On Thu, Sep 03, 2009 at 04:06:53PM +0200, Daniel Leidert wrote:
> > I'm thinking about moving gpg to /bin to solve bugs #386980 and #477671.
That may be a workaround, but IMHO this is really a bug/limitation in
the way the current init scripts are set up.
There is already the "_netdev" flag in fstab to defer mounting some
filesystems after the network has been initialized. There could be a
similar "_cryptdev" tag for encrypted devices. Then the boot process
would look like:
- do the equivalent of "mount -a -O no_netdev,no_cryptdev". /usr
should be mounted by this step, since it should not contain sensitive
information, therefore it should not be encrypted, or at least not
using gpg.
- configure the network
- "mount -a -O _netdev,no_cryptdev"
- unlock encrypted devices (incl. encrypted iSCSI/AoE/etc. devices)
- "mount -a -O _netdev,_cryptdev"
Now the question is when/how to run fsck, but it is already a problem if
you want to have a file system on an LVM device where one of the PVs is
an AoE device, as I've found out the other day...
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
