From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1Hav1L-0007oV-Na for garchives@archives.gentoo.org; Mon, 09 Apr 2007 14:39:04 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l39Ecba2011657; Mon, 9 Apr 2007 14:38:37 GMT Received: from smtp02.atlngahp.sys.nuvox.net (smtp-out2.atlngahp.sys.nuvox.net [70.43.63.19]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l39EcaNi011652 for ; Mon, 9 Apr 2007 14:38:36 GMT Received: from [10.3.23.140] (216.215.202.4.nw.nuvox.net [216.215.202.4]) (authenticated bits=0) by smtp02.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id l39EcYk3001136 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Mon, 9 Apr 2007 10:38:34 -0400 Subject: Re: [gentoo-catalyst] Using catalyst to build encrypted livecd's From: Chris Gianelloni To: gentoo-catalyst@lists.gentoo.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-JlYn1vySKo2/sSbYTFbw" Date: Mon, 09 Apr 2007 10:38:29 -0400 Message-Id: <1176129509.8396.26.camel@inertia.twi-31o2.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-catalyst@gentoo.org Reply-to: gentoo-catalyst@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.8.3 X-Archives-Salt: c81f548b-c9b0-4387-b5d5-b79fd4b31292 X-Archives-Hash: ee7b0c1549733d35f5af040f74d2025f --=-JlYn1vySKo2/sSbYTFbw Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2007-04-08 at 14:28 +0000, Nelson Batalha wrote: > I chose Luks, since seems genkernel is supporting it (no docs though),=20 > however this will force us to use two loops, (performance issues?). An=20 > alternative is loop-aes -> one loop only. Why do you need two loops? I'm just asking, since I don't know the details of the differing methods and have only looked over the patches as I've applied them for correctness, not for functionality. Also, make sure there aren't any patches assigned to genkernel that won't help with this. There's at least one or two more LUKS-related patches/bugs in bugzilla. > On gk arguments we would add initramfs a cryptsetup binary with=20 > --initramfs-overlay; we would also add a custom initrc that would put our= =20 > encrypted squashfs file in a loop, and cryptsetup would unencrypt it in a= =20 > different loop - and call it our root. OK. You're already steering off course. If you add cryptsetup to boot/kernel/$kname/packages, genkernel will include it with --luks, so you don't need to do anything in an initramfs overlay. We also do decryption in genkernel already. > The patch to catalyst would allow us to write a script to convert the=20 > squashfs in a encrypted one. First we knew the final squashfs size, so it= =20 > would just create a file with dd with that size from /dev/zero. Then it=20 > would mount this file in a loop, cryptsetup would use it and open it in a= =20 > different loop, and then we would mksquashfs the contents in it. I'm not sure I'm following, but everything that goes into the squashfs is already available to catalyst. We don't need to copy it all *again* since it is at (by default) /var/tmp/catalyst/tmp/default/livecd-stage2-whatever already. > Any problems, comments or alternatives? Would you accept this patch? My b= ash=20 > is ok now, gonna take some time to write the python stuff. I would accept it if it were done right. You'll want to look more into both what catalyst and what genkernel are already capable of doing. I would much rather incorporate the support in catalyst directly, rather than adding yet another spec file key that isn't necessarily a single-purpose key. --=20 Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation --=-JlYn1vySKo2/sSbYTFbw Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (GNU/Linux) iD8DBQBGGk/lkT4lNIS36YERAu1EAJ0THcJ0NaEdAPOWzqQpRKwseeJQKQCeL/Me CoGvwHR/4MKr8HUlgfHdR6c= =DDi2 -----END PGP SIGNATURE----- --=-JlYn1vySKo2/sSbYTFbw-- -- gentoo-catalyst@gentoo.org mailing list