subject:"Bug#821035\: ITP\: luksipc \-\- LUKS in\-place conversion tool"

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

2016-04-17 Thread Philipp Kern

On Sun, Apr 17, 2016 at 06:30:10PM +0200, Vincent Bernat wrote:
>  ❦ 17 avril 2016 18:07 +0200, Philipp Kern  :
> >> I intend to also provide an initramfs hook to make the conversion of a
> >> root filesystem for simple cases only (notably cloud payload).
> >
> > I am still a little bit scared by this tool. If it would optionally
> > persist the block it is currently rewriting (at the loss of a lot of
> > performance and at the possible detriment of the thing you are writing
> > it to, if it's flash-based), I'd feel better about it. This way there
> > should be a fairly strong warning that the resume.bin is completely and
> > utterly lost if you should lose power in the process. There is no state
> > tracking on the disk that is being converted either, AIUI.
> 
> From what I understand, the resume.bin file contains the current chunk
> of memory and the the current position. So, it should be possible to
> resume from the resume.bin.

But only if the binary exits cleanly enough to write it out, AIUI
("graceful shutdown"). resume.bin is not persisted anywhere during
the operation.

> If it is about my idea to provide an initramfs hook to make the
> conversion, I agree. However, my use case is for cloud payload where
> you have to start from a clear-text boot image. The conversion would be
> done before putting valuable data on the disk.

Ok, fair point. But people *will* attempt to use it with their
pre-existing non-encrypted disks. Hence the fair warning bit.

Kind regards and thanks
Philipp Kern

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

2016-04-17 Thread Philipp Kern

On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote:
> * Package name: luksipc
>   Version : 0.04
>   Upstream Author : Johannes Bauer
> * URL : http://johannes-bauer.com/linux/luksipc/
> * License : GPL-3
>   Programming Lang: C
>   Description : LUKS in-place conversion tool
> 
> luksipc is a tool to convert (unencrypted) block devices to
> (encrypted) LUKS devices in-place (therefore it's name LUKS in-place
> conversion). This means the conversion is performed without the need
> of copying all data somewhere, recreating the whole disk (i.e. create
> a LUKS device, create a new filesystem on the mapped LUKS device, copy
> all data back). Instead, the process is reduced to:
> 
>  1. Unmounting the filesystem
> 
>  2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is
> the current LUKS header size -- but do not trust this value, it
> has changed in the past!)
> 
>  3. Performing luksipc
>  4. Adding custom keys to the LUKS keyring
> 
> I intend to also provide an initramfs hook to make the conversion of a
> root filesystem for simple cases only (notably cloud payload).

I am still a little bit scared by this tool. If it would optionally
persist the block it is currently rewriting (at the loss of a lot of
performance and at the possible detriment of the thing you are writing
it to, if it's flash-based), I'd feel better about it. This way there
should be a fairly strong warning that the resume.bin is completely and
utterly lost if you should lose power in the process. There is no state
tracking on the disk that is being converted either, AIUI.

(Of course you don't care if you do a full backup beforehand.)

Kind regards
Philipp Kern

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

2016-04-14 Thread Vincent Bernat

Package: wnpp
Severity: wishlist
Owner: Vincent Bernat 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

* Package name: luksipc
  Version : 0.04
  Upstream Author : Johannes Bauer
* URL : http://johannes-bauer.com/linux/luksipc/
* License : GPL-3
  Programming Lang: C
  Description : LUKS in-place conversion tool

luksipc is a tool to convert (unencrypted) block devices to
(encrypted) LUKS devices in-place (therefore it's name LUKS in-place
conversion). This means the conversion is performed without the need
of copying all data somewhere, recreating the whole disk (i.e. create
a LUKS device, create a new filesystem on the mapped LUKS device, copy
all data back). Instead, the process is reduced to:

 1. Unmounting the filesystem

 2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is
the current LUKS header size -- but do not trust this value, it
has changed in the past!)

 3. Performing luksipc
 4. Adding custom keys to the LUKS keyring

I intend to also provide an initramfs hook to make the conversion of a
root filesystem for simple cases only (notably cloud payload).

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCAAGBQJXD/hYAAoJEJWkL+g1NSX5efUP/jFnaliNfpQrdLRDtRbdnigb
Npks/CXDdE6Zizme8WMnLLgnmVtc0BCrgZqtaNBSFVRh/VKLler8tftOF7aPRrHf
d+T5N1hL+0MrFfzBBs68rfUoPirpaalAP+/uS96Oh0o9v2pj22rlWUrCDDj1mbx9
rzUZDcXyUUAkQZYdU0NABMmOuRGJy54yrpfYbORL3m7p8b9XRI4bJgzJcaWhUon1
zyz9toI3l5OgUvSIg0pPmZiP8vJWitpIDQCHbLTTLrhr5man9aHeZC1DzlEk1u8Y
w51UI3OWI/J6UmheVnK8XHgHiVY/EfiZI2epFMp8o3ESQ4k2Fxhn/nMf+Wk2vGE9
YQTxeyzVNdcOMwCnt05PZfkytxIGJqsMshGt+w8+6DCEMbXFht7vNWuoldvNfGtC
cGoVzErJA/GvinISVJRgVsVwYy+9yi+x11dnNxgGnuKIH7piVELCbYdBalhXOxvE
zqx8Dxuf2YjHrfnWIpEZhiw3HtTBQu0Veo9XF2Go6qFFBusAN1tfUfXkCZMPCInC
9TGxcxQK/okK6kRExI7fgrofHmI2gcM11cHNEP1mBAKzUVgcJ81ecffY9wiyPOUR
dCdFhuZabojMEzzT+Ytz++QJyoG1lPydd+jqovAvHdvxzjzqy9+3atc8/Jo1G4Ab
CcraSGvL4wtU/UoFViKB
=QkX1
-END PGP SIGNATURE-

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

3 matches

Site Navigation

Mail list logo

Footer information