fai and cryptsetup

Michael Tautschnig mt at debian.org
Sun Sep 26 16:16:07 CEST 2010


Hi Patrick,

> 
> On Sun, Sep 26, 2010 at 01:30:48PM +0200, Michael Tautschnig wrote:
> > Hmm, I thought that using the keyfile just meant "read key from this file" - can
> > you just briefly confirm that this is not the case, i.e., using a keyfile is
> > something totally different from using a passphrase?
> 
> it indeed is. I couldn't find any documentation backing up my statement
> but I just experimented with it a bit. Fact is with a test passphrase
> in a file beeing loaded to a keyslot its not possible to unlock that
> keyslot by using the passphrase in the file as a passphrase.
> 
> Thats what will bite us here.
> Hm, I've tried to create a patch but somehow I fail. Currently
> I have come to a point where the luksFormat is ommitted for no
> reason, making the following push commands fail.. really obscure.
> Maybe you can have a look at it.
> 

[...] (useful patch)

The problem with your patch most probably were the missing pre- and
postconditions that push_command requires for later sorting the commands
according to dependencies. But using the proper cryptsetup command lines from
your patch I've tried to fix it: Could you re-test using
4.0~beta2+experimental18? Should now be available for download.

Best,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
Url : http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20100926/09a2072e/attachment.bin 


More information about the linux-fai mailing list