Re: LUKS2 resizing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I don't think --ask-always option would be necessary...  I think cryptsetup status is more than enough.
I have to do some screen scrubbing in other places too, e.g. new file system (and version version) detection
code now screen scrubs "udevadm info --query property" to detect whether e.g. it is LUKS1 or LUKS2 or even FAT12.

Actually, do I even need cryptsetup status KDE Partitition Manager only allows resizing unlocked LUKS volumes
(so that internal file system can also be resized). So if I understand correctly it will never ask for passphrase in LUKS1
case but it will always ask in LUKS2 case.

Andrius

2017 m. gruodžio 14 d., ketvirtadienis 10:23:21 GMT rašėte:
> On 12/13/2017 07:05 PM, Andrius Štikonas wrote:
> 
> > Exit code status should be fine for me. I'll just check for it to be 0. I can't really
> > use libcryptsetup anyway, I need to use cryptsetup executable as
> > KDE Partition Manager is a GUI app and linking to libcryptsetup would
> > require the whole app to be running as root which is a security issue for
> > GUI apps.
> 
> I see.
> 
> Well, you may either detect volume key was passed via kernel keyring to 
> dm-crypt by following command: cryptsetup status <name>
> 
> It prints usual status information together with line:
> "key location: keyring". If you see such line you know cryptsetup
> resize will ask for passphrase. But yes, it's screen scrubbing, not 
> comfortable.
> 
> Or, we may implement option --ask-always (or similar) and cryptsetup 
> resize will ask always for the passphrase to verify (and also load) 
> volume key during resize operation.
> 
> Would it help?
> 
> Also do you mind if I repost this e-mail back to mail list so that 
> others see my answer?
> 
> O.
> 
> 


-- 
I encourage the use of end to end email encryption

GPG key:   https://stikonas.eu/andrius.asc
Fingerprint:  1EE5 A320 5904 BAA2 B88C 0A9D 24FD 3194 0095 C0E1

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux