HOWTO: Use the new baselayout for filesystem-encryption

[christianbarth]

I recently r-emerged baselayout (same version) and now everything is working fine

[tfh]

Hello all, this new baselayout seems very interesting.
I actualy use encryption with dm_crypt on an headless machine, so typing in a passphrase is not possible.
Right now i store my key on a cdrom, that way if my comp is booted up without the cdrom in then my custom init script won't find the keyfile and won't mount the encrypted partition.
Plus regarding lawenforcement it's better to not even know the key. That way you can't give it up :p.

So does anyone know if it's possible to store the key on an external media with the new baselayout ?


tfh
_________________
tfh
GPG Key:0x960AAEF2
Key Fingerprint: 6763 E0E0 29AC A928 2612 4B14 15FE 6A45 960A AEF2

[Nimo]

I've got swap encrypting working as it should using normal sysvinit, but when using initng "swapon -s" gives no output. What should I do to enable it in initng?
_________________
//Nimo

[kmbarr]

I just did a fresh build last week using the 2.6.11-gentoo-r11 stage 3 build and was having the same problem as christianbarth, all the required packages were installed with the latest versions, my /etc/conf.d/cryptfs and /etc/fstab files were updated [very similar to Christian's], but the device was not getting built in /dev/mapper. I could build the device manually with cryptsetup, mkswap, and swapon and it would work.

Following Christian's advice, I re-emerged baselayout [and cryptsetup while I was at it]. This left me with 40 files in /etc that needed to be updated; so the next step was `etc-udpate`. I had to work through the files manually --most of the files could be replaced with the new versions, but in a few cases this would've overwritten important configuration infomration. Thanks for pointing me the right direction, Christian.

I think the critical issues were in /etc/init.d/localmount and /etc/init.d/checkfs...a number of other scripts in /etc did not appear to be the latest version [besides a lot of changes to 40 files, many of the existing files carried 2004 copyright dates], even though emerge reported that I was re-emerging the same version of baselayout. I think this is a problem with the current 2005.0 builds.

(edit) It looks like a recommendation to upgrade baselayout has been added in the appropriate place in the documentation.

[Massimo B.]

swap encryption works fine. But is there an HowTo for encrypting /home with the baselayout? HowTos like Encrypt a filesystem in a loopback file via dm_crypt don't use the baselayout.
_________________
HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770

[lirel]