On Sun, 2007-04-08 at 14:28 +0000, Nelson Batalha wrote: > I chose Luks, since seems genkernel is supporting it (no docs though), > however this will force us to use two loops, (performance issues?). An > alternative is loop-aes -> one loop only.
Why do you need two loops? I'm just asking, since I don't know the details of the differing methods and have only looked over the patches as I've applied them for correctness, not for functionality. Also, make sure there aren't any patches assigned to genkernel that won't help with this. There's at least one or two more LUKS-related patches/bugs in bugzilla. > On gk arguments we would add initramfs a cryptsetup binary with > --initramfs-overlay; we would also add a custom initrc that would put our > encrypted squashfs file in a loop, and cryptsetup would unencrypt it in a > different loop - and call it our root. OK. You're already steering off course. If you add cryptsetup to boot/kernel/$kname/packages, genkernel will include it with --luks, so you don't need to do anything in an initramfs overlay. We also do decryption in genkernel already. > The patch to catalyst would allow us to write a script to convert the > squashfs in a encrypted one. First we knew the final squashfs size, so it > would just create a file with dd with that size from /dev/zero. Then it > would mount this file in a loop, cryptsetup would use it and open it in a > different loop, and then we would mksquashfs the contents in it. I'm not sure I'm following, but everything that goes into the squashfs is already available to catalyst. We don't need to copy it all *again* since it is at (by default) /var/tmp/catalyst/tmp/default/livecd-stage2-whatever already. > Any problems, comments or alternatives? Would you accept this patch? My bash > is ok now, gonna take some time to write the python stuff. I would accept it if it were done right. You'll want to look more into both what catalyst and what genkernel are already capable of doing. I would much rather incorporate the support in catalyst directly, rather than adding yet another spec file key that isn't necessarily a single-purpose key. -- Chris Gianelloni Release Engineering Strategic Lead Alpha/AMD64/x86 Architecture Teams Games Developer/Council Member/Foundation Trustee Gentoo Foundation
signature.asc
Description: This is a digitally signed message part
