[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFC: partman-auto-crypto

Hi all,

I've been working on partman-auto-crypto in the d-i SVN repo at
/people/alphix-guest/partman-auto-crypto.
It's now at a point where it seems reasonable to move it into the regular tree (/d-i/packages/partman/partman-auto-crypto).
partman-auto-lvm currently sets up a boot partition, a swap partition and a LVM PV used by one LVM VG which holds LV's for the rest of the partitions (root and possibly home depending on the selected recipe).
partman-auto-crypto uses the functionality of partman-auto-lvm and partman-crypto to setup a boot partition and one LUKS encrypted partition which in turn holds a LVM PV with one LVM VG which contains the swap partition and the rest of the partitions (root and possibly home).
With the combination of initramfs-tools and cryptsetup, a initramfs-image is generated in the boot partition which prompts for the password during boot and then sets up the LVM VG and proceeds with the boot. I am not sure whether this also works with yaird. Most of the code is shared with partman-auto-lvm, with the change that the encrypted partition is setup in between and that the swap partition is marked for inclusion in the LVM VG.
It is currently at the stage where it works for me (famous last words), so I'd like to get some review and feedback before moving the package into the main tree (especially as I've never written a debian package from scratch yet). 

There are currently two items on the todo list:
o Examine whether we should move the swap partition into the LVM VG for partman-auto-lvm as well, this would allow for much more code sharing between partman-auto-lvm and partman-auto-crypto. I'll send a separate email asking for comments on this issue soon.
o Support loop-AES as well as dm-crypt (this mostly depends on partman-crypto getting encrypted-root-via-loop-AES support)
None of these items seem to be a reason to postpone the use of partman-auto-crypto, and code sharing is hard to implement before both packages are in the source tree proper.
The package itself is pretty small, except for the packaging stuff in debian/*, there's only three files (and at least one - perform_recipe_by_crypto could be eliminated in the future if swap on lvm becomes the default in partman-auto-lvm). 

So, I'd be happy to have some review, questions and comments on the code :)

Regards,
David
Reply to: