On 4/26/07, <b class="gmail_sendername">Bill Nottingham</b> <<a href="mailto:notting@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">notting@redhat.com</a>> wrote:<div><span class="gmail_quote">
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Bruno Wolff III (<a href="mailto:bruno@wolff.to" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bruno@wolff.to</a>) said:<br>> I think there had been an assumption that this person had been watching
<br>> the bugzilla entry for encrypted file systems and would include patches
<br>> posted there once people reported they were working OK. That assumption seems<br>> to have been incorrect.<br><br>The patches, as posted, are broken:<br><br>- they introduce a new configuration file when mkinitrd already has one
</blockquote><div><br>Point taken, I checked and there's nothing that can't be done with the existing config file. So, everything is optional with /etc/sysconfig/mkinitrd. A new set of patches are available at the website. I'll be updating the instructions today or tomorrow.
<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">- they hardcode device names in the exact same way that /etc/crypttab<br> does, meaning that it will fail in the exact same way with hotplugged
<br> drives or device ordering changes that /etc/crypttab does (and does<br> with a vengeance in any FC6 -> F7 upgrade). Considering this is the<br> root device, that's *bad*.</blockquote><div><br>Current encryption support does have a drawback. Either we can identify the device by taking the first/last X bytes of a raw device (if they do not change) as a UUID of sorts and scan all block devices for that "signature", or we have to know the target to decrypt. I'm at a loss of how to scan all candidate devices for said identifier.
<br><br>I agree, /etc/crypttab works after mounting / and all has all the drawbacks you are mentioning. <br></div></div><br>-- <br>The early bird may get the worm, but the it's the second mouse that gets the cheese.