Re: encrypted partition configuration on kickstart

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Thu, Feb 17, 2011 at 10:24 AM, Bruno Wolff III <[email protected]> wrote:
> On Thu, Feb 17, 2011 at 10:11:37 -0600,
>  dabicho <[email protected]> wrote:
>> That's ok. And I thought it would work that way, but what I am seeing is this:
>> If I encrypt root ( / ) (as well as other partitions, each with a
>> different passphrase),I get asked for one passphrase without any input
>> as to for which partition it is, and all filesystems get mounted
>> without any need for me to write any other passphrase, which makes me
>> wonder what was the deal about specifying a different passphrase on
>> the kickstart if in the end I only use one.
> That sounds like there is a bug where perhaps the same passphrase is being
> used for each device. You could probably verify that by running a live image
> and then manually running cryptsetup for each device to verify what the
> passphrase is. If it looks messed up, then file a bug.
> Note that you just replied to me. You might want to move the discussion
> back on list if you have further questions.
(thanks for the head's up)

Well, I manually changed the passphrase of one partition and allright,
after a reboot I was asked for a password twice, so it looks like it
is indeed using the same passphrase for all partitions.

Is that the intended behaviour for the kickstart? Is there anything I can do?

I guess I can use something like
(echo  somepassphrase; echo newpassphrase) | cryptsetup luksAddKey someDevice -
cryptsetup luksKillSlot someDevice 0

on the %post script
And it leaves me with figuring a way to  determine the correct 'someDevice'
as fstab uses /dev/mapper entry, and crypttab uses UUID to determine
the correct device, which after some searching, I could make some
relation between them and get the UUID from crypttab and use it with

blkid -l -t UUID=something -o device

Is there a simpler better way to do it?
users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux