| Summary: | Use EVMS for cryptsetup-luks DM objects | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Brad Allen <ULMO> |
| Component: | New packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | VERIFIED DUPLICATE | ||
| Severity: | enhancement | ||
| Priority: | High | ||
| Version: | 2005.1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | tarball of portage overlay for evms patch | ||
Created attachment 74957 [details]
tarball of portage overlay for evms patch
tar file of portage overlay directory implementing enhancement, including ebuild and patch
Hopefully for the last time: Attach *plaintext* patch to the *original* bug (Bug 115875) and *reopen* that bug then. Do *not* attach tarballs or any other archives, do *not* clone bugs and do *not* file duplicates over and over again. Thanks! *** This bug has been marked as a duplicate of 115875 *** CLOSED Then you ought to have a proper attachment system that is available from the initial bug!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (In reply to comment #4) > Then you ought to have a proper attachment system that is available from the > initial bug!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > http://bugs.gentoo.org/attachment.cgi?bugid=115875&action=enter ^^^^^ !!! |
This is useful for security aspects of Gentoo, mostly including the recent LUKS support Gentoo has better than other distributions. Eventually, we'd like to think that EVMS will do this, but we don't know if or when they might do it, so for now, this is the solution. Perhaps a USE option to EVMS could be implemented to engage this only when that USE value is set (what to call it? evmsdmloop?) I like to put my entire disk or partition in cryptsetup-luks type LUKS partitions/disks. Then, I use EVMS on top of that. That way, not only are the various EVMS meta files and object sizes encrypted, but I can resize my EVMS partitions easily inside EVMS as normal without having to wait for EVMS team to support LUKS directly. To do this, one needs EVMS to recognize the cryptsetup luksOpen created device-mapper device(s) as a device EVMS ought to look at in this way. This has to be carefully done, since you could create loops, so carefully read the email attached and specify the correct options to EVMS and DM configuration files (/etc/evms.conf and /etc/lvm/lvm.conf). It works great for me on two systems I have. This requires a patch in EVMS. It is rather simple. I modified the latest EVMS ebuild by adding someone's patch for this (since they also wanted to do it) and put it into my portage OVERLAY directory. Contained in the attached file is a tar that has this overlay portage ebuild and associated files. The two main different files are etc/portage/sys-fs/evms/evms-2.5.3-r1.ebuild modified to contain the patch and the patch itself, plus updated digests and manifests. Excerpts: --- evms-2.5.3-r1.ebuild.~1~ 2005-11-11 15:36:03.000000000 -0800 +++ evms-2.5.3-r1.ebuild 2005-11-25 11:16:54.000000000 -0800 @@ -27,6 +27,7 @@ cd ${S} epatch ${FILESDIR}/${PV}/compaq_segments.patch epatch ${FILESDIR}/${PV}/md_expand.patch + epatch ${FILESDIR}/${PV}/devmapper.patch } src_compile() { and etc/portage/sys-fs/evms/files/2.5.3/devmapper.patch