Dear friends, I wanted to provide an update with my experience on this (last week).
Recall that I had a few machines with separate /home partitions which needed to be encrypted without erasing them and writing them from backup. I was not that concerned about reinstalling because it takes me a few minutes to get going on Fedora using my own generated LiveCD (which runs OpenBox). From this forum, I learnt about luksipc. I proceeded to make, with Michael Schwendt's help, a RPM. Then I stuck that to my LiveCD kickstart and got a new LiveCD generated. I have four laptops: three were/are ext4 /home partitions but, as ill-luck would have it, one was xfs,. For some reason, luksipc does not work on xfs (because xfs filesystems can not be shrunk down, so I will address the xfs partition a bit later). So, I put on my LiveCD, opened a terminal and went through the steps in: https://johndoe31415.github.io/luksipc/ which is a detailed and thorough step-by-step documentation. After I did this encryption on /home for all three machines (successfully), I then (re-)installed Fedora 23 for each of them. Wow! The fourth, however presented a major issue. Luksipc needs to shrink the partition, and the shrinking tools that I know of (or could find) can not handle an xfs file system. Actually, from what I read, it does not appear to be possible. So, one option was to convert the filesystem to ext4 and then proceed as above. Reading around, I found a tool to do that. This tool is fstransform and is available at https://github.com/cosmos72/fstransform Though strictly not needed, I rolled a RPM (my first without any help or errors!) and created a new LiveCD with this new rpm on. Amazingly, it worked in converting the filesystem from xfs to ext4. (I followed the instructions at that github site.) I then encrypted this new ext4 filesystem using luksipc and went ahead and installed. So, in summary, the exercise worked. I guess I could have not installed, but I was a bit unclear about how to change grub using /etc/defaults/grub to bring in this new encrypted partition. (I did not quite tell which fields to look at.) I am considering submitting my luksipc and fstransform RPMs to Fedora. Perhaps, they could, in the future, be merged with Anaconda to make in situ encryption and filesystem transformation possible. Perhaps, with a few more scripts to automate the process. I thought that this update might be helpful for future folk. Thanks again for all the discussion and for pointing luksipc to me in the first place! Best wishes, Ranjan ____________________________________________________________ FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop! Check it out at http://www.inbox.com/earth -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
