Bug 7448 – installation of crypto file system

Bug 7448 - installation of crypto file system

Summary:

installation of crypto file system

Status:	REOPENED

Product:	Install
Classification:	Unclassified
Component:	Installer
Version:	devel
Platform:	Other other

Importance:	P2 enhancement
Assigned To:	Cauldron Team

URL:	http://www.saout.de/misc/dm-crypt/

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2004-10-01 11:17 UTC by Ladislav Hagara (lace)
Modified:	2008-10-06 19:28 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ladislav Hagara (lace) 2004-10-01 11:17:22 UTC

It would be fine if install iso allows users to create crypto file systems,
crypto root or crypto home, maybe crypto swap.
2.6 kernels provides all we need: device-mapper, dm-crypt and cryptoapi. 
User space library device-mapper and cryptsetup are in grimoire.

Comment 1 Ladislav Hagara (lace) 2005-01-31 08:50:21 UTC

Great, new iso "smgl-0.9.4-i486-2.6.9-nptl-test2" provides device-mapper and
module dm-crypt. We need cryptsetup (it depends on libgcrypt).

Comment 2 Ladislav Hagara (lace) 2005-02-04 18:01:36 UTC

smgl-0.9.4-i486-2.6.9-nptl-test2

dmsetup (from device-mapper) needs /dev/mapper/control file. 
I had to create it by hand (modprobe dm-mod; mkdir /dev/mapper; cd /dev/mapper;
mknod /control c 10 63).
When I tried RAID, the file /dev/evms/dm/control was created (the same major and
minor number).

It would be fine if we had some crypto menu for example "Configuration of
dm-crypt (optionally)" to define which partitions should be encrypted. Of course
before "Mount filesystems". In "Mount filesystems" user could choose for example
 /dev/mapper/dm-crypt-hda5 (/dev/mapper/whatever) instead of hda5. The relation
between that name and hda5 should be defined in some config file, for example
/etc/dm-crypt. Some distros use /etc/crypttab
http://www.saout.de/tikiwiki/tiki-index.php?page=HOWTO or
http://www.ubuntulinux.org/wiki/EncryptedFilesystemHowto

Of course we have to modify our init scripts. If for example
/etc/sysconfig/dm-crypt exists we run script which read /etc/dm-crypt and asked
user for password etc. That relation could be defined directly in /etc/sysconfig/..

Comment 3 Ladislav Hagara (lace) 2005-02-07 03:54:59 UTC

just updated udev.rules (test grimoire) 
the file /dev/mapper/control is created now

Comment 4 Karsten Behrmann 2005-06-13 12:58:55 UTC

I'm not entirely sure if we should even try to get this into 1.0...
would sure be nice, shall we just see if we end up having the time?
Maybe during the fixing/rewriting of the RAID stuff this can be worked on too.

Comment 5 Seth Woolley 2005-06-13 14:06:38 UTC

Keep this bug around.  When everything else is working ok without bugs, 
we'll know we can begin to work on the menu (everything else should be 
added with higher priority, but I'm not worried about the interface of 
adding it, so long as the rudiments are there).  Of course, lace could 
hack the menu to add it in and if the work's already done by him, we 
could throw it in the mix.

Comment 6 David Kowis 2005-06-13 14:38:39 UTC

Marking as enhancement, because that's what it is :)

I like this idea, because it'd be cool. But that's what it is, an nifty feature;
not strictly necessary for anything.

Also setting it for post-1.0 because it's not required to make a stable ISO. If,
however, such work is completed and can be integrated relatively painlessly, I'm
for putting it in. It'd be a neat thing to play with :)

Comment 7 David Kowis 2005-07-31 20:48:43 UTC

We'll get to it LATER :)

--

Comment 8 Karsten Behrmann 2005-09-13 16:15:51 UTC

this is not resolved yet, just filed for post-1.0

--