From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-140975-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D89F9138010
	for <garchives@archives.gentoo.org>; Tue,  4 Sep 2012 20:27:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 19F5AE067D;
	Tue,  4 Sep 2012 20:25:52 +0000 (UTC)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66])
	by pigeon.gentoo.org (Postfix) with ESMTP id 8F259E0660
	for <gentoo-user@lists.gentoo.org>; Tue,  4 Sep 2012 20:15:23 +0000 (UTC)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
          by outpost1.zedat.fu-berlin.de (Exim 4.69)
          for gentoo-user@lists.gentoo.org with esmtp
          (envelope-from <h.v.bruinehsen@fu-berlin.de>)
          id <1T8zWn-0005sD-WF>; Tue, 04 Sep 2012 22:15:18 +0200
Received: from dslb-188-103-204-228.pools.arcor-ip.net ([188.103.204.228] helo=[192.168.178.32])
          by inpost2.zedat.fu-berlin.de (Exim 4.69)
          for gentoo-user@lists.gentoo.org with esmtpsa
          (envelope-from <h.v.bruinehsen@fu-berlin.de>)
          id <1T8zWn-0000nA-PU>; Tue, 04 Sep 2012 22:15:17 +0200
Message-ID: <5046614F.9080104@fu-berlin.de>
Date: Tue, 04 Sep 2012 22:15:11 +0200
From: Hinnerk van Bruinehsen <h.v.bruinehsen@fu-berlin.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120902 Thunderbird/15.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal
 go?
References: <trinity-d4c8875e-6af1-4873-9151-83c82e7599a8-1346703623543@3capp-webde-bs27> <trinity-aebe8c59-aa7a-40ec-b60b-ae9e5d9f11e7-1346704595742@3capp-webde-bs27> <504518A3.7000207@binarywings.net> <trinity-f7c5ffa7-f823-43b1-bfbf-b4a799518634-1346707396655@3capp-webde-bs10> <trinity-8e19d4ef-013d-477c-b7d0-00b1ccde2379-1346710378063@3capp-webde-bs10> <trinity-f97ea7f1-e1b2-440e-b75e-8c9ca0bb0f6c-1346766507789@3capp-webde-bs10> <50463C4C.6040602@fu-berlin.de> <50464606.5050404@binarywings.net> <CA+czFiBuZanp5qppf38WXp7E7mQvvhrrzyuCQ6n_tgphOt9NWA@mail.gmail.com>, <504651FF.9000506@binarywings.net> <trinity-1419b625-62b6-4c34-9110-3bf7d7b850e8-1346789135028@3capp-webde-bs44>
In-Reply-To: <trinity-1419b625-62b6-4c34-9110-3bf7d7b850e8-1346789135028@3capp-webde-bs44>
X-Enigmail-Version: 1.4.4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Originating-IP: 188.103.204.228
X-Archives-Salt: 5982f6ab-9c8d-44c3-81f5-454b7516f41c
X-Archives-Hash: d0d7ad308f771861a964f5d851c7972e

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04.09.2012 22:05, "Roland Häder" wrote:
> Okay, I have setup so far this:
> 
> /dev/sda1 - /boot (unencrypted) /dev/sda2 - swap (not yet setup,
> will be encrypted) /dev/sda3 - / (encrypted)
> 
> /dev/sda3 is the underlaying drive, where I used gpg:
> 
> # gpg --decrypt key.gpg | cryptsetup --verbose luksFormat
> /dev/sda3 # gpg --decrypt key.gpg | cryptsetup --verbose luksOpen
> /dev/sda3 encVol # dd if=/dev/zero of=/dev/mapper/encVol bs=100M
> (to avoid filesystem corruption) # mkfs.ext4 -L root
> /dev/mapper/encVol
> 
> Now I continued as usual with the Gentoo handbook (mount all, copy
> things on it, etc.)
> 
> After I compiled the kernel, emerged cryptsetup on the new system,
> I editied /boot/grub/grub.conf: 
> ----------------------------------------------- default 0 timeout
> 30 splashimage=(hd0,0)/boot/grub/splash.xpm.gz
> 
> title Gentoo Linux root (hd0,0) kernel
> /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0
> crypt_root=/dev/sda3 initrd
> /boot/initramfs-genkernel-x86-3.3.8-gentoo 
> ----------------------------------------------- (I read not to use
> real_root, but crypt_root instead?)
> 
> Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab )
> and did: # grub-install --no-floppy /dev/sda
> 
> Still as usual. Now it is downloading plymouth (to have some cool
> things) + dracut (easiest way as I read in wiki).
> 
> I also had to expand /etc/make.conf (not /etc/portage/make.conf ???
> Is this a mistake in handbook?):
> 
> ----------------------------------------------- 
> DRACUT_MODULES="crypt_gpg plymouth" 
> -----------------------------------------------
> 
> Now I really hope, that after I installed dracut on it, that I can
> boot it and the initrd will be updated. It needs at least some
> kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic)
> plus gpg and cryptsetup tools to actually decrypt the hard drive.
> 
> Regards, Roland
> 

I thin you need to add crypt as a dracut module since crypt_gpg is
afaik just an extension to crypt.

The output from equery seems to support my assumption:

...
dracut_modules_crypt         : Decrypt devices encrypted with
cryptsetup/LUKS
dracut_modules_crypt-gpg     : Support for GPG-encrypted keys for
crypt module
...

WKR
Hinnerk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQRmFOAAoJEJwwOFaNFkYc4eoH/0TthI9pSRXF/AKTp1fYFiwM
qFPW7ZvvQVVX3QctL+h/NiPceWw6G5WGjc+eqiTput1A8B9ledi87OGvT13JFb40
vMfRWrlqrn89dtL/pkLQUHrT1FtjP4/jp6oY98XN1fcODKItQ8+F6TZN0/wrTzrJ
CPJtdPdR8X2U+40zBUU8pxkm1doIbiMGmsU0hAf8aq2GC65Eer4rOCqPcLsTvMnz
9zUYzTFxSq4rj34apuGrS8RxEsj9uABi4JpfMD+k3nzmI6D2ya1wOHJUMYtgiAoe
itsuJxRsi5j0gZNwHz4XqF7iBTzMHHbKcQ2qtfSpJ/hx0LrMCXGeIALHylPeU+Q=
=F+nL
-----END PGP SIGNATURE-----