On Fri, Oct 19, 2012 at 12:10:25AM -0400, Jim F wrote: > > I modified scripts to allow system encryption with a detached LUKS > header. Everything but /boot is encrypted and the header can be > either a partition or a file (say) in the initrd in /boot. And /boot > can be on a separate device, e.g. a USB thumb drive, so the system > drive can have only encrypted data with no indication that it's LUKS > encrypted. > > I'm writing to see if the changes would be of interest to anyone and > how to include them in a package. I was using Linux Mint 12 but they > should work (at least) with any of the Debian derivatives. > > LM12 came with cryptsetup 1.1.3 so I got the latest source which at > that time was 1.4.1. Since I didn't see any of the initramfs-tools > scripts in the cryptsetup source, I assumed they were distributed in > a different package. I've subsequently found that while there is a > initramfs-tools package, the scripts related to cryptsetup are in > the cryptsetup package. This observation applies at least to Debian, > Ubuntu and Linux Mint. The initramfs is distribution-specific. There are no standards for it, or at least no binding ones. The only thing the kernel knows and needs is a specific filesystem and the presence of init. Anythinge else, including what init does is up to the distro. The reason there are no such scripts in the cryptsetup package is that it would not make sense to put them in there, as they would be completely different for different distributions. > Because of the difference in the source and packaging, I have the > modified 1.1.3 scripts working with the 1.4.1 cryptsetup I built. > After taking a quick look at 1.4.3, I've concluded it won't be too > much work to get the changes in sync. However it would be best to do > this only once. I was thinking about doing it with 1.4.3 which comes > with Ubuntu 12.10 but I see that 1.5.1 has just been released. > > Given all this, can someone tell me: > > - how the scripts get packaged with cryptsetup since they don't > appear to be in its source tree? They do not get packaged with cryptsetup. At least not distribution-specific ones. And with good reason. > - where the scripts are? In the distribution ;-) > - how to get the changes included with the distributions, assuming > there's interest? Submitted to the distributions directly. This is a frequent misconception you fell prey to here: Booting is the responsibility of the distribution, all processes in it are out of scope for cryptsetup. Cryptsetup just handles setting up plain dm-crypt and LUKS partitions without any regard to what process requests it or at what time it is requested, as long as the kernel is running. Here is what I recommend: - Submit this to Mint for Mint. - For Debian-like distros, submit it to Debian, it should eventually propagate down. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
