Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
Please add support for version 3.0c (Simple) Please consider adding a new use "keyscrub" by adding the following: use keyscrub && BUILD_PARAMS="${BUILD_PARAMS} KEYSCRUB=y" The keyscrub is very important in protecting the encryption key in memory. Reproducible: Always Steps to Reproduce: 1. 2. 3. The sys-apps/util-linux should also be modified. There is a version 2.12q which patches the files using util-linux-2.12p.diff... Strange.. If I understand correctly it should have been version 2.12p-r2 After you add support for loop-aes-3.0c you should add sys-apps/util-linux-2.12q-r1 which patches the util-linux-2.12q.diff which comes with loop-aes. The message at pkg_postinst of sys-fs/loop-aes should refer to the new util-linux package. I've tested loop-aes-3.0c and it seems stable.
Created an attachment (id=61039) [details] loop-aes.diff Can you please try this patch? If I understand correctly keyscrub should be default on as useflag, or does it do any harm? Can you please explain the util-linux thing a bit better? Why do we need the new version for loop-aes? What should be in the post-emerge message?
*** Bug 95794 has been marked as a duplicate of this bug. ***
Created an attachment (id=61068) [details] Modified loop-aes I prefer to specify every parameter once... So I append the BUILD_PARAMS...
Created an attachment (id=61069) [details] util-linux-2.12q-r1 Here is the modified util-linux which uses RELEASE loop-AES in order to patch the software.
Created an attachment (id=61070) [details] aespipe This is the latest aespipe which is a component of loop-AES that encrypts a device.
> Can you please explain the util-linux thing a bit better? Why do we need the > new version for loop-aes? What should be in the post-emerge message? loop-aes is built uppon three components: 1. Modified loop kernel module that performs the encrypted loop. 2. Modified util-linux (mount, umount, losetup) that support encryption related arguments and pass-phrase. 3. aespipe that allows encryption/decryption of a device. In order to work correctly all version need to be synchronized. I don't know way, but in loop-aes-*.ebuild there is not RDEPEND with linux-util-*... It just state in post emerge that you should install it... I guess it is because you need to specify "crypt" use and that loop-aes cannot check if you did. I've modified util-linux to download the loop-AES and obtain the patch from there. I think it is safer this way. I've also updated the post emerge message to display the proper package name. But I think a solution should be found for dependency that portage may enforce.
> If I understand correctly keyscrub should be default on as useflag, or does it > do any harm? The keyscrub takes CPU resources... So I am not sure it should be enabled by default. It is true that it is more secure... But maybe people do not want to CPU to work harder...
Can you please open new bugs for the util-linux and aespipe maintainers and make this bug depend on them?
Done, bug 95939 - sys-apps/util-linux bug 95941 - app-crypt/aespipe
Can you please proceed? The aespipe maintainer is not responsive and the util-linux update which is the important component already merged into the tree. Current aespipe is too old, event to the loop-aes-3.0b... Whoever uses aespipe must have created his own ebuild already. I will follow the aespipe update. Thanks!
OK, Now all ready.
Thanks! Good job! I didn't know I can "built_with_use util-linux crypt"
If it interest you, you can find a document that describes how to use encrypted root file system and swap when using suspend2... These updates made it available for all. http://wiki.suspend2.net/EncryptedSwapAndRoot?action=show
this is fixed already :)
