Re: RFC: Moving gpg to /bin?

To: debian-devel@lists.debian.org
Cc: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Subject: Re: RFC: Moving gpg to /bin?
From: Gabor Gombas <gombasg@sztaki.hu>
Date: Thu, 3 Sep 2009 18:39:17 +0200
Message-id: <[🔎] 20090903163917.GA20221@boogie.lpds.sztaki.hu>
In-reply-to: <[🔎] 1251986813.4173.48.camel@leidi>
References: <1251971904.4173.25.camel@leidi> <[🔎] 1251986813.4173.48.camel@leidi>

On Thu, Sep 03, 2009 at 04:06:53PM +0200, Daniel Leidert wrote:

> > I'm thinking about moving gpg to /bin to solve bugs #386980 and #477671.

That may be a workaround, but IMHO this is really a bug/limitation in
the way the current init scripts are set up.

There is already the "_netdev" flag in fstab to defer mounting some
filesystems after the network has been initialized. There could be a
similar "_cryptdev" tag for encrypted devices. Then the boot process
would look like:

- do the equivalent of "mount -a -O no_netdev,no_cryptdev". /usr
  should be mounted by this step, since it should not contain sensitive
  information, therefore it should not be encrypted, or at least not
  using gpg.
- configure the network
- "mount -a -O _netdev,no_cryptdev"
- unlock encrypted devices (incl. encrypted iSCSI/AoE/etc. devices)
- "mount -a -O _netdev,_cryptdev"

Now the question is when/how to run fsck, but it is already a problem if
you want to have a file system on an LVM device where one of the PVs is
an AoE device, as I've found out the other day...

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------

Reply to:

References:
- Re: RFC: Moving gpg to /bin?
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>

Prev by Date: Re: udev and /usr
Next by Date: Re: udev and /usr
Previous by thread: Re: RFC: Moving gpg to /bin?
Next by thread: Re: RFC: Moving gpg to /bin?
Index(es):
- Date
- Thread