for a couple of months now i’ve been running my notebook from an encrypted filesystem (which works really well, i’ve to say). my external backup disk has, of course, also been converted to an encrypted filesystem.

what has been annoying me, though, is that everytime i plug the USB disk in, kubuntu comes along pops up a dialog box asking me for the password to decrypt the partition — well, let me rephrase: i think that’s a splendid idea for stuff that i do not regularly mount. for my backup disk, i’d much prefer to have my system do this automatically. a quick search turned up that /etc/crypttab might be the way to go here: add the partition and the key file, which should be reasonably secure since the filesystem hosting the key file is itself encrypted, and off we go…

…well, not really. kubuntu doesn’t consult /etc/crypttab :-( after some further research i came across a bug report on launchpad that contained the necessary ingredients:

1. fix the bug in /lib/cryptsetup/cryptdisks.functions and change:

   if [ "${stdin#/dev/null}" != "$stdin" ] && [ "$ON_VT" != "yes" ]; then
       exec env ON_VT=yes /usr/bin/openvt -f -c `fgconsole` -w $0 "$@"
   fi
   

   to

   if [ "${stdin#/dev/null}" != "$stdin" ] && [ "$ON_VT" != "yes" ]; then
       exec /usr/bin/env ON_VT=yes /usr/bin/openvt -f -c `fgconsole` -w $0 "$@"
   fi
   

2. add a new udev rule /etc/udev/rules.d/50-nick.rules with the following content:

   KERNEL=="sd?1", ATTRS{serial}=="L608130H", NAME="$kernel", \
       SYMLINK+="maxtor_backup", RUN+="/usr/sbin/invoke-rc.d cryptdisks restart"
   

3. create a key file — for example, /etc/keys/backupdisk — with a password of your choice.

4. add the key to your disk:

   cryptsetup luksAddKey /dev/DISK /etc/keys/backupdisk
   

5. add the device to your /etc/crypttab file:

   luks_crypto_7123c970... /dev/disk/by-uuid/YYY...  /etc/keys/backupdisk luks
   

done.