-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/02/2017 07:05 PM, Patrik Hagara wrote:
> On 07/26/2017 03:21 PM, Patrik Hagara wrote:
>> On 07/25/2017 08:48 PM, Rusty Bird wrote:
>>> Patrik Hagara:
>>>> Would it be OK if I squashed all the commits so far into a 
>>>> single large one (as there's already quite a lot of reverts 
>>>> and design changes anyway).
> 
>>> Yes, please do.
> 
>> Done, along with some refactoring (plus an implementation of your
>>  RO/RW manual unplugging suggestion). Feel free to start
>> reviewing. :)
> 
> 
> Just a quick update: code review is in progress (see [1] for 
> comments), with various small changes and fixes being made [2].
> 
> 
> Cheers, Patrik
> 
> 
> [1] 
> https://github.com/phagara/qubes-antievilmaid/commit/715abbc13a7d59b8d
4a
>
> 
72ec6696b621fa76e2a95
> [2] https://github.com/phagara/qubes-antievilmaid/commits/master


Finally managed to track down why unlocking disk with unsealed and
decrypted LUKS key file didn't work on a clean Qubes OS installation.

While starting to develop this feature, I added the key file path to
my /etc/crypttab and had forgotten about it. Fresh Qubes of course
didn't have this change. Combined with one weird systemd
incompatibility (the B point in this [1] forum post), it had caused
the key file to get completely ignored.

There are two ways to work around this issue [2], neither of which is
perfect [3]. Both solutions' downsides are pretty insignificant and
most likely not applicable to 99.99% of existing Qubes OS installations.

For now, I've decided to go with the second option (ignoring crypttab
even for hostonly dracut setups).

For any brave souls out there trying out Qubes 4.0 rc1 already, able
to compile their own packages using the qubes-builder and having Intel
TXT on their machines, you're welcome to try the latest commit from my
repo [4] and reporting back with any issues or comments (even unclear
documentation!).


Cheers,
Patrik



[1] https://fedoraforum.org/forum/showpost.php?p=1681988&postcount=43
[2]
https://github.com/phagara/qubes-antievilmaid/commit/715abbc13a7d59b8d4a
72ec6696b621fa76e2a95#commitcomment-23617394
[3]
https://github.com/phagara/qubes-antievilmaid/commit/715abbc13a7d59b8d4a
72ec6696b621fa76e2a95#commitcomment-23617493
[4] https://github.com/phagara/qubes-antievilmaid
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZj2x6AAoJEFwecd8DH5rlJnEQAI8+ouvRkXwzsz0CpN5UgOqB
1qmvua0NgBK1SC15gPeXjuOABXqO8IxJcVpuOoIL3wdZaHvvNgpGmXiKWUu6YTwi
h1yhS5w8/2rMhfLRT86AyP6H9SRwdC0DgrjCbBzsQtWZH4kBg8ItOK3q2XWrwhhC
3hckSJ4KbZNgT86q0PABCInLfDrxADiFnI+oOQBvHInq/hWuJRibDBWAnNG4AetA
KCkKpMGSSZTBzl6hBfczqtdWc/K7lIhPAO26ht87046ZRN+RjpOl588M2gsw2zYT
z3AHDQAY0+m8qAMv89luklyoYJCcg4RiMTOrPrGtBDFuHGB+rylUFDLujI+AaDH1
lLWNaPXBWUXsKBUqaHOWjP7ek+iK3Nl0yotqkngpiDZ+SNvrCCUa4xaG8j6NjVX6
jd8J/OsWzeiSDygzLKY4mitjNIT4d9yoHND4STte3UcWwAeq1vXlb4Ypvn7z7MNJ
w9ZDveawLv5Z6ZPLKMUsCml4JrGiLnK74jYi/GSMulB8ZMA2mfJGr9IAgMF8hp9b
+Aw2O0kkU3PMp5tTGgIsMAFI3nJcUN2TibiP5OA9898kVO0HXzpYFUfKhQATgjzf
g+1PIJwmO2WHvPGO1uYD0SwXyM7joXmg7z5lUEKqo40sU5nW3T/6qrpxymlP+Sy1
1AfgopK/R9mbwGrmvqgs
=SBa8
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/1a5287c1-cd1c-402f-e91a-dd94e258a725%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Attachment: 0x031F9AE5.asc
Description: application/pgp-keys

Attachment: 0x031F9AE5.asc.sig
Description: PGP signature

Reply via email to