From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JfsKC-0008Sh-FB for garchives@archives.gentoo.org; Sun, 30 Mar 2008 07:51:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 460D1E0473; Sun, 30 Mar 2008 07:51:30 +0000 (UTC) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 083F1E0473 for ; Sun, 30 Mar 2008 07:51:30 +0000 (UTC) Received: from rohan.altum.de (p54BBAB21.dip0.t-ipconnect.de [84.187.171.33]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1JfsK90rWw-0002MM; Sun, 30 Mar 2008 09:51:29 +0200 To: gentoo-user@lists.gentoo.org Date: Sun, 30 Mar 2008 09:50:47 +0200 Subject: Re: [gentoo-user] Cryptfs Message-ID: <200803300950.53721.dirk.heinrichs@online.de> From: "Dirk Heinrichs" Organization: Mail Received: from gondolin (gondolin.altum.de [192.168.2.24]) by rohan.altum.de; Sun, 30 Mar 2008 09:50:54 +0200 Organization: Privat User-Agent: KMail/1.9.9 References: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> In-Reply-To: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3950554.N21DoEpUzr"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit X-Provags-ID: V01U2FsdGVkX18t4TNBCCAVOSQHBSo6MVvbXZU/doqqG/BrjrP B7+jLI/T/AihB2s7WAY2NcHXFsyZdjT2mlPr79oEsoV2IoDsgP OG0RbDS/IyqlMzpcihFcA== X-Archives-Salt: cbe876f6-cad3-49ba-bf9d-111f0b17c934 X-Archives-Hash: 6487d5f559a141250864455232a7d281 --nextPart3950554.N21DoEpUzr Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Samstag, 29. M=C3=A4rz 2008 schrieb Florian Philipp: > My goal is to open a Luks-mapping for /var with a gpg-encrypted file > on /boot and then open a mapping for /var/tmp with a plaintext file > on /var. See below. But while we're at it, can anybody tell me what's the advantage = of=20 a gpg-encrypted keyfile over a keyfile generated from /dev/urandom? > I thought it would work with the following settings: > > /etc/conf.d/cryptfs It's /etc/conf.d/dmcrypt nowadays. > target=3Dvar > source=3D'/dev/mapper/vg-crypt_var' > key=3D'/boot/key.gpg:gpg' > > target=3Dvar_tmp > source=3D'/dev/mapper/vg-crypt_var_tmp' > key=3D'/var/lib/tmp_key' > > > I've read the warning in /etc/conf.d/cryptfs about /usr on a separate > partition and followed their advice. Which warning, btw.? Works just fine here. > However, the setup doesn't work. I'm not asked for the passphrase, the > mappings are not created. What did I forget? That the mappings are created all in one go before anything is mounted, so = you=20 can't put the keyfile for /var into /boot. The only thing that would work i= s=20 to put the keyfile on the root fs, because that's the only one that is=20 mounted when the mappings are created, like: target=3D'c-usr' source=3D'/dev/evms/usr' key=3D'/etc/crypt/keyfile' Bye... Dirk --nextPart3950554.N21DoEpUzr Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iD8DBQBH70Zd8NVtnsLkZ7sRAt54AJ9d2eV0006NSC6LtXyLfhfc7TB88QCfb1Kk y1mbUSTF/6cCg7bIMH6XVxE= =lS1m -----END PGP SIGNATURE----- --nextPart3950554.N21DoEpUzr-- -- gentoo-user@lists.gentoo.org mailing list