Re: [opensuse-security] How does one convert from /etc/cryptotab to /etc/crypttab

30 Nov 2007

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Friday 2007-11-30 at 09:07 +0100, Ludwig Nussel wrote:
...
...
I'd propose that the above script be included somewhere on the distro, or
published as an alternative method for manually mounting older encrypted
partitions.
The script is no longer needed, boot.crypto is able to handle all
disk formats via crypttab/cryptotab now.
But manually? These are partition/filesystems I don't mount at boot.
...
You can also tell it to manually mount a single partition, e.g.
/etc/init.d/boot.crypto start /secret
What? This is wonderful!
But this is not documented!

   nimrodel:~ # /etc/init.d/boot.crypto
   Usage: /etc/init.d/boot.crypto {start|stop|status|restart}

No help text on this :-(

What do I do, define a partition or filesystem as "noauto" in 
/etc/cryptotab?

[...]

Testing. I create in '/etc/cryptotab' the line:

/dev/loop6   /biggy/crypta_f.mm.x  /mnt/crypta.mm.x   xfs     twofish256    noauto,user,noatime,nodiratime

   nimrodel:~ # /etc/init.d/boot.crypto start /mnt/crypta.mm.x
   /mnt/crypta.mm.x: xfs doesn't exist                               skipped
   Please enter passphrase for /biggy/crypta_f.mm.x: Command failed: Key reading error
   /biggy/crypta_f.mm.x...                                           failed

Maybe it wants the "device" or file, not the mountpoint:

   nimrodel:~ # /etc/init.d/boot.crypto start /biggy/crypta_f.mm.x
   /mnt/crypta.mm.x: xfs doesn't exist                               skipped
   Please enter passphrase for /biggy/crypta_f.mm.x: Command failed: Key reading error
   /biggy/crypta_f.mm.x...                                           failed

No... it doesn't like the file syntax, and it's the same as the existing 
working line:

/dev/loop0    /dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15    /cripta   xfs    twofish256   noatime,nodiratime

- -- 
Cheers,
        Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFHT+W8tTMYHG2NR9URAh+8AJ9nj9WPzorJ5Uz77vuTokopVBQmmgCeNdM+
mq28NIoQvcf0GDei9nM2xL0=
=ZA53
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org