Skip to content
Snippets Groups Projects
New look: Off

Archiso isn't compatible with encrypt hook

    • Open Issue created by Tallero Tallero @tallero

    A proposal to solve this issue is on !25 (closed).

    Edited
    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Tallero Tallero changed title from Archiso hook can't open LUKS filesystems to Archiso hook can't mount LUKS filesystems

      changed title from Archiso hook can't open LUKS filesystems to Archiso hook can't mount LUKS filesystems

    • Tallero Tallero changed title from Archiso hook can't mount LUKS filesystems to Archiso hook can't handle LUKS filesystems

      changed title from Archiso hook can't mount LUKS filesystems to Archiso hook can't handle LUKS filesystems

    • Tallero Tallero mentioned in merge request !25 (closed)

      mentioned in merge request !25 (closed)

      • nl6720
        nl6720 @nl6720 ·
        Developer

        I think changes to the archiso hook should be kept minimal and all the handling should preferably be done by the encrypt hook.

      • Tallero Tallero
        Tallero Tallero @tallero ·
        Author

        How do I open a MR for the cryptsetup package?

        Edited by Tallero Tallero
      • nl6720
        nl6720 @nl6720 ·
        Developer

        You can't open MRs for packages and it's not unlikely that will be possible even after git migration.

      • Tallero Tallero
        Tallero Tallero @tallero ·
        Author

        Wait, you mean it will be possible or not? If not, then why tempt us with this bot-test account? :P

        You mean I've to publish the changes somewhere and report them as solution for a new issue on the main arch bugtracker or email some of the cryptsetup maintainers privately asking them to review and include the patch?

        OT EDIT: yesterday I've sent an email to the aur-requests ML to have 5 packages undeleted and it still hasn't appeared in the archive section, so I was wondering if the message was delivered at all or the ML required extra credentials for write access.

        Edited by Tallero Tallero
      • Tallero Tallero
        Tallero Tallero @tallero ·
        Author

        It seems currently both the encrypt and sd-encrypt hooks support loading encryption keys (with the cryptkey boot parameter) at most as a plain key file on an unencrypted drive.

        Since our key file is instead embedded on another password protected LUKS file image (<keys_device_root>/keysfs.{sfs,erofs}) because my mkarchiso LUKS changes don't cover a passwordless scenario (should they?), do you prefer I edit cryptkey parsing to let users specify their key is not in plain (es. by specifying luks as file system type) or make an entirely new boolean boot parameter (es. cryptkey_encrypted) to signal the key is not in plain text?

        Edited by Tallero Tallero
      • nl6720
        nl6720 @nl6720 ·
        Developer

        The encrypt hook can still be used for the install hook part.

      • Tallero Tallero
        Tallero Tallero @tallero ·
        Author

        I've changed the merge request so that now just adds support for the airootfs image to be set with a modified version of the encrypt hook which also handles disks which are files inside physical disks instead of just physical disks.

        Edited by Tallero Tallero
      • Please register or sign in to reply
    • Tallero Tallero changed title from Archiso hook can't handle LUKS filesystems to Archiso isn't compatible with encrypt hook

      changed title from Archiso hook can't handle LUKS filesystems to Archiso isn't compatible with encrypt hook

    Please register or sign in to reply