Michael Tautschnig schrieb: >> Michael Tautschnig schrieb: >> >>>> I have defined encrypted swap and tmp like this >>>> >>>> disk_config lvm >>>> vg vg1 disk1.6 >>>> vg1-swap swap:encrypt 2048 swap sw >>>> vg1-tmp /tmp:encrypt 1024 ext2 rw >>>> ... >>>> >>>> This works during setup, two device-mapper devices crypt_dev_vg1_tmp and >>>> crypt_dev_vg1_swap are created and written to fstab, but no crypttab is >>>> generated. I am doing this now with a script, but from taking a look at >>>> setup-storage source it looks like it shoud create a correct crypttab, >>>> right? >>>> >>>> >>>> >>> Indeed it should, yes :-) Hmm, are you using the experimental FAI version or >>> 3.2.20 or something? Looking at my experimental patch named >>> setup-storage_full-crypto-support the comment induces that it might not >>> work on >>> LVM devices without this patch :-) That means: >>> >>> - Are you using the experimental builds or the stable release? >>> - Would you be willing to test the experimental version in this case? >>> - If so, I'd happily merge that patch into mainline as I just left it in the >>> experimental branch because it had not seen sufficient testing. >>> >>> Thanks a lot, >>> Michael >>> >>> >> I am using the stable packages (3.2.20) from the lenny repository. I >> would give the experimental version a try. >> > pi> > > You can download/install them by adding the experimental/koeln repository as > described on the wiki page: > > http://faiwiki.debian.net/index.php/Main_Page#getting_FAI > > Best, > Michael > I tried today with 3.2.23beta4, and it did not work :-(
What I see is a crypttab which is in /tmp/fai/crypttab during install and later saved to the log folder, but this one does not get copied to the target. Moreover, this crypttab refers to a keyfile in /tmp, like this: crypt_dev_vg1_tmp /dev/mapper/vg1-tmp /tmp/fai/crypt_dev_vg1_tmp luks But what I want is crypt_dev_vg1_tmp /dev/mapper/vg1-tmp /dev/urandom tmp That's what setup-storage is supposed to do, right? (At least if using the :randinit option) Additionally, I forgot to mention in my first post that I need to load the device mapper modules including dm_crypt manually using a partition.DEFAULT hook. Without that, no LVM (even without encryption) will work, complaining about lack of device-mapper support. Bye, Andreas
