Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-catalyst

From: Nelson Batalha <nelson_batalha@×××××××.com>
To: gentoo-catalyst@l.g.o
Subject: [gentoo-catalyst] Using catalyst to build encrypted livecd's
Date: Sun, 08 Apr 2007 14:29:03
Message-Id: BAY114-F222D86938035E9617B23AF65A0@phx.gbl
1 Hi,
2
3 Chris Gianelloni, can't thank enough.
4
5 Everyone: in the last days, since I couldn't find anyone that has built
6 encrypted cd's with catalyst, I researched and studied lots -> theoretically
7 I think everything is worked out. (Unless you know of one, then please stop
8 reading and post your experiences :).
9
10 I was hoping to discuss here the best way to do encrypted livecd's seamless
11 with catalyst, with a minimal catalyst patch! (as it stands I don't think
12 it's possible to make one)
13
14 I chose Luks, since seems genkernel is supporting it (no docs though),
15 however this will force us to use two loops, (performance issues?). An
16 alternative is loop-aes -> one loop only.
17
18 What I came up with would require just a trivial patch to Catalyst: to add
19 the livecd-stage2 specs an argument, like livecd/fsscript: but would run a
20 script in the real cd root, just before the iso creation. Why? These are the
21 steps:
22
23 On gk arguments we would add initramfs a cryptsetup binary with
24 --initramfs-overlay; we would also add a custom initrc that would put our
25 encrypted squashfs file in a loop, and cryptsetup would unencrypt it in a
26 different loop - and call it our root.
27
28 The patch to catalyst would allow us to write a script to convert the
29 squashfs in a encrypted one. First we knew the final squashfs size, so it
30 would just create a file with dd with that size from /dev/zero. Then it
31 would mount this file in a loop, cryptsetup would use it and open it in a
32 different loop, and then we would mksquashfs the contents in it.
33
34 Any problems, comments or alternatives? Would you accept this patch? My bash
35 is ok now, gonna take some time to write the python stuff.
36
37 _________________________________________________________________
38 Express yourself instantly with MSN Messenger! Download today it's FREE!
39 http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
40
41 --
42 gentoo-catalyst@g.o mailing list

Replies

Subject Author
Re: [gentoo-catalyst] Using catalyst to build encrypted livecd's Chris Gianelloni <wolf31o2@g.o>
Report Message
Find on MARC Find on Google Groups