Bug#821035: ITP: luksipc -- LUKS in-place conversion tool

[Philipp Kern <pkern@debian.org>]

On Thu, Apr 14, 2016 at 10:06:51PM +0200, Vincent Bernat wrote:
> * Package name    : luksipc
>   Version         : 0.04
>   Upstream Author : Johannes Bauer
> * URL             : http://johannes-bauer.com/linux/luksipc/
> * License         : GPL-3
>   Programming Lang: C
>   Description     : LUKS in-place conversion tool
> 
> luksipc is a tool to convert (unencrypted) block devices to
> (encrypted) LUKS devices in-place (therefore it's name LUKS in-place
> conversion). This means the conversion is performed without the need
> of copying all data somewhere, recreating the whole disk (i.e. create
> a LUKS device, create a new filesystem on the mapped LUKS device, copy
> all data back). Instead, the process is reduced to:
> 
>  1. Unmounting the filesystem
> 
>  2. Resizing the filesystem to shrink about 10 megabytes (2048 kB is
>     the current LUKS header size -- but do not trust this value, it
>     has changed in the past!)
> 
>  3. Performing luksipc
>  4. Adding custom keys to the LUKS keyring
> 
> I intend to also provide an initramfs hook to make the conversion of a
> root filesystem for simple cases only (notably cloud payload).

I am still a little bit scared by this tool. If it would optionally
persist the block it is currently rewriting (at the loss of a lot of
performance and at the possible detriment of the thing you are writing
it to, if it's flash-based), I'd feel better about it. This way there
should be a fairly strong warning that the resume.bin is completely and
utterly lost if you should lose power in the process. There is no state
tracking on the disk that is being converted either, AIUI.

(Of course you don't care if you do a full backup beforehand.)

Kind regards
Philipp Kern