I'm not able to attend the meeting this weekend, so following Davide's example, I'll also post a status report for integration of crypto and partman:
o partman-crypto the version of partman-crypto which is in unstable/testing is ancient and lacks the proper dependencies. A new version (5) has been in the ftp-master NEW queue for a bit more than a week. New uploads of partman-crypto are on hold until it has been processed. This is currently the biggest blocker for working (dm-crypt) crypto support in partman. o partman-crypto device-mapper support the device-mapper support of partman-crypto is now at the point where it is possible to do a root-on-crypto and root-on-lvm-on-crypto installation (version 5 or later). dm-crypt support is mostly feature-complete. o partman-auto-crypto I created a partman-auto-crypto package in my personal dir (d-i/people/alphix-guest). The basic functionality seems to work - it creates a /boot partition, a swap partition and one large encrypted partition which in turn holds a LVM PV which is used for the rest of the partitions (root and possibly /home depending on the recipe). The benefit of using LVM on crypto is that a single password needs to be input during boot to access all partitions (instead of one password per partition). Looking at the TODO list, partman-auto-crypto needs better integration with partman-auto-lvm and partman-crypto. Most importantly, shared parts need to be split out into shared scripts rather than duplicated, this will also remove confusing and/or irrelevant prompts that are currently displayed. I'll work on this some more in a few days, I believe I will be able to get it to the stage where it could be moved to trunk during next week. It relies on the newer partman-crypto though but it will have to go through the NEW queue as well so partman-crypto should already be in unstable once that's done. Apart from the duplicated code, the major blocker right now is that partman-auto-lvm creates the swap partition outside of the lvm which partman-crypto refuses to allow (as keys and sensitive data could be writted to en unencrypted swap partition which would defeat the purpose of the encryption). I'll initiate a discussion on debian-devel, debian-kernel and with yaird/initramfs-tools maintainers next week to see if it would be possible to change partman-auto-lvm to create the swap partition as a LVM LV. An alternative solution would of course be to create specific recipies for partman-auto-crypto, but I'd like to avoid it if possible since they would be copies of partman-auto-lvm with the exception of the swap partition. o cryptsetup-udeb cryptsetup-udeb 2:1.0.3-2 which contains important fixes for LVM/crypto combinations has migrated to testing. Some more fixes are probably necessary for root-on-crypto-on-lvm (as opposed to root-on-lvm-on-crypto which works), they should be present in the next version of cryptsetup-udeb (unreleased). o partman-lvm the recent upload (version 38) should fix the bugs introduced by the rewrite and integration of the lvmcfg functionality which broke partman-auto-lvm and introduced some formatting bugs. Together with the new lvm2-udeb (2.02.06-2), this should restore both partman-lvm and partman-auto-lvm to working order. o documentation still needs to be written for partman-crypto, partman-auto-crypto and cryptsetup initramfs hooks. It's possible that it also needs to be updated to account for the changes to partman-auto-lvm and partman-lvm. o device locking as discussed on debian-boot a week ago or so, I've committed a patch which adds the ability to "lock" partitions or devices (that are in use for some other system, e.g. as a lvm PV or an encrypted device). The functionality is there and integrated with partman-lvm and partman-crypto but there might be other packages which might benefit from it (e.g. RAID devices). Regards, David -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
