From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JfxFM-0003G8-Vo for garchives@archives.gentoo.org; Sun, 30 Mar 2008 13:06:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B60F2E042D; Sun, 30 Mar 2008 13:06:51 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id 775A8E042D for ; Sun, 30 Mar 2008 13:06:51 +0000 (UTC) Received: from loonquawl.digimed.co.uk (loonquawl.digimed.co.uk [192.168.1.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.digimed.co.uk (Postfix) with ESMTPSA id B55B52E30E4 for ; Sun, 30 Mar 2008 14:06:50 +0100 (BST) Date: Sun, 30 Mar 2008 14:06:44 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Cryptfs Message-ID: <20080330140644.63d0bf61@loonquawl.digimed.co.uk> In-Reply-To: <200803300950.53721.dirk.heinrichs@online.de> References: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> <200803300950.53721.dirk.heinrichs@online.de> Organization: Digital Media Production X-Mailer: Claws Mail 3.3.1cvs45 (GTK+ 2.12.9; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEX///9/OBwcKrgODnFG1FTxxqqqxpxGOBwOnA7/1dQOHBxiVH8OABwOVA4Of3G4cXD8PZSwAAAAAXRSTlMAQObYZgAAAhZJREFUOI2l082L00AUAPAcbLS7isypB4VC8w+Iubl78JDDeAj0UnC91KKIomCL2MEa6CWHQRjYgygLwi4IroQIpSCiu0KlsILOooeuW1vmT1jYHtawsDJOJh/9SHPyQUgyP+a9mZeMovxHqPU0OSimwN2fc4df3Dnzy7iWHL+NMe6xq8nKEEKC7ZvJCbZtEBsPExMMo+cDm61/CppyBtlPZDINCWymimETA0qYzqVCg4Xwe7qEGQJmezO1YR/Og+d2DNM1rtuQ2ZD0ktDDA+zD9HLvbx308eAtZH1C2McJeLrlCtg1h58JcWl1DKhBGR58Mx/+NZ9RfTlOlkVXdt+RfWTVPUS7ur40BtRhePig+cSzqC6iFcFmo3MO752ucWDpmi8xOB0VbmRq3Ltc0Lviao1BMYtKJZ9ra8sCtEshOM5G5r1oMSi2NSqgoMdQVcS/lj1auUXdCVBR4829NUUplconnVc+aEERgJwvAKBas8TpzlkJQRGEXARE5Mve17pKfQj2eIIc6sdjfpHuLMgZQZFswz1eE1EeWT+qj8S4gFUJr91DeV9ZX7e6BQmtYLlu2NDzOUr19iSEJ6aSa3JuLcV93HRXAwD5Eud8W7Q+SIGssJ3gyAfudcOtf4igIjbvy/b34P1GBBkJI3DhMHhfiCArM4kmhKtcjCEcP46+uhM9qKMRyP8ZH/dPSkq8TIPFNJgX/wBV+wZAZEipVgAAAABJRU5ErkJggg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/0ju37XFhUubBUkm4b0eOXql"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 6c55cd75-b1b3-4cf7-ba5a-8824d629a698 X-Archives-Hash: a8971fedd93e1b19570a7032d9ff2342 --Sig_/0ju37XFhUubBUkm4b0eOXql Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 30 Mar 2008 09:50:47 +0200, Dirk Heinrichs wrote: > > However, the setup doesn't work. I'm not asked for the passphrase, the > > mappings are not created. What did I forget? =20 >=20 > That the mappings are created all in one go before anything is mounted, > so you can't put the keyfile for /var into /boot. The only thing that > would work is to put the keyfile on the root fs, because that's the > only one that is mounted when the mappings are created, like: You can if you add pre_mount=3D"mount /dev/mapper/boot /boot" to the boot stanza of dmcrypt, it forces the filesystem to be mounted immediately. I ue a variant of this, where keys are stored on a dedicated partition. The pre_mount and post_mount (which unmounts the filesystem) ensure that=20 the keys are only visible for as long as it takes to mount the other filesystems. --=20 Neil Bothwick Thesaurus: ancient reptile with an excellent vocabulary --Sig_/0ju37XFhUubBUkm4b0eOXql Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkfvkGkACgkQum4al0N1GQM/3wCfUEyC0zsciv21LzSbtiicu4dy o4YAoKeGGlrP0LdS3+cLxlHqnd4qtLyV =OGvQ -----END PGP SIGNATURE----- --Sig_/0ju37XFhUubBUkm4b0eOXql-- -- gentoo-user@lists.gentoo.org mailing list