~ubuntu-branches/ubuntu/karmic/cryptsetup/karmic

Viewing changes to debian/README.initramfs

Committer: Bazaar Package Importer
Author(s): Reinhard Tartler
Date: 2008-06-14 23:28:51 UTC
Revision ID: james.westby@ubuntu.com-20080614232851-qejvx20e74d8t9wm

Tags: 2:1.0.6-2ubuntu1

* Merge new debian version. Remaining changes:
  - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
    bzr on launchpad.
  - debian/rules: cryptsetup is linked dynamically against libgcrypt and
    libgpg-error.
  - cryptdisks.functions: stop usplash on user input. LP #62751
  - Parse comments in lines not starting with '#', LP #185380
  - If the encrypted source device hasn't shown up yet, give it a
    little while to deal with removable devices. LP #164044
* Depend on race-free version of libdevmapper, thus making udevsettle
  call from cryptsetup binary unnecessary. Dropping patch
  debian/patches/06_run_udevsettle.patch
* remove patch from LP #73862, loading optimized modules has been solved
  in debian in another way.
* cryptdisk.functions: remove spurious call to load_optimized_module.
  LP: #239946
* bugfix: make regex work if keyfile has extended attributes. LP: #231339.
* remove patch in cryptdisks.functions for rexecing the script itself for
  ensuring that a tty is always available. (See LP #58794.) According to
  Scott, this is not necessary anymore.

files added:
debian/doc

debian/doc/cryptdisks_start.xml

debian/doc/cryptdisks_stop.xml

debian/doc/crypttab.xml

debian/doc/manpages.xml

debian/doc/variables.xml.in

debian/initramfs/cryptpassdev-hook

debian/passdev.c

debian/patches/02_manpage.patch

files removed:
debian/cryptdisks_start.8.txt

debian/cryptdisks_stop.8.txt

debian/crypttab.5.txt

debian/patches/06_run_udevsettle.patch

files modified:
debian/README.initramfs

debian/askpass.c

debian/changelog

debian/control

debian/cryptdisks.functions

debian/initramfs/cryptopenct-hook

debian/initramfs/cryptopensc-hook

debian/initramfs/cryptroot-hook

debian/initramfs/cryptroot-script

debian/patches/series

debian/rules

debian/scripts/gen-ssl-key

Show diffs side-by-side

added added

removed removed

debian/README.initramfs

173

After you've followed the above steps, your swap device should be setup

174

automatically after the root device has been setup during the boot stage.

175

176

10. The "passdev" keyscript

177

----------------------------

178

If you have a keyfile on a removable device (e.g. a USB-key), you can use the

179

passdev keyscript. It will wait for the device to appear, mount it read-only,

180

read the key and then unmount the device.

181

182

The "key" part of /etc/crypttab will be interpreted as <device>:<path>, it is

183

strongly recommended that you use one of the persistent device names from

184

/dev/disk/*, e.g. /dev/disk/by-label/myusbkey.

185

186

This is an example of a suitable line in cryptsetup:

187

cryptroot /dev/hda2 /dev/disk/by-label/myusbkey:/keys/root.key cipher=aes-cbc-essiv:sha256,size=256,hash=plain,keyscript=/lib/cryptsetup/scripts/passdev

188

189

The above line would cause the boot to pause until /dev/disk/by-label/myusbkey

190

appears in the fs, then mount that device and use the file /keys/root.key

191

on the device as the key (without any hashing) as the key for the fs.

176

192

177

193

-- David Härdeman <david@hardeman.nu>

Older »