image

    You will, of course be asked for the passphrase.

    If there is an entry in /etc/fstab (see the next sections) which
    already gives the type of /secret/image as lcrypt, the '-t lcrypt'
    might be omitted:

      fsck /secret/image


**  Mounting an encrypted file system
    ----------------------------------

    To mount an encrypted file system you can pass '-t lcrypt' to
    mount:

      mount -t lcrypt /data/encrypted-image /mnt 

    You'll be asked for the passphrase.

    If there is an entry in /etc/fstab (see the next sections) which
    already gives the type of /secret/image as lcrypt, the '-t lcrypt'
    and the mount point might be omitted.

      mount /data/encrypted-image


**  Setting up encrypted file systems in /etc/fstab
    -----------------------------------------------

    Use lcrypt as file system type. Use the option 'user', if
    non-privileged users should be able to mount the device:

      /etc/fstab:
      |
      ...
      |
      | /data/encrypted-image /secret-mnt lcrypt  rw,noauto,user,exec 0 0
      |

    
**  Loclean: Clean up loopback devices
    ----------------------------------
    
    Loclean can only be used by root:

      loclean

    and will try to remove all associations with files from loopback
    devices (/dev/loop*) that are not currently in use.


    

ANNOUNCE: LSD mount utilities, version 1.4

[ls-ocaml-developer-2006]

Release 1.4 of LSD mount utilities (minor enhancements)

   A new version (1.4) of the LSD mount utilities has been released
   (download here: http://software.m-e-leypold.de/lsd-mount-utilities).

   This release doesn't add new functionality. Instead parts of the
   code have been reorganized in (probably more reliable) reusable
   components.

   As a side effect

     - The installation footprint has been reduced by factor ~2.3
       (formerly separate programs have been gathered into a single
       one and switch on the name under which the program is
       installed).
    
     - The tool verbosity is greatly reduced (since we now suppress
       standard error for most of the probing with external tools). To
       get a partial trace of the things happening internally
       (e.g. which external programs are invoked) you can now set the
       environment variable lsd_lama_trace=verbose.

   A more detailed description of the utilities can be found at
   www.etc-network.de/blog/mel/projects/lsd-mount-utilities/about.html.

   Please read the complete README (and specfically the disclaimer)
   before installing or using the software).

Regards -- Markus