On Sat, 2006-04-29 at 14:03 +0100, Karanbir Singh wrote:
I've made a modified version of the initscript package. This adds support for using dm-crypt encrypted filesystems on boot.
It allows encrypted swap, and encrypted storage directories. However, it's not really designed for having an encrypted root filesystem (although it could possibly be adapted without too much hassle).
I have a source RPM available here: http://www.jethrocarr.com/packages/SRPMS/initscripts-7.93.24.EL-1.1.1.centos...
can you post a diff -u .patch for the buildroot ? or do it for Source and one for .spec
Patch for the source code available here: http://patches.jethrocarr.com/initscripts-7.93.24.EL-encryptedfs.patch
Patch for the .spec file attached to this email.
I wasn't sure what to name it, so I added a .1 and my name to the release name. Feel free to change this to suit if you do decide to add it to one of the repos. :-)
look at some of the .specs from the centosplus repo ( which is where this package will head into, if accepted. ) - specially look at the ?dist tag added in Release: the buildsystem will replace those DistTag's to make some sense automatically.
hmm... The packages in the centosplus repo all appear to have different naming schemes. :-/
If you pointed me at an example that you think is the right way, I can take a look at it. :-)
Usage details and configuration for the encrypted filesystems are in /etc/sysconfig/enc-fstab.
One thing that is important is that for packages you do submit mod's for
- do you intend to keep maintaining them and ensure that any security /
bug fix related errata from upstream / developers is incorporated in a timely fashion ?
( not sure how relevant that would be here, since dm-crypt and cryptsetup is already in the distro and tracked from upstream )
Because it is an extra package, I will reapply the patch and create a new RPM if a newer version of the initscripts RPM is released. I like to keep the packages that I use secure. :-)
I'm going to see if there is any encrypted fs support in the latest version of fedora - if the patch went upstream to the initscripts developers it would be nice - could end up in future releases of RHEL. ;-)