I Enjoy Creating Videos Posted November 26, 2020 Share Posted November 26, 2020 Thank you very much beckp! For sharing the post I checked it out and got it to work now Happy Thanksgiving! ...JP Quote Link to comment
Namru Posted February 8, 2021 Share Posted February 8, 2021 Hi, thanks for all the good information about this topic. Currently I try to use it with the "next" Unraid 6.9.0-rc2 release. Its not working for me, therefore I wanted to ask if anyone has already tried this. Maybe the problem is about the event folder: ls -la /usr/local/emhttp/webGui/event/ drwxr-xr-x 2 root root 60 Aug 31 2018 array_started/ drwxr-xr-x 2 root root 60 Mar 2 2019 disks_mounted/ drwxrwxrwx 2 root root 60 Jan 27 23:42 started/ drwxrwxrwx 2 root root 60 Jan 27 23:42 starting/ drwxrwxrwx 2 root root 60 Jan 27 23:42 stopped/ drwxr-xr-x 2 root root 60 Aug 31 2018 stopping_array/ drwxr-xr-x 2 root root 60 Mar 2 2019 unmounting_disks/ Are the folder / event names changed to the new names: array_started, disks_mounted, stopping_array and unmounting_disks? started, starting and stopped just containing the delete_key and fetch_key scripts I've copied to this location. Thanks in advance Namru Quote Link to comment
itimpi Posted February 8, 2021 Share Posted February 8, 2021 Those are all standard Unraid events and have not changed in a long time. I would not suggest you change them as that could have unforeseen side-effects - you should be able to what you want via the ‘go’ file I think Quote Link to comment
Namru Posted February 8, 2021 Share Posted February 8, 2021 ok thank you, now I was able to found my problem. I had to add chmod u+x to the delete_key and fetch_key scripts within my go file. The /boot is a vfat formated stick so it doesn't understand these rights. So now its working Quote Link to comment
Data Bytes Posted February 14, 2021 Share Posted February 14, 2021 I'm also another Bitlocker transplant looking for a similar solution or even an auto-decrypt with a stored key. I'm not trying to keep out the NSA or hackers (a $5 wrench would beat the password out of a determined attacker anyway). I just don't want my files to be recoverable if a drive fails and I need to dispose of it. Quote Link to comment
Danuel Posted April 26, 2021 Share Posted April 26, 2021 (edited) did anyone try to use this with a cloud service ? and can you change the passphrase or in order to change you have to format HDD again ? Edited April 26, 2021 by Danuel Quote Link to comment
iptvcld Posted August 7, 2021 Share Posted August 7, 2021 (edited) On 7/13/2019 at 3:14 PM, beckp said: I thought I'd share how you can enhanced the go file by reducing the six lines to a single command and it's not by using another script. You can create a tar ball that contains the fetch_key and delete_key scripts. The go file calls the tar command. The tar ball files are extracted and event directories are created. You MUST have a fully functioning auto-start that unlocks using the event directories. This works with FTP or SMB fetch_key scripts. If you have changed the script names (fetch_key, delete_key) or changed the path where you store the scripts (/boot/custom/bin/), you will need to use your alternative names in the following procedure. 1) Create a tar ball call "events" from the existing files in the event directories. At the terminal prompt enter the following: tar -czf /boot/custom/bin/events -C /usr/local/ emhttp/webGui/event/starting/fetch_key emhttp/webGui/event/started/delete_key emhttp/webGui/event/stopped/fetch_key 2) Update the go file. Comment out the existing lines in order to test. From:- # auto unlock array mkdir -p /usr/local/emhttp/webGui/event/starting mkdir -p /usr/local/emhttp/webGui/event/started mkdir -p /usr/local/emhttp/webGui/event/stopped cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting cp -f /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped To: # auto unlock array # mkdir -p /usr/local/emhttp/webGui/event/starting # mkdir -p /usr/local/emhttp/webGui/event/started # mkdir -p /usr/local/emhttp/webGui/event/stopped # cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting # cp -f /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started # cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped tar -xzf /boot/custom/bin/events -C /usr/local/ 3) Once you're confident that everything works, rebooting IS necessary. You can clean up by deleting the event scripts (fetch_key, delete_key). Your files are now stored in the "event" tar ball. And, updating the go file by removing the commented lines and any references to "unlock". # auto start array tar -xzf /boot/custom/bin/events -C /usr/local/ I hope some of you may find this interesting. Hello; thank you for taking the time to make this guide.. I am having some issues trying to make this work on unRaid version 6.9.2. I have my fetch_key as per below: #!/bin/bash if [[ ! -e /root/keyfile ]]; then mkdir -p /unlock mount -t cifs -o user=user,password='password',iocharset=utf8 //IP/share /unlock cp -f /unlock/keyfile /root/keyfile umount /unlock rm -r /unlock fi -- If i run each line in the shell it works and i can see the keyfile drop into /root. I had this in my go before: #!/bin/bash # Auto Unlock Array mkdir -p /usr/local/emhttp/webGui/event/starting mkdir -p /usr/local/emhttp/webGui/event/started mkdir -p /usr/local/emhttp/webGui/event/stopped cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting cp -f /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped # Start the Management Utility /usr/local/sbin/emhttp & and then i ran your first tar command and then updated my go to this #!/bin/bash # Auto Unlock Array tar -xzf /boot/custom/bin/events -C /usr/local/ # Start the Management Utility /usr/local/sbin/emhttp & but the array still does not auto start and i dont see the keyfile under /root Any tips would be greatly appreciated please Edited August 8, 2021 by iptvcld Quote Link to comment
itimpi Posted August 7, 2021 Share Posted August 7, 2021 I would think the ‘cp’ commands will need to be followed by a ‘chmod’ command to make the files ‘executable’? For security reasons files on the flash cannot be stored with the ‘executable’ bit set so you need to set this after copying them into their final positions. Quote Link to comment
iptvcld Posted August 8, 2021 Share Posted August 8, 2021 (edited) 6 hours ago, iptvcld said: Thank you for the reply. Ok so I need to run these 2 lines then run the tar command again? chmod a+x /usr/local/emhttpd/webGui/event/starting/fetch_key chmod a+x /usr/local/emhttpd/webGui/event/started/delete_key After I run the tar command, I would only have that one command in the Go file as showed in the earlier post. I will try this out Ok so i deleted the event file that was made under the /boot/custom/bin location and ran the below 2 commands chmod a+x /usr/local/emhttp/webGui/event/starting/fetch_key -rwx--x--x 1 root root 255 Aug 7 16:23 fetch_key* chmod a+x /usr/local/emhttp/webGui/event/started/delete_key -rwx--x--x 1 root root 34 Aug 7 16:23 delete_key* Even tried chmod 777 for both files chmod 777 /usr/local/emhttp/webGui/event/started/delete_key -rwxrwxrwx 1 root root 34 Aug 7 16:23 /usr/local/emhttp/webGui/event/started/delete_key* The 2 files permission look ok now and then i ran this tar -czf /boot/custom/bin/events -C /usr/local/ emhttp/webGui/event/starting/fetch_key emhttp/webGui/event/started/delete_key emhttp/webGui/event/stopped/fetch_key and updated my go with this #!/bin/bash # Auto Unlock Array tar -xzf /boot/custom/bin/events -C /usr/local/ # Start the Management Utility /usr/local/sbin/emhttp & Rebooted and still did not start, nor did the keyfile come across to /root/ - but if i ran the commans in the fetch file manual, the file comes down ok. Any other thoughts as to what i am doing wrong here? Aug 7 19:07:48 unRaid emhttpd: shcmd (21): udevadm settle Aug 7 19:07:49 unRaid emhttpd: Opening encrypted volumes... Aug 7 19:07:49 unRaid emhttpd: Missing encryption key UPDATE..... After hours and hours the issue was that my fetch_key file had spurious CR characters and to fix that I ran the following: sed -i -e 's/\r$//' /boot/custom/bin/fetch_key This got rid of the CR chars (i had used Notepad++) i guess i should have used vi.. Edited August 8, 2021 by iptvcld Quote Link to comment
Towley Posted February 2, 2022 Share Posted February 2, 2022 Hi, do you have any idea why it doesn´t work for me? fetch_key #!/bin/bash if [[ ! -e /root/keyfile ]]; then mkdir -p /unlock mount -t cifs -o user=tester,password='0987Tester',iocharset=utf8 //192.168.1.1/files /unlock cp -f /unlock/keyfile /root/keyfile umount /unlock rm -r /unlock fi go #!/bin/bash mkdir -p /usr/local/emhttp/webGui/event/starting mkdir -p /usr/local/emhttp/webGui/event/started mkdir -p /usr/local/emhttp/webGui/event/stopped cp -f /boot/config/fetch_key /usr/local/emhttp/webGui/event/starting cp -f /boot/config/delete_key /usr/local/emhttp/webGui/event/started cp -f /boot/config/fetch_key /usr/local/emhttp/webGui/event/stopped # Start the Management Utility /usr/local/sbin/emhttp & Is this correct? When I connect with Windows to the Share the File is under the ip\files Do I need to add the user and password differently? The keyfile is correct. Quote Link to comment
beckp Posted February 19, 2022 Share Posted February 19, 2022 (edited) Hi Towley, Before I answer your question, your go file needs three additional lines. Add the following lines after the copy "cp" lines. chmod a+x /usr/local/emhttp/webGui/event/tarting/fetch_key chmod a+x /usr/local/emhttp/webGui/event/started/delete_key chmod a+x /usr/local/emhttp/webGui/event/stopped/fetch_key As for your question, do I understand it correctly? In your fetch script you have the share as "files". If it's "ip" you need to change it. The copy line after the mount needs to be: cp -f /unlock/files/keyfile /root/keyfile Hope this helps. Edited February 19, 2022 by beckp typo Quote Link to comment
drtweak Posted February 27, 2022 Share Posted February 27, 2022 As a Windows/Bitlocker users looking to move to unraid, I'm on the same page as all of you who want auto unlock. My question is why hasn't unraid enabled TPM support yet for this? Also one thing I have done for clients who need Encryption on PC/Servers running windows 10 but don't have TPM support is to use a USB drive with the key file on it and run a 15ft USB extension to another location while plugged into the server/PC and that drive can even be in a locked or hidden location. If someone is really there to "Steal" your hardware they are just going to unplug everything and go. They aren't going to want to track every cable to check. So with that in mind how would one go on modifying the scrips above for that? Otherwise my next option might be to do a VM and do the above and passthrough the USB drive since it seems passing though the TPM is more of a hassle. Quote Link to comment
beckp Posted March 1, 2022 Share Posted March 1, 2022 Drtweak, Good alternative method! See the following link. https://forums.unraid.net/topic/61973-encryption-and-auto-start/?do=findComment&comment=916907 Quote Link to comment
ssean Posted May 17, 2022 Share Posted May 17, 2022 (edited) In case anyone is interested... I've been experimenting with using a Raspberry Pi on my local network to AutoStart an encrypted array. I have a Raspberry Pi 4, running Raspberry Pi OS with SSH enabled. I'm using the following command in my Go file: #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & curl --insecure -u user:password sftp://192.168.1.99/keyfile -o /root/keyfile Please let me know your thoughts. Thanks! Edited May 17, 2022 by ssean Quote Link to comment
Thorsten Posted May 18, 2022 Share Posted May 18, 2022 On 4/2/2018 at 3:01 PM, bonienl said: A small variation if you want the key to be not locally present on the system when operational, the key is only needed during startup of the array. In the go file the following is included before starting emhttp. # auto unlock array mkdir -p /usr/local/emhttp/webGui/event/starting mkdir -p /usr/local/emhttp/webGui/event/started mkdir -p /usr/local/emhttp/webGui/event/stopped cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting cp -f /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started cp -f /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped # start webGUI /usr/local/sbin/emhttp & The above makes use of the built-in event system of unRAID. These events are created: starting : this event is called before the array is started and is used to fetch the key from a remote source started : this event is called after the array is fully operational and is used to delete the key locally. stopped : this event is called after the array is stopped and is used to fetch the key again from a remote source The script "fetch_key" can be any method to obtain the key remotely, e.g. using a mount method or a FTP (wget) method as explained in the video of @gridrunner The script "delete_key" is a simple file to delete the key locally. fetch_key #!/bin/bash if [[ ! -e /root/keyfile ]]; then mkdir -p /unlock mount -t cifs -o user=name,password=password,iocharset=utf8 //192.168.1.99/index /unlock cp -f /unlock/somefile.png /root/keyfile umount /unlock rm -r /unlock fi delete_key #!/bin/bash rm -f /root/keyfile You can start and stop the array as usual, and the key will be automatically fetched each time, provided that the remote service is up and running. The files "fetch_key" and "delete_key" need to be stored on your flash device. I've created the folder /custom/bin to hold my custom scripts, but one is free to choose their own source folder, please update the lines in the go file accordingly. After updating to Unraid 6.10, the scripts no longer working. Were there any changes to the events (starting/stopped/started) ? Quote Link to comment
Danuel Posted May 18, 2022 Share Posted May 18, 2022 On 5/17/2022 at 7:59 PM, ssean said: In case anyone is interested... I've been experimenting with using a Raspberry Pi on my local network to AutoStart an encrypted array. I have a Raspberry Pi 4, running Raspberry Pi OS with SSH enabled. I'm using the following command in my Go file: #!/bin/bash # Start the Management Utility /usr/local/sbin/emhttp & curl --insecure -u user:password sftp://192.168.1.99/keyfile -o /root/keyfile Please let me know your thoughts. Thanks! what is the difference between that and this one ? wget --user=username --password=password' ftp://192.168.1.:21/keyfile -O /root/keyfile this is what i have in my Pi Nano Quote Link to comment
beckp Posted May 19, 2022 Share Posted May 19, 2022 5 hours ago, Danuel said: what is the difference between that and this one ? wget --user=username --password=password' ftp://192.168.1.:21/keyfile -O /root/keyfile this is what i have in my Pi Nano Use the one that gets the job done. Please see the following link. https://daniel.haxx.se/docs/curl-vs-wget.html Quote Link to comment
beckp Posted May 19, 2022 Share Posted May 19, 2022 20 hours ago, Thorsten said: After updating to Unraid 6.10, the scripts no longer working. Were there any changes to the events (starting/stopped/started) ? Although I have not upgraded to 6.10, I have not heard of any problems. What was your previous version? Starting with 6.8 the scripts (fetch_key & delete_key) stored on the flash drive do not have the executable attribute set for security reasons. When copied to the event folders they will not be executed since the attribute is not set. Update your go file to add three change modes (chmod) command lines after the three copy (cp) command lines. chmod a+x /usr/local/emhttp/webGui/event/starting/fetch_key chmod a+x /usr/local/emhttp/webGui/event/started/delete_key chmod a+x /usr/local/emhttp/webGui/event/stopped/fetch_key Hope this helps. Quote Link to comment
Thorsten Posted May 19, 2022 Share Posted May 19, 2022 3 hours ago, beckp said: Although I have not upgraded to 6.10, I have not heard of any problems. What was your previous version? Starting with 6.8 the scripts (fetch_key & delete_key) stored on the flash drive do not have the executable attribute set for security reasons. When copied to the event folders they will not be executed since the attribute is not set. Update your go file to add three change modes (chmod) command lines after the three copy (cp) command lines. chmod a+x /usr/local/emhttp/webGui/event/starting/fetch_key chmod a+x /usr/local/emhttp/webGui/event/started/delete_key chmod a+x /usr/local/emhttp/webGui/event/stopped/fetch_key Hope this helps. Thank you for your reply. What I have found out so far is that the scripts are in the right place. The permission is also correct. the script is not executed and therefore the keyfile is not downloaded. If I run the script manually it works. Under Unraid 6.9.2 this has always worked I don't changed anything since the upgrade to Unraid 6.10. Go File (In the file events are the scripts with the correct permission) Script fetch_key after booting Unraid (with correct permission) fetch_key script There is no keyfile after booting When I run the script manually it works. It also worked without problems under Unraid 6.9.2. Since Unraid 6.10 the script fetch_key is no longer executed. Regards Thorsten Quote Link to comment
beckp Posted May 19, 2022 Share Posted May 19, 2022 Thorsten, Hopefully someone will response who has upgraded. The reason I wait awhile. Quote Link to comment
bonienl Posted May 19, 2022 Author Share Posted May 19, 2022 It looks like we have some regression error in Unraid 6.10.0, please open a bug report. Quote Link to comment
Thorsten Posted May 20, 2022 Share Posted May 20, 2022 Hi, I created a bug report. I hope I have described the problem clearly. Please update the bug report if I have not described it clearly enough. Sorry for my English. https://forums.unraid.net/bug-reports/stable-releases/6100-scripts-at-boot-time-will-not-executed-eg-auto-start-encryption-r1920 Regards Thorsten Quote Link to comment
Vaggeto Posted May 27, 2022 Share Posted May 27, 2022 On 4/2/2018 at 8:01 AM, bonienl said: A small variation if you want the key to be not locally present on the system when operational, the key is only needed during startup of the array. In the go file the following is included before starting emhttp. # auto unlock array install -D /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/starting/fetch_key install -D /boot/custom/bin/delete_key /usr/local/emhttp/webGui/event/started/delete_key install -D /boot/custom/bin/fetch_key /usr/local/emhttp/webGui/event/stopped/fetch_key # start webGUI /usr/local/sbin/emhttp & The above makes use of the built-in event system of unRAID. These events are created: starting : this event is called before the array is started and is used to fetch the key from a remote source started : this event is called after the array is fully operational and is used to delete the key locally. stopped : this event is called after the array is stopped and is used to fetch the key again from a remote source The script "fetch_key" can be any method to obtain the key remotely, e.g. using a mount method or a FTP (wget) method as explained in the video of @gridrunner The script "delete_key" is a simple file to delete the key locally. fetch_key #!/bin/bash if [[ ! -e /root/keyfile ]]; then mkdir -p /unlock mount -t cifs -o user=name,password=password,iocharset=utf8 //192.168.1.99/index /unlock cp -f /unlock/somefile.png /root/keyfile umount /unlock rm -r /unlock fi delete_key #!/bin/bash rm -f /root/keyfile You can start and stop the array as usual, and the key will be automatically fetched each time, provided that the remote service is up and running. The files "fetch_key" and "delete_key" need to be stored on your flash device. I've created the folder /custom/bin to hold my custom scripts, but one is free to choose their own source folder, please update the lines in the go file accordingly. Has anyone had this process break once updating to 6.10 or other newer versions? I went from like 6.7 or 6.8 to 6.10. It just doesn't work now but did consistently . I'm not seeing any message in the console, but I could just be missing it. Quote Link to comment
beckp Posted May 27, 2022 Share Posted May 27, 2022 A bug report was created by Thorsten to address this. Quote Link to comment
xPliZit_xs Posted May 28, 2022 Share Posted May 28, 2022 It's fixed for me in 6.10.2 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.