On Sun, 2007-04-08 at 14:28 +0000, Nelson Batalha wrote:
> I chose Luks, (...) this will force us to use two loops, (performance
issues?). An
> alternative is loop-aes -> one loop only.
Why do you need two loops?
It's the way they work. Luks is ment for devices only, so we need to make
one for him to work with, and then he unencrypts it in a new one. loop-aes
is embedded in losetup, so when mounting squashfs we just need to give it a
key ;).
OK. You're already steering off course. If you add cryptsetup to
boot/kernel/$kname/packages, genkernel will include it with --luks, so
you don't need to do anything in an initramfs overlay.
Thanks, I wasn't sure how it worked, so I just mentioned a hack for now (it
wasn't stupid :P).
http://bugs.gentoo.org/show_bug.cgi?id=173766
I'm not sure I'm following, but everything that goes into the squashfs
is already available to catalyst. We don't need to copy it all *again*
since it is at (by
default) /var/tmp/catalyst/tmp/default/livecd-stage2-whatever already.
I follow you, but the problem is that we need to know the size of the final
squashfs.
Thing is, with luks, we need a "stupid" file initially that is going to be
looped to be formatted in a squashfs. To create it, we need to know its
size, preferebly not greater then necessary, since I *think* it's not
possible to change the size of a file in a loop.
*Unless* we know an estimate of how big will the squashfs be, the option is
to make one and then create that file with the exact size. The problem is
not *getting* the files, is to make the *exact* room for them ;).
I would much rather incorporate the support in catalyst directly, rather
than adding yet another spec file key that isn't necessarily a
single-purpose key.
Cool, I'll look into it. If anyone offers to patch the *.py files I can do
the rest and specify what it needs to be done.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
[EMAIL PROTECTED] mailing list
