Hi Lionel,
On Sun, Jul 16, 2006 at 08:50:09PM +0200, Lionel Elie Mamane wrote:
> On Sun, Jul 16, 2006 at 08:33:36PM +0200, Max Vozeler wrote:
> > can you please send it once more?
>
> Here you are.
Thanks!
I have been looking through the patch, and found a few
questions/comments. I'd be interested what you think.
There should probably be a NEWS.Debian entry to let users know
about the new functionatily, but also to warn them that it might
interfere with their existing encrypted root setup. Although, I
think most if not all setups should be unaffected as they are
likely using "/dev/loop$n / ..." style entries in /etc/fstab.
> +++ loop-aes-utils-2.12r/debian/initramfs-tools-hook
...
> + gpgkey=*)
> + rootgpgkey=${opt#gpgkey=}
> + ;;
> + gpghome=*)
> + rootgpghome=${opt#gpgkey=}
Should this be s/gpgkey/gpghome/ ?
> +# Prepare the initramfs
> +if [ -n "${rootgpgkey}" ]; then
> + mkdir ${DESTDIR}/keys/
> + cp "${rootgpgkey}" ${DESTDIR}/keys/rootkeyfile.gpg
> + copy_exec /usr/bin/gpg /bin/
> + loopaes_opts="${loopaes_opts},gpgkey=/keys/rootkeyfile.gpg"
> +fi
> +if [ -n "${rootgpghome}" ]; then
> + cp -R "${rootgpgkey}" ${DESTDIR}/.gnupg
s/rootgpgkey/rootgpghome/ ?
I wonder, could there be unwanted side-effects from copying the
rootgpghome directory into the initramfs, like exposing secret
keys on the unencrypted /boot partition? OTOH I suppose users who
specify gpghome= probably know what they are doing, so maybe
this point is moot.
More importantly: The initramfs file in /boot is by default
world-readable. If we copy root.gpg into it, it will be readable
by all users. Same for files in $rootgpghome. Maybe you have an
idea what we could do here? The initramfs-tools maintainer told
me that there is no existing way to say: Generate this
initrd.img-$foo mode 0600. We would also have to take care of
temp file permissions.
How about storing the keyfile directly in /boot/keys/, would
that be an valid alternative? Just a quick idea, I haven't
thought this through :-)
...
> +manual_add_modules loop
Maybe we could check which encryption= is specified, and load
loop_{serpent,twofish,blowfish} here if required ?
> +++ loop-aes-utils-2.12r/debian/initramfs-tools-script
...
> + local opt
> + local IFS=", "
> + for opt in $loopaes_opts; do
> + case $opt in
...
> + gpghome=*)
> + rootgpghome=${opt#gpgkey=}
s/gpgkey/gpghome/ ?
> +# Use /sbin/losetup to make sure that we get the loopaes modified one,
> +# not the busybox one.
> +/sbin/losetup ${losetup_opts} "${rootloop}" "$ROOT"
I think asking only once for the passphrase can be frustrating
for users if they make a typo. :-)
Maybe something like:
try_losetup() {
retries=3
try=0
while [ $try -lt $retries ]
do
if /sbin/losetup ${losetup_opts} "${rootloop}" "$ROOT"
then
return 0
fi
try=$((try+1))
done
return 1
}
if ! try_losetup
then
echo xxx something bad passphrase
echo xxx what happens now?
fi
> +# init can now pick up new FSTYPE, FSSIZE and ROOT
> +echo "ROOT=\"${rootloop}\"" >> /conf/param.conf
> +exit 0
> +
About documentation. Do you think you could add a small README
about how the scripts can be used and how one would manually
create a suitable setup? If not I can give it a try, but I'm
not very good at this :-)
And a last question: I would like to add a check that there is
indeed a loop-AES module installed at the time of initramfs
creation/update. Otherwise the user could end up with an
initramfs unable to boot their system, no?
In any case: Lionel, Many thanks for writing this! I hope to
include the scripts in an upload soon. I will also try to add
support for it to partman-crypto-loop once our small feature-
freeze for beta3 is over.
cheers,
Max
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
