1 |
Hi, |
2 |
|
3 |
Chris Gianelloni, can't thank enough. |
4 |
|
5 |
Everyone: in the last days, since I couldn't find anyone that has built |
6 |
encrypted cd's with catalyst, I researched and studied lots -> theoretically |
7 |
I think everything is worked out. (Unless you know of one, then please stop |
8 |
reading and post your experiences :). |
9 |
|
10 |
I was hoping to discuss here the best way to do encrypted livecd's seamless |
11 |
with catalyst, with a minimal catalyst patch! (as it stands I don't think |
12 |
it's possible to make one) |
13 |
|
14 |
I chose Luks, since seems genkernel is supporting it (no docs though), |
15 |
however this will force us to use two loops, (performance issues?). An |
16 |
alternative is loop-aes -> one loop only. |
17 |
|
18 |
What I came up with would require just a trivial patch to Catalyst: to add |
19 |
the livecd-stage2 specs an argument, like livecd/fsscript: but would run a |
20 |
script in the real cd root, just before the iso creation. Why? These are the |
21 |
steps: |
22 |
|
23 |
On gk arguments we would add initramfs a cryptsetup binary with |
24 |
--initramfs-overlay; we would also add a custom initrc that would put our |
25 |
encrypted squashfs file in a loop, and cryptsetup would unencrypt it in a |
26 |
different loop - and call it our root. |
27 |
|
28 |
The patch to catalyst would allow us to write a script to convert the |
29 |
squashfs in a encrypted one. First we knew the final squashfs size, so it |
30 |
would just create a file with dd with that size from /dev/zero. Then it |
31 |
would mount this file in a loop, cryptsetup would use it and open it in a |
32 |
different loop, and then we would mksquashfs the contents in it. |
33 |
|
34 |
Any problems, comments or alternatives? Would you accept this patch? My bash |
35 |
is ok now, gonna take some time to write the python stuff. |
36 |
|
37 |
_________________________________________________________________ |
38 |
Express yourself instantly with MSN Messenger! Download today it's FREE! |
39 |
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ |
40 |
|
41 |
-- |
42 |
gentoo-catalyst@g.o mailing list |