[arch-general] Kpartx should be in the repos and archiso for enabling encrypted GPT install

[Bruno Pagani]

Le 13/01/2019 à 22:22, Neven Sajko via arch-general a écrit :
>> Do you need the swap to be persistent across reboots in order to support
>> hibernation? If not, it is sufficient to have the swap mounted with a
>> randomized key.
> I would like to be able to resume from hibernation, yes.
>
>> If you do need hibernation support, the simple method would be to use a
>> swap file residing on the encrypted /
> Simple as in "already well supported", but not optimal, as swap
> depends on a filesystem.
>
>> The more complex method would be to copy the initramfs encrypt hook and
>> modify it to support an additional encrypted device with a different
>> password.
> I want full disk encryption. There is nothing controversial about FDE,
> it is already covered in the Wiki, except that I want FDE without LVM.
>
>> None of this needs kpartx.
> Thank you for input, indeed all your suggestions would work, but I am
> going for the optimal solution here, and kpartx (or an equivalent
> devmapper program) seems to be a requirement for that.

OK, I know understand your requirements and indeed something like kpartx
is required if you want to be independent from LVM or the filesystem.

I’m not sure what adding it in the ISO would require (outside having it
in the repo of course), but anyway you can still add it yourself it if
you have an internet access during installation. ;)

Feel free to enhance the wiki with this example, being quite different
from the LVM one it might interest others, and eventually lead to the
inclusion of kpartx in the repos (and latter maybe even in the ISO,
though again I’m not sure about the criterion here).

Regards,
Bruno


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20190113/fd08322b/attachment.asc>