| Summary: | sys-kernel/genkernel - TpmCrypt support | ||
|---|---|---|---|
| Product: | Gentoo Hosted Projects | Reporter: | Philipp Deppenwiese <zaolin> |
| Component: | genkernel | Assignee: | Gentoo Genkernel Maintainers <genkernel> |
| Status: | CONFIRMED --- | ||
| Severity: | enhancement | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.tpmcrypt.org | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | TpmCrypt patch for genkernel | ||
|
Description
Philipp Deppenwiese
2011-03-15 01:39:18 UTC
Created attachment 265903 [details, diff]
TpmCrypt patch for genkernel
(In reply to comment #1) > Created attachment 265903 [details, diff] > TpmCrypt patch for genkernel Ok, 1: which version of genkernel are you patching against? I would suggest you to do the patch against the experimental branch[1] of our git, since that is where the action is before it gets backported into master, and I am pretty sure your patch will not apply cleanly against it. 2: historically, genkernel has always had the ambition to be able to build a tool itself if it does not exist a static version on the host system already. I cannot see this in your patch (i.e. build_tpmcrypt)? As we are moving towards using dracut for ramdisk-creation, this might not be such a big issue to get this merged anymore, however it needs to be considered. About append_tpmcrypt, why do you copy the logfile into the ramdisk? And why the /usr/lib/*.so? If the execs are static, those should libs not be needed. Also maybe change the message "Not Implemented" to "No static execs found" which is more descriptive for the case. 3: only check for CDROOT in linuxrc, and move the TPMCRYPT check to initrd.scripts. You should also start with testing so all the files needed really is in the ramdisk (otherwise stuff might break bad if you try "dotpmcrypt" and the ramdisk does not have the binaries appended). 4: have you for above stated reasons also looked into a dracut module or does it already exists? These are the points that comes to my mind. There may be more, I have not looked too deeply into append_tpmcrypt. [1] http://git.overlays.gentoo.org/gitweb/?p=proj/genkernel.git;a=shortlog;h=refs/heads/experimental (In reply to comment #2) > 2: historically, genkernel has always had the ambition to be able to build a > tool itself if it does not exist a static version on the host system already. I > cannot see this in your patch (i.e. build_tpmcrypt)? An exception may be if the software needed has an ebuild in tree that is able to produce static and dynamic executables side by side. LVM for instance would qualify with both /sbin/lvm and /sbin/lvm.static. Does all of the tpmcrypt software have ebuilds in Gentoo? I ran "eix tpm" and found no tpmcrypt.org in the list. > As we are moving towards > using dracut for ramdisk-creation, this might not be such a big issue to get > this merged anymore, however it needs to be considered. When we add your patch to genkernel 3.x that adds one more thing that has to be ported to Dracut for genkernel 4.x to not leave a whole. Philipp, will you be able to do that work for us? > These are the points that comes to my mind. There may be more, I have not > looked too deeply into append_tpmcrypt. One more tiny thing: you're patch includes non-tpm whitespace changes at at least one place. Please remove that part. Hi, first thank you for the many responses > Does all of the tpmcrypt software have ebuilds in Gentoo? > I ran "eix tpm" and found no tpmcrypt.org in the list. Unfortunately, there is no ebuild, since only an alpha version exists. In one or two months I will publish the stable version and thus the ebuild. > When we add your patch to genkernel 3.x that adds one more thing that has to be > ported to Dracut for genkernel 4.x to not leave a whole. Philipp, will you be > able to do that work for us? During this week I will add the final patch for genkernel and dracut. |
