Loosing your USB live system with important non-encrypted data is bad, loosing your USB live system encrypted data is bad also, but much less than the first - if you backup regularly. USB memories aren't hard disks, and even those fail. After having my USB pen plugged in some printer with a USB connector (don't ask me why), my encrypted partition ended up turned into a fat32 filesystem, while my ext2 filesystem used in the live system (I use extlinux to boot my live system) went to trash. I was able to recover the ext2 filesystem and live system files by running fsck.ext2 and found the files and directories in lost+found (all good, except the filenames), but my encrypted home partition was dead. Simple solutions don't always are the best, but the principle of the original lukshome hook was working. I picked some stuff from a previous hook I was developing and added it to this new lukshome hook, changing it to use a losetup file instead of a whole partition - the file recovery should be possible now, if anything goes wrong in some broken USB connector. I've tried to use Jeff Lessem way of including the encrypted home file in the live system partition, but always got /home mounted as read-only. The live system partition is mounted as read only, so I guess this is expected to happen. Another partition is used here, as in the original lukshome hook, to contain the encrypted home *file* (like home-rw in a file) but with lukshome label. This specific label is to avoid mounting every partition on the computer to find the file (like in persistent=nofiles). Some code is based in live-helpers script and lukshome.sh script sources it to use some of its functions. I've simplified the use of this hook at best for now. Now the creation of the encrypted home file is done by a script, you'll just have to make a partition with lukshome label and move the file there. All this made me check for errors in several places, create some scripts, change some other files, and add some output about what's happening or to be done. All this turned this in a BIG hook of almost 10 KB (~5 KB with no comments and echos for instructions, a little less with no error checks). I've being using a losetup file for a couple of weeks now (with lenny/stable) and it's *apparently* safe (what's really safe in life?). During this time I've solved some busy device error on shutdown and developed the hook and its scripts. It's all been working very well. I'd suggest to anybody that used the previous hook to backup its data (definitely backup, and do it regularly, please) and use this hook instead. To do it, rebuild the live system with the new lukshome hook, boot *without* lukshome boot option, open the encrypted partition with cryptsetup and mount it as /home. Then run as root the script create-lukshome-file.sh (it will copy /home/* to the file) and move the luks-home.img file to some partition with lukshome label (even on hard disk). Then reboot with lukshome boot option. Have fun, Rui M. P. Bernardo
Attachment:
losetup-lukshome.sh
Description: Bourne shell script