yazi-rs
mount.yazi: Feature request: prompt for encryption password for locked drives
yazi --debug output
N/A
Please describe the problem you're trying to solve
When an encrypted drive is available, mount manager shows e.g.:
Src: /dev/sdb FSType: crypto_LUK
At this point it is not mountable.
Would you be willing to contribute this feature?
- [ ] Yes, I'll give it a shot
Describe the solution you'd like
If mount.yazi detects that is encrypted (e.g. LUKS-encrypted drive), it should prompt for password/keyfile to unlock the device first.
Additional context
No response
Checklist
- [x] I have searched the existing issues/discussions
How to prompt the user for password/keyfile? Does udisksctl have such an
option?
I don't have such a device to test, are you able to raise a PR please?
On Wed, Feb 26, 2025 at 1:38 AM rieje @.***> wrote:
yazi --debug output
N/A
Please describe the problem you're trying to solve
When an encrypted drive is available, mount manager shows e.g.:
Src: /dev/sdb FSType: crypto_LUK
At this point it is not mountable. Would you be willing to contribute this feature?
- Yes, I'll give it a shot
Describe the solution you'd like
If mount.yazi detects that is encrypted (e.g. LUKS-encrypted drive), it should prompt for password/keyfile to unlock the device first. Additional context
No response Checklist
- I have searched the existing issues/discussions
— Reply to this email directly, view it on GitHub https://github.com/yazi-rs/plugins/issues/74, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWFIBSFGFUOIQDPXYQ2O32RSTALAVCNFSM6AAAAABX3HVENCVHI2DSMVQWIX3LMV43ASLTON2WKOZSHA3TSMJSHE3DQNA . You are receiving this because you are subscribed to this thread.Message ID: @.***> [image: rieje]rieje created an issue (yazi-rs/plugins#74) https://github.com/yazi-rs/plugins/issues/74 yazi --debug output
N/A
Please describe the problem you're trying to solve
When an encrypted drive is available, mount manager shows e.g.:
Src: /dev/sdb FSType: crypto_LUK
At this point it is not mountable. Would you be willing to contribute this feature?
- Yes, I'll give it a shot
Describe the solution you'd like
If mount.yazi detects that is encrypted (e.g. LUKS-encrypted drive), it should prompt for password/keyfile to unlock the device first. Additional context
No response Checklist
- I have searched the existing issues/discussions
— Reply to this email directly, view it on GitHub https://github.com/yazi-rs/plugins/issues/74, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWFIBSFGFUOIQDPXYQ2O32RSTALAVCNFSM6AAAAABX3HVENCVHI2DSMVQWIX3LMV43ASLTON2WKOZSHA3TSMJSHE3DQNA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Unlock, prompts for passphrase. On success:
$ udisksctl unlock -b /dev/sdb1
Passphrase:
Unlocked /dev/sdb1 as /dev/dm-2.
On fail:
Error unlocking /dev/sdb1: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error unlocking /dev/sdb1: Failed to activate device: Incorrect passphrase.
Then mount:
$ udisksctl mount -b /dev/dm-2
Mounted /dev/dm-2 at /media/my-drive
I'm not a programmer :(
Is there a way to make such a device for testing?
On Wed, Feb 26, 2025 at 7:21 AM rieje @.***> wrote:
Unlock, prompts for passphrase. Output of successful passphrase:
$ udisksctl unlock -b /dev/sdc1 Passphrase: Unlocked /dev/sdc1 as /dev/dm-2.
Mount:
$ udisksctl mount -b /dev/dm-2 Mounted /dev/dm-2 at /media/my-drive
Output of failed unlock:
Error unlocking /dev/sdc1: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error unlocking /dev/sdc1: Failed to activate device: Incorrect passphrase.
I'm not a programmer :(
— Reply to this email directly, view it on GitHub https://github.com/yazi-rs/plugins/issues/74#issuecomment-2683511423, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWFIALSVIGQSTYIAM45LL2RT3HVAVCNFSM6AAAAABX3HVENCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMOBTGUYTCNBSGM . You are receiving this because you commented.Message ID: @.***> [image: rieje]rieje left a comment (yazi-rs/plugins#74) https://github.com/yazi-rs/plugins/issues/74#issuecomment-2683511423
Unlock, prompts for passphrase. Output of successful passphrase:
$ udisksctl unlock -b /dev/sdc1 Passphrase: Unlocked /dev/sdc1 as /dev/dm-2.
Mount:
$ udisksctl mount -b /dev/dm-2 Mounted /dev/dm-2 at /media/my-drive
Output of failed unlock:
Error unlocking /dev/sdc1: GDBus.Error:org.freedesktop.UDisks2.Error.Failed: Error unlocking /dev/sdc1: Failed to activate device: Incorrect passphrase.
I'm not a programmer :(
— Reply to this email directly, view it on GitHub https://github.com/yazi-rs/plugins/issues/74#issuecomment-2683511423, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFWFIALSVIGQSTYIAM45LL2RT3HVAVCNFSM6AAAAABX3HVENCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMOBTGUYTCNBSGM . You are receiving this because you commented.Message ID: @.***>
On Linux:
Encrypt formatted partition with passphrase:
$ sudo cryptsetup luksFormat --type luks2 --verify-passphrase </dev/sdc1>
Encrypt formatted partition with keyfile:
# Create keyfile
$ sudo dd bs=512 count=4 if=/dev/random of=/path/to/keyfile iflag=fullblock
# Encrypt parition with keyfile
$ sudo cryptsetup luksFormat --type luks2 --key-file /path/to/keyfile </dev/sdc1>
To decrypt the partition manually:
$ sudo cryptsetup open [--key-file /path/to/keyfile] </dev/sdc1> /dev/mapper/crypt_sdc1
udiskie is a popular front-end to udisks2 providing drive management via system tray with auto-mount (when drive is detected, auto-prompting for password//keyfile if necessary for encrypted devices) and supports custom mount options on a per-drive basis (just throwing some ideas on how I imagine mount.yazi can replace it).
Here was my attempt to decrypt and mount one of my encrypted drives. I actually managed to do it with the last command. Hope this sheds some light on the process I had to go through.
z>:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 953.9G 0 disk
├─sda1 8:1 0 498M 0 part
├─sda2 8:2 0 949.4G 0 part
│ └─luks-42737dcf-8670-4053-9f2e-6dbfdea2377e 252:3 0 949.4G 0 crypt
└─sda3 8:3 0 4G 0 part
sdb 8:16 0 931.5G 0 disk
└─sdb1 8:17 0 931.5G 0 part
sdc 8:32 0 465.8G 0 disk
└─sdc1 8:33 0 465.8G 0 part
sr0 11:0 1 1024M 0 rom
zram0 251:0 0 16G 0 disk [SWAP]
nvme0n1 259:0 0 1.8T 0 disk
├─nvme0n1p1 259:1 0 1022M 0 part /boot
├─nvme0n1p2 259:2 0 1.8T 0 part
│ └─cryptdata 252:0 0 1.8T 0 crypt
│ └─data-root 252:1 0 1.8T 0 lvm /
└─nvme0n1p3 259:3 0 4G 0 part
└─cryptswap 252:2 0 4G 0 crypt [SWAP]
z>:~$ sudo cryptsetup luksOpen /dev/sda2 my_encrypt
[sudo] password for andriylx:
Enter passphrase for /dev/sda2:
Cannot use device /dev/sda2 which is in use (already mapped or mounted).
z>:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 953.9G 0 disk
├─sda1 8:1 0 498M 0 part
├─sda2 8:2 0 949.4G 0 part
│ └─luks-42737dcf-8670-4053-9f2e-6dbfdea2377e 252:3 0 949.4G 0 crypt
└─sda3 8:3 0 4G 0 part
sdb 8:16 0 931.5G 0 disk
└─sdb1 8:17 0 931.5G 0 part
sdc 8:32 0 465.8G 0 disk
└─sdc1 8:33 0 465.8G 0 part
sr0 11:0 1 1024M 0 rom
zram0 251:0 0 16G 0 disk [SWAP]
nvme0n1 259:0 0 1.8T 0 disk
├─nvme0n1p1 259:1 0 1022M 0 part /boot
├─nvme0n1p2 259:2 0 1.8T 0 part
│ └─cryptdata 252:0 0 1.8T 0 crypt
│ └─data-root 252:1 0 1.8T 0 lvm /
└─nvme0n1p3 259:3 0 4G 0 part
└─cryptswap 252:2 0 4G 0 crypt [SWAP]
z>:~$ \ls /dev/mapper
control cryptdata cryptswap data-root luks-42737dcf-8670-4053-9f2e-6dbfdea2377e
z>:~$ sudo mount /dev/mapper/luks-42737dcf-8670-4053-9f2e-6dbfdea2377e /mnt
mount: /mnt: unknown filesystem type 'LVM2_member'.
dmesg(1) may have more information after failed mount system call.
z>:~$ sudo vgscan
WARNING: VG name data is used by VGs ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8 and JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m.
Fix duplicate VG names with vgrename uuid, a device filter, or system IDs.
Found volume group "data" using metadata type lvm2
Found volume group "data" using metadata type lvm2
z>:~$ sudo vgchange -ay
WARNING: VG name data is used by VGs ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8 and JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m.
Fix duplicate VG names with vgrename uuid, a device filter, or system IDs.
WARNING: activating multiple VGs with the same name is dangerous and may fail.
device-mapper: create ioctl on data-root LVM-ATgQtbPOUcTBFTIS0U3GTGyufXLwXHg88QPTVqc7qiwQY131kN17YHvOh5c2Bkg0 failed: Device or resource busy
0 logical volume(s) in volume group "data" now active
WARNING: activating multiple VGs with the same name is dangerous and may fail.
1 logical volume(s) in volume group "data" now active
z>:~$ sudo vgs -o +vg_uuid
WARNING: VG name data is used by VGs ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8 and JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m.
Fix duplicate VG names with vgrename uuid, a device filter, or system IDs.
VG #PV #LV #SN Attr VSize VFree VG UUID
data 1 1 0 wz--n- <949.36g 0 ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8
data 1 1 0 wz--n- 1.81t 0 JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m
z>:~$ sudo vgrename ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8 pop-ssd
WARNING: VG name data is used by VGs ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8 and JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m.
Fix duplicate VG names with vgrename uuid, a device filter, or system IDs.
Processing VG data because of matching UUID ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8
Volume group "ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8" successfully renamed to "pop-ssd"
z>:~$ sudo vgs -o +vg_uuid
VG #PV #LV #SN Attr VSize VFree VG UUID
data 1 1 0 wz--n- 1.81t 0 JbMEMG-TJG3-gj7Y-G4Fb-fHun-nZyd-ULYQ1m
pop-ssd 1 1 0 wz--n- <949.36g 0 ATgQtb-POUc-TBFT-IS0U-3GTG-yufX-LwXHg8
z>:~$ sudo mount /dev/mapper/luks-42737dcf-8670-4053-9f2e-6dbfdea2377e /mnt
mount: /mnt: unknown filesystem type 'LVM2_member'.
dmesg(1) may have more information after failed mount system call.
z>:~$ sudo lvscan
inactive '/dev/pop-ssd/root' [<949.36 GiB] inherit
ACTIVE '/dev/data/root' [1.81 TiB] inherit
z>:~$ sudo lvchange -ay pop-ssd
z>:~$ sudo lvscan
ACTIVE '/dev/pop-ssd/root' [<949.36 GiB] inherit
ACTIVE '/dev/data/root' [1.81 TiB] inherit
z>:~$ sudo mount /dev/mapper/pop-ssd /mnt
mount: /mnt: special device /dev/mapper/pop-ssd does not exist.
dmesg(1) may have more information after failed mount system call.
z>:~$ sudo mount /dev/mapper/pop--ssd-root /mnt
