Bug#821035: ITP: luksipc -- LUKS in-place conversion tool
On Sun, Apr 17, 2016 at 06:30:10PM +0200, Vincent Bernat wrote: > ❦ 17 avril 2016 18:07 +0200, Philipp Kern: > >> I intend to also provide an initramfs hook to make the conversion of a > >> root filesystem for simple cases only (notably cloud payload). > > > > I am still a little bit scared by this tool. If it would optionally > > persist the block it is currently rewriting (at the loss of a lot of > > performance and at the possible detriment of the thing you are writing > > it to, if it's flash-based), I'd feel better about it. This way there > > should be a fairly strong warning that the resume.bin is completely and > > utterly lost if you should lose power in the process. There is no state > > tracking on the disk that is being converted either, AIUI. > > From what I understand, the resume.bin file contains the current chunk > of memory and the the current position. So, it should be possible to > resume from the resume.bin. But only if the binary exits cleanly enough to write it out, AIUI ("graceful shutdown"). resume.bin is not persisted anywhere during the operation. > If it is about my idea to provide an initramfs hook to make the > conversion, I agree. However, my use case is for cloud payload where > you have to start from a clear-text boot image. The conversion would be > done before putting valuable data on the disk. Ok, fair point. But people *will* attempt to use it with their pre-existing non-encrypted disks. Hence the fair warning bit. Kind regards and thanks Philipp Kern
Bug#821035: ITP: luksipc -- LUKS in-place conversion tool
On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote: > * Package name: luksipc > Version : 0.04 > Upstream Author : Johannes Bauer > * URL : http://johannes-bauer.com/linux/luksipc/ > * License : GPL-3 > Programming Lang: C > Description : LUKS in-place conversion tool > > luksipc is a tool to convert (unencrypted) block devices to > (encrypted) LUKS devices in-place (therefore it's name LUKS in-place > conversion). This means the conversion is performed without the need > of copying all data somewhere, recreating the whole disk (i.e. create > a LUKS device, create a new filesystem on the mapped LUKS device, copy > all data back). Instead, the process is reduced to: > > 1. Unmounting the filesystem > > 2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is > the current LUKS header size -- but do not trust this value, it > has changed in the past!) > > 3. Performing luksipc > 4. Adding custom keys to the LUKS keyring > > I intend to also provide an initramfs hook to make the conversion of a > root filesystem for simple cases only (notably cloud payload). I am still a little bit scared by this tool. If it would optionally persist the block it is currently rewriting (at the loss of a lot of performance and at the possible detriment of the thing you are writing it to, if it's flash-based), I'd feel better about it. This way there should be a fairly strong warning that the resume.bin is completely and utterly lost if you should lose power in the process. There is no state tracking on the disk that is being converted either, AIUI. (Of course you don't care if you do a full backup beforehand.) Kind regards Philipp Kern
Bug#821035: ITP: luksipc -- LUKS in-place conversion tool
Package: wnpp Severity: wishlist Owner: Vincent Bernat-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: luksipc Version : 0.04 Upstream Author : Johannes Bauer * URL : http://johannes-bauer.com/linux/luksipc/ * License : GPL-3 Programming Lang: C Description : LUKS in-place conversion tool luksipc is a tool to convert (unencrypted) block devices to (encrypted) LUKS devices in-place (therefore it's name LUKS in-place conversion). This means the conversion is performed without the need of copying all data somewhere, recreating the whole disk (i.e. create a LUKS device, create a new filesystem on the mapped LUKS device, copy all data back). Instead, the process is reduced to: 1. Unmounting the filesystem 2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is the current LUKS header size -- but do not trust this value, it has changed in the past!) 3. Performing luksipc 4. Adding custom keys to the LUKS keyring I intend to also provide an initramfs hook to make the conversion of a root filesystem for simple cases only (notably cloud payload). -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJXD/hYAAoJEJWkL+g1NSX5efUP/jFnaliNfpQrdLRDtRbdnigb Npks/CXDdE6Zizme8WMnLLgnmVtc0BCrgZqtaNBSFVRh/VKLler8tftOF7aPRrHf d+T5N1hL+0MrFfzBBs68rfUoPirpaalAP+/uS96Oh0o9v2pj22rlWUrCDDj1mbx9 rzUZDcXyUUAkQZYdU0NABMmOuRGJy54yrpfYbORL3m7p8b9XRI4bJgzJcaWhUon1 zyz9toI3l5OgUvSIg0pPmZiP8vJWitpIDQCHbLTTLrhr5man9aHeZC1DzlEk1u8Y w51UI3OWI/J6UmheVnK8XHgHiVY/EfiZI2epFMp8o3ESQ4k2Fxhn/nMf+Wk2vGE9 YQTxeyzVNdcOMwCnt05PZfkytxIGJqsMshGt+w8+6DCEMbXFht7vNWuoldvNfGtC cGoVzErJA/GvinISVJRgVsVwYy+9yi+x11dnNxgGnuKIH7piVELCbYdBalhXOxvE zqx8Dxuf2YjHrfnWIpEZhiw3HtTBQu0Veo9XF2Go6qFFBusAN1tfUfXkCZMPCInC 9TGxcxQK/okK6kRExI7fgrofHmI2gcM11cHNEP1mBAKzUVgcJ81ecffY9wiyPOUR dCdFhuZabojMEzzT+Ytz++QJyoG1lPydd+jqovAvHdvxzjzqy9+3atc8/Jo1G4Ab CcraSGvL4wtU/UoFViKB =QkX1 -END PGP SIGNATURE-