[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: initramfs-tools / cryptoroot

hello Daniel,

On Wed, 22 Aug 2007, Daniel Reichelt wrote:

> I'm administering several linux hosts, which are all set up to boot from a
> luks-encrypted partition (which partly live in LVM). I was hacked off to have
> to go down to the basement and enter the passwords manually on each and every
> reboot. So why not let this be managed by a central "boot server"? So I've set
> up the following process:
> - included sshd/dhclient3 in initrd by a hook

why are you not using ipconfig, the klibc dhclient equiv.
if it doesn't work for you i'd be happy to know why!?

> Please let me know what you think. If you like it, I'd gladly document
> it further.

adding sshd to initramfs sounds not like a general way for the cryptsetup
guys to go. ;) anyway thanks for your creative way of using
initramfs-tools and showing it off. i glanced over the code and have some
small remarks.

> #ensure boot scripts are executable
> find $DESTDIR/scripts -name remoteunlock -exec chmod 755 {} \;
the scripts itself need to be executable on installation,
no need to rerun that on any update-initramfs.

you add more binaries than you actually use, i saw no mv and rm invocation
for example. for rm you can use nuke from klibc. for ifconfig use
ipconfig (yes can also set static dev). also bash seems quite redundant
and chown superfluous.

happy hacking


Reply to: