Bug#434158: marked as done (partman-crypto: due to popular demand: root on loop-aes)

To: Max Vozeler <xam@debian.org>
Subject: Bug#434158: marked as done (partman-crypto: due to popular demand: root on loop-aes)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 20 Mar 2008 21:46:10 +0000
Message-id: <[🔎] handler.434158.D381895.120604913930351.ackdone@bugs.debian.org>
References: <E1JcSMq-0007tO-4J@ries.debian.org> <f206bd960707211713p71ebf14aw41ec1fc380dc0b9b@mail.gmail.com>

Your message dated Thu, 20 Mar 2008 21:32:08 +0000
with message-id <E1JcSMq-0007tO-4J@ries.debian.org>
and subject line Bug#381895: fixed in partman-crypto 28
has caused the Debian Bug report #381895,
regarding partman-crypto: due to popular demand: root on loop-aes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
381895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381895
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: partman-crypto: due to popular demand: root on loop-aes
From: "Nemui Ailin" <ailin.nemui@gmail.com>
Date: Sun, 22 Jul 2007 08:13:55 +0800
Message-id: <f206bd960707211713p71ebf14aw41ec1fc380dc0b9b@mail.gmail.com>

Package: partman-crypto
Severity: wishlist

As you are probably aware, loop-aes is faster and more secure than cryptsetup.

crypto needs to be done using newt ("install", not installgui). this
is documented somewhere on the d-i website.

Unfortunately, the debian-installer doesn't want to let you encrypt
your root with loop-aes even if you have an unencryped /boot

First proceed to the partitioner and select encryption with loop-aes,
that will make d-i unpack the necessary files to lib/modules/*/updates

When installing from something involving an iso image, d-i will load
the wrong loop module.
Please make sure to understand the other bug report about this issue
if you are in this situation!

Next thing you need to do is patch debian-installer to not bitch about
having / on loop-aes, this can be done by modifying a file in
/lib/partman/check.d/ and removing the check (thanks to fjp for the
pointer).

Now the install should go through fine.

Finally you'll want to chroot into your new system, and come up with
some loop-aes initramfs hooks so that your system will be bootable.

You can use those in the loop-aes-utils debian pkg source as a starting point:

apt-get source loop-aes-utils
tar xzvf *.tar.gz
cd util*
gunzip < ../*.diff.gz | patch -p1
grep -R debian initramfs

and execute the commented lines.

However, they are broken, so fix the bugs in the scripts.

You will also want to add a feature to these scripts so that it reads
your key from a removable media.

Remember: The "key" in your encryption IS your keyfile. the passphrase
is just an additional blocker but if your key file gets in the wrong
hands, your security is more than halved!
This means that you absolutely don't want to keep the keyfile in the initrd.

Lastly you will probably want to regen your initrd so that the system
becomes bootable:

mount proc proc -t proc
update-initramfs -k $(ls lib/modules) -u
umount proc

Confirm reboot in the debian-installer

Enjoy

--- End Message ---

--- Begin Message ---

To: 381895-close@bugs.debian.org
Subject: Bug#381895: fixed in partman-crypto 28
From: Max Vozeler <xam@debian.org>
Date: Thu, 20 Mar 2008 21:32:08 +0000
Message-id: <E1JcSMq-0007tO-4J@ries.debian.org>

Source: partman-crypto
Source-Version: 28

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive:

partman-crypto-dm_28_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-dm_28_all.udeb
partman-crypto-loop_28_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-loop_28_all.udeb
partman-crypto_28.dsc
  to pool/main/p/partman-crypto/partman-crypto_28.dsc
partman-crypto_28.tar.gz
  to pool/main/p/partman-crypto/partman-crypto_28.tar.gz
partman-crypto_28_i386.udeb
  to pool/main/p/partman-crypto/partman-crypto_28_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 381895@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Max Vozeler <xam@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 08 Mar 2008 17:35:48 +0100
Source: partman-crypto
Binary: partman-crypto partman-crypto-dm partman-crypto-loop
Architecture: source all i386
Version: 28
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Max Vozeler <xam@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
 partman-crypto-loop - Add to partman support for loop-AES encryption (udeb)
Closes: 381895 468738 468739
Changes: 
 partman-crypto (28) unstable; urgency=low
 .
   [ Max Vozeler ]
   * Allow install onto loop-AES encrypted root. Closes: #381895
   * check.d/crypto_check_mountpoints: quote $mnt as it
     may be empty. Closes: #468739
   * commit.d/unsafe_swap: replace open-coded check for
     swap on dm-crypt with call to dm_is_safe(). Closes: #468738
   * Regenerate the initramfs for root on loop-AES.
   * Make veto_filesystems/crypto executable so that it
     actually gets used.
 .
   [ Updated translations ]
   * Bulgarian (bg.po) by Damyan Ivanov
   * Esperanto (eo.po) by Serge Leblanc
   * Basque (eu.po) by Piarres Beobide
   * French (fr.po) by Christian Perrier
   * Galician (gl.po) by Jacobo Tarrio
   * Japanese (ja.po) by Kenshi Muto
   * Korean (ko.po) by Changwoo Ryu
   * Portuguese (Brazil) (pt_BR.po) by Felipe Augusto van de Wiel (faw)
   * Portuguese (pt.po) by Miguel Figueiredo
   * Thai (th.po) by Theppitak Karoonboonyanan
Files: 
 765eaaea68a786ab986bb316888afffd 799 debian-installer optional partman-crypto_28.dsc
 11229a33e64a40c39ff602cac5c8cdf2 255228 debian-installer optional partman-crypto_28.tar.gz
 db8b030dffce499b789026e1092c1d92 1366 debian-installer optional partman-crypto-dm_28_all.udeb
 9fd65b64aa90ba131e20c09c9809f850 1240 debian-installer optional partman-crypto-loop_28_all.udeb
 f818ceefb19bc031e5fd4952fe2c2bcf 220840 debian-installer optional partman-crypto_28_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBR+LToKoJyPlcq6GYAQJo9gP+ITtenNdlRsg8h9B/3TcBNxFuSZi69asU
HdBFlZe/1NjD3oeRcRiRX9EDAyeLkNtABLxicMQnpwiVGFK/kyxwzLVSfqwAO2Fg
Ktc7XE3V5LA3CF27Kh/KbOd51RzUeIoP6Nm8pMOTU63UAN0L8pMSJznCC4Eo6woh
uH8csJMW3UM=
=uTUY
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#381895: marked as done (Support installing onto loop-AES encrypted root partition)
Next by Date: installation-report: DI (for lenny) beta2 on NEC ML470
Previous by thread: Bug#381895: marked as done (Support installing onto loop-AES encrypted root partition)
Next by thread: installation-report: DI (for lenny) beta2 on NEC ML470
Index(es):
- Date
- Thread