On Fri, 2007-11-09 at 17:33 -0600, David Lehman wrote: > I've made an initial attempt at support for creating LUKS-encrypted > partitions at install time. A patch is available here: > > http://dlehman.fedorapeople.org/anaconda-fscrypto-20071109.patch Okay, I haven't actually tried it as my current tree is a bit muddled with the resizing patch, but I wanted to be sure to at least look over the patch here and provide some feedback. * Some of the code is obviously forward-looking (the cryptodev registering in particular). Which is fine, but it'd probably be better to hold off on those bits from an initial commit * I'm a little unsure about adding the crypto dev to the fsset.Device object. I wonder if instead it's cleaner to just integrate the crypto code into the Device object. But I'm on the fence here I think * If we go this route, NullCrypto is probably better than Passthrough * Multiple different types of crypto block devices seems like it's going to end up being a UI nitemare. We should pick one path rather than trying to support everything under the sun * Is the filesystem.supportsEncryption attribute really needed? The filesystem doesn't have to really support it at all as it's all done at the block level * The UI is definitely along the right lines, although I'm not convinced about the passphrase prompting. Also, the code would be cleaner if it wasn't trying to support multiple ways of encryption :) * The sanity checking should probably be combined a bit and likely in partitions.sanityCheckAllRequests() as that's where we do other checks for, eg, /boot not being on a PV Overall, though, this looks very good and promising. _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
