Bruno Wolff III (bruno@xxxxxxxx) said:
> I think there had been an assumption that this person had been watching
> the bugzilla entry for encrypted file systems and would include patches
> posted there once people reported they were working OK. That assumption seems
> to have been incorrect.
The patches, as posted, are broken:
- they introduce a new configuration file when mkinitrd already has one
Point taken, I checked and there's nothing that can't be done with the existing config file. So, everything is optional with /etc/sysconfig/mkinitrd. A new set of patches are available at the website. I'll be updating the instructions today or tomorrow.
- they hardcode device names in the exact same way that /etc/crypttab
does, meaning that it will fail in the exact same way with hotplugged
drives or device ordering changes that /etc/crypttab does (and does
with a vengeance in any FC6 -> F7 upgrade). Considering this is the
root device, that's *bad*.
Current encryption support does have a drawback. Either we can identify the device by taking the first/last X bytes of a raw device (if they do not change) as a UUID of sorts and scan all block devices for that "signature", or we have to know the target to decrypt. I'm at a loss of how to scan all candidate devices for said identifier.
I agree, /etc/crypttab works after mounting / and all has all the drawbacks you are mentioning.
--
The early bird may get the worm, but the it's the second mouse that gets the cheese.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
