On Sun, May 13, 2012 at 01:30:06AM +0200, Marc Haber wrote: > Hi Roger, > > sorry for not getting back to you any sooner.
Please don't worry--after finishing my PhD and starting a new job, this weekend is the first time I've had to really get into schroot development, so the timing is perfect! > On Wed, Aug 24, 2011 at 10:32:24AM +0100, Roger Leigh wrote: > > I'll be happy to add this to schroot. Currently the 05lvm setup > > script is simply doing an lvcreate when creating and lvremove > > when removing a session, respectively. Could you please provide > > an example of the commands you would need to run to do this for > > an encrypted PV/LV (I guess we should support both; is the PV > > method more transparent)? > > Encrypted PV will work with current schroot setup, you can just take a > snapshot from the LV and directly use it. > > Encrypted LV is a little bit harder. > > I would suggest configuration like: > > [sid_build64] > type=crypted-lvm-snapshot > device=/dev/salida/c_sid_build64 > mapping-name=sid_build64 > script-config=zg2-build/config > description=sid amd64 for building packages > users=mh > source-users=mh > personality=linux > lvm-snapshot-options=-L 4G > > You could also auto-generate the mapping-name for the unlocked volume. > That way, things would just work without a new configuration key. > Optionally, you could implement this inside the normal lvm-snapshot > type by trying cryptsetup isLuks <device> which will indicate whether > the device is encrypted or not. > > To enable this chroot, you would need: > > lvcreate --snapshot <lvm-snapshot-options> --name <mapping-name> <device> > cryptdisks_start <mapping-name> > mount /dev/mapper/<mapping-name> <mountpoint> > > This would need the crypttabl line for <device> to be repeated for > <mapping-name>, and the cryptdisks_start call will probably go > interactive, querying the user for the passphrase. > > This is horribly untested. Thanks for the hints to get started with this. With 1.5.2, you should potentially be able to experiment with this using user options--you can just add the mapping-name and anything else you need. You'll get MAPPING_NAME set in the setup scripts, so the script can then use that to set up. This one might need deferring for 1.5.3 in a week or so, due to being a bit harder than the first two, and me lacking a system with any crypted LVs to test on. If you would be willing to give 1.5.2 a try with some custom setup scripts, that would greatly speed up getting this working. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
