On Sun, 13 Jan 2019 08:56:55 -0800 (PST) Neven Sajko via arch-general <arch-general@archlinux.org> wrote:
To mount a root GPT partition which resides on an encrypted disk, one needs the kpartx tool to make the mapping for the partition (the kernel does not independently make those for partitions on device mapper maps, which is what a dm-crypt decrypted device is). Thus kpartx needs to be on the Archlinux installation ISO to enable that kind of setup.
Hi, I'm not sure this is applicable to your setup (I'm tired right now but skimmed the hole thread), but I'm using a root GPT inside a LUKS container. To make the kernel aware of the partitions at boot, I run partprobe (part of parted) on the opened LUKS mapping device: $ cat /etc/initcpio/install/partprobe #!/bin/bash build() { add_binary partprobe add_runscript } help() { cat <<HELPEOF This custom hook scans a mapped LUKS container for GPT partitions and informs the OS kernel about them. HELPEOF } $ cat /etc/initcpio/hooks/partprobe #!/usr/bin/ash run_hook() { partprobe /dev/mapper/matrix_vol } Works fine for me. Sorry if I'm missing the point here. Kind Regards, Merlin
It would of course first be necessary for an Archlinux Developer or Trusted User to adopt kpartx, so I hope there is somebody willing to do this ...? Note that kpartx is a common utility and in its own package across a lot of distributions; like Debian, Ubuntu, Fedora, OpenSUSE, ...
Note: it may be possible to use losetup instead of kpartx so as to make a loop device instead of a device map, but that would come with an overhead? Another alternative setup, perhaps more widely used, is having encrypted LVM. While this does not require kpartx, LVM may be undesireable because of its complexity and requiring multiple userspace daemons beside Udev.
Appended is an example PKGBUILD which only installs the kpartx executable and manual page:
pkgname=(kpartx) pkgver=0.7.9 pkgrel=1 pkgdesc='Create device mapper maps for partitions in devices or files' arch=(x86_64) url='http://christophe.varoqui.free.fr' license=(LGPL GPL GPL2) depends=(device-mapper) makedepends=(gzip) source=('mpt.tar.gz::https://git.opensvc.com/?p=multipath-tools/.git;a=snapshot;h=5c67a8b5944dd13...') md5sums=() sha512sums=('d4abc9580b6a3e457c99bee96d5aaab29a984ae77f91cbbe52e1b4af16809319a9100c45ce5600242fa52819dd44a9cb77e13305bc4f9651c532906243f2d544')
build() { cd multipath-tools-5c67a8b/kpartx gcc -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DLIBDM_API_COOKIE -l devmapper -o kpartx $CPPFLAGS $CFLAGS $LDFLAGS *.c gzip kpartx.8 }
package() { cd multipath-tools-5c67a8b/kpartx install -d "$pkgdir/usr/bin" install -m 755 kpartx "$pkgdir/usr/bin" install -d "$pkgdir/usr/share/man/man8" install -m 644 kpartx.8.gz "$pkgdir/usr/share/man/man8" }
-- Merlin Büge