Hello, Am Mittwoch, 15. November 2006 21:17 schrieb Andreas Jaeger:
for tomorrow's meeting we have one topic so far:
Encrypted Home Partitions:
- Use dm-crypt and LUKS by default for newly encrypted partitions
From what I remember from the german Linux Magazin some time ago (multiple passwords per partition, passwords easily changeable etc.), this is a very good idea :-) [... more good ideas snipped ...]
Any comments, suggestions etc?
I'd propose to check how useful /etc/cryptotab is. I see several disadvantages compared to an entry in /etc/fstab: a) /etc/cryptotab needs an explicit /dev/loopX entry YaST2 always puts the first (at partition creation time) available device (usually /dev/loop0) to /etc/cryptotab This becomes funny if you manually add a loop mount to your fstab which is mounted at boot time - in fact, you won't be able to mount the encrypted partition because /dev/loop0 is already in use. In fstab, you don't need to specify which loop device to use - you specify the "loop" option and it simply uses the first available, whatever number it has. Yes, you can specify which loop device to use in /etc/fstab or you can modify /etc/cryptotab to use another loop device - but this are ugly workarounds. b) if you skipped mounting your encrypted partition while booting, you can't mount them with "mount" afterwards if they are not listed in fstab. See also https://bugzilla.novell.com/show_bug.cgi?id=209647 (which might be invalid for yast2-storage, but not for the whole story) In short, there's no additional value by using a separate file (/etc/cryptotab) for encrypted partitions, but several disadvantages and problems. OTOH, I see no disadvantages when using /etc/fstab for encrypted partitions. Did I already mention that I suggest to drop /etc/cryptotab completely and to put all partitions, including encrypted, to /etc/fstab? ;-)) Regards, Christian Boltz PS: If you decide not to drop /etc/cryptotab, please consider to drop the "loop device" column. I proposed this some time ago [1], but this was (understandable) WONTFIX because it would be an incompatible change. Now that you are going to do major changes, compatibility could get rated lower. [1] https://bugzilla.novell.com/show_bug.cgi?id=77126 (9.3 bug, therefore not public unfortunately) Oh, and /etc/cryptotab bit back in 10.0 ;-) https://bugzilla.novell.com/show_bug.cgi?id=105020 (public bug) Short summary: The installation/update now ignores the "loop device" column... -- [IP-Adresse von ppp0 mit system() ermitteln] Dazu Perl zu verwenden, ähnelt sicherlich ein wenig der Spatzenjagd mit großkalibrigen Langrohrgeschützen...;-) [Christian Schmidt in suse-linux] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org