On Thu, Feb 17, 2011 at 10:24 AM, Bruno Wolff III <bruno@xxxxxxxx> wrote: > On Thu, Feb 17, 2011 at 10:11:37 -0600, > dabicho <tsukebumi@xxxxxxxxx> wrote: >> >> That's ok. And I thought it would work that way, but what I am seeing is this: >> >> If I encrypt root ( / ) (as well as other partitions, each with a >> different passphrase),I get asked for one passphrase without any input >> as to for which partition it is, and all filesystems get mounted >> without any need for me to write any other passphrase, which makes me >> wonder what was the deal about specifying a different passphrase on >> the kickstart if in the end I only use one. > > That sounds like there is a bug where perhaps the same passphrase is being > used for each device. You could probably verify that by running a live image > and then manually running cryptsetup for each device to verify what the > passphrase is. If it looks messed up, then file a bug. > > Note that you just replied to me. You might want to move the discussion > back on list if you have further questions. > (thanks for the head's up) Well, I manually changed the passphrase of one partition and allright, after a reboot I was asked for a password twice, so it looks like it is indeed using the same passphrase for all partitions. Is that the intended behaviour for the kickstart? Is there anything I can do? I guess I can use something like (echo somepassphrase; echo newpassphrase) | cryptsetup luksAddKey someDevice - cryptsetup luksKillSlot someDevice 0 on the %post script And it leaves me with figuring a way to determine the correct 'someDevice' as fstab uses /dev/mapper entry, and crypttab uses UUID to determine the correct device, which after some searching, I could make some relation between them and get the UUID from crypttab and use it with blkid -l -t UUID=something -o device Is there a simpler better way to do it? -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
