Bugzilla – Bug 7448
installation of crypto file system
Last modified: 2008-10-06 19:28:52 UTC
It would be fine if install iso allows users to create crypto file systems, crypto root or crypto home, maybe crypto swap. 2.6 kernels provides all we need: device-mapper, dm-crypt and cryptoapi. User space library device-mapper and cryptsetup are in grimoire.
Great, new iso "smgl-0.9.4-i486-2.6.9-nptl-test2" provides device-mapper and module dm-crypt. We need cryptsetup (it depends on libgcrypt).
smgl-0.9.4-i486-2.6.9-nptl-test2 dmsetup (from device-mapper) needs /dev/mapper/control file. I had to create it by hand (modprobe dm-mod; mkdir /dev/mapper; cd /dev/mapper; mknod /control c 10 63). When I tried RAID, the file /dev/evms/dm/control was created (the same major and minor number). It would be fine if we had some crypto menu for example "Configuration of dm-crypt (optionally)" to define which partitions should be encrypted. Of course before "Mount filesystems". In "Mount filesystems" user could choose for example /dev/mapper/dm-crypt-hda5 (/dev/mapper/whatever) instead of hda5. The relation between that name and hda5 should be defined in some config file, for example /etc/dm-crypt. Some distros use /etc/crypttab http://www.saout.de/tikiwiki/tiki-index.php?page=HOWTO or http://www.ubuntulinux.org/wiki/EncryptedFilesystemHowto Of course we have to modify our init scripts. If for example /etc/sysconfig/dm-crypt exists we run script which read /etc/dm-crypt and asked user for password etc. That relation could be defined directly in /etc/sysconfig/..
just updated udev.rules (test grimoire) the file /dev/mapper/control is created now
I'm not entirely sure if we should even try to get this into 1.0... would sure be nice, shall we just see if we end up having the time? Maybe during the fixing/rewriting of the RAID stuff this can be worked on too.
Keep this bug around. When everything else is working ok without bugs, we'll know we can begin to work on the menu (everything else should be added with higher priority, but I'm not worried about the interface of adding it, so long as the rudiments are there). Of course, lace could hack the menu to add it in and if the work's already done by him, we could throw it in the mix.
Marking as enhancement, because that's what it is :) I like this idea, because it'd be cool. But that's what it is, an nifty feature; not strictly necessary for anything. Also setting it for post-1.0 because it's not required to make a stable ISO. If, however, such work is completed and can be integrated relatively painlessly, I'm for putting it in. It'd be a neat thing to play with :)
We'll get to it LATER :) --
this is not resolved yet, just filed for post-1.0 --