--- Begin Message ---
Package: installation-reports
Boot method: businesscard ISO
Image version: 2006-08-07 build from
http://cdimage.debian.org/cdimage/daily-builds/sid_d-i/arch-latest/i386/iso-cd/debian-testing-i386-businesscard.iso
Machine: VMWare Player 1.0.1 build-19317
Memory: 128MB
Partitions:
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/sda1 ext3 918322 276393 592933 32% /
tmpfs tmpfs 63580 0 63580 0% /dev/shm
/dev/sda5 ext3 90297 4133 81347 5% /home
/dev/sda2 ext3 46665 4880 39376 12% /tmp
tmpfs tmpfs 10240 100 10140 1% /dev
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 defaults,errors=remount-ro 0 1
/dev/sda5 /home ext3 defaults,loop=/dev/loop1,encryption=AES256,gpgkey=/etc/loopkeys/_dev_sda5.gpg 0 0
/dev/sda2 /tmp ext3 defaults,loop=/dev/loop0,encryption=AES256,phash=random/1777 0 0
/dev/sda6 none swap sw,loop=/dev/loop2,encryption=serpent128 0 0
/dev/sda7 none swap sw,loop=/dev/loop3,encryption=twofish192 0 0
/dev/hdc /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
losetup -a:
/dev/loop/0: [000c]:4458 (/dev/sda2) encryption=AES256 multi-key-v3
/dev/loop1: [000c]:4444 (/dev/sda5) encryption=AES256 multi-key-v3
/dev/loop2: [000c]:4434 (/dev/sda6) offset=4096 encryption=serpent128 multi-key-v3
/dev/loop3: [000c]:4462 (/dev/sda7) offset=4096 encryption=twofish192 multi-key-v3
/proc/swaps:
Filename Type Size Used Priority
/dev/loop2 partition 96344 0 -1
/dev/loop3 partition 96344 0 -2
Initial boot worked: [O]
Configure network HW: [O]
Config network: [O]
Detect CD: [O]
Load installer modules: [O]
Detect hard drives: [O]
Partition hard drives: [O]
Create file systems: [O]
Mount partitions: [O]
Install base system: [O]
Install boot loader: [O]
Reboot: [O]
This install was focused on testing loop-AES support in
partman-crypto.
Test (features):
OK /home - GnuPG Keyfile
OK /tmp - random key
OK swap - random key
OK swap - random key
Test (sanity-checks):
OK on loop-AES: /
OK on loop-AES: /boot
OK weak passphrase
OK ext3 on random key
OK unencrypted swap before "Configure encrypted volumes"
FAIL unencrypted swap added later on
Usability:
1. The entropy plugin required me to type randomly for
about six minutes while it generated the key. This is quite long
and tiresome. While it only needs to be done at install time and
only once for each partition, something should be done to make
this require less direct input by the user. (Bug#381875)
2. To test the sanity checks I configured an encrypted volume
with random key to hold /opt on ext3. The check worked correctly
and warned about this setup. I went back, changed the encrypted
volume to hold swap and chose "Finish partitioning" again, but the
warning still triggered although it was now configured with
method=swap. (bug documented in partman-crypto/BUGS)
Important problems:
3. Nothing in partman-crypto prevented me from setting up
an unencrypted swap space AFTER encrypted volumes had been setup.
The installation continued without warning and the installed
system booted with encrypted loops and unencrypted swap. This
is quite bad but IMO doesn't make it unsuitable for beta3 as
this is quite a corner case and we explicitly warn about
unsuitability for production use. (Bug#381870)
cheers,
Max
--- End Message ---