[buildd-tools-devel] Bug#639105: Bug#639105: please consider adding support for lvm-snapshot on crypted LV
Roger Leigh
rleigh at codelibre.net
Wed Aug 24 09:32:24 UTC 2011
On Wed, Aug 24, 2011 at 08:52:01AM +0200, Marc Haber wrote:
> Contrary to Debian's normal setup, I create my file systems on an
> encrypted LV on an unencrypted PV (Debian creates file sytems on an LV
> on an encrypted PV by default). This allows me to keep LVs with really
> sensitive information locked until they're actually needed, but needs
> support in every script that handles LVs and Snapshots. schroot is one
> of these scripts.
>
> To avoid having build chroots unencrypted, the lvm-snapshot method
> would need to have the possibility to
>
> (1) take the snapshot from a different volume name than the one being
> actually mounted
> (2) unlock the snapshot LV using information from /etc/crypttab
> (3) mount the device that was created during step (2)
> (4) do steps (1) to (3) in reverse when the snapshot is being removed
>
> Please consider adding this in a future version of schroot.
I'll be happy to add this to schroot. Currently the 05lvm setup
script is simply doing an lvcreate when creating and lvremove
when removing a session, respectively. Could you please provide
an example of the commands you would need to run to do this for
an encrypted PV/LV (I guess we should support both; is the PV
method more transparent)? We can then add these to the 05lvm
setup script. Bearing in mind the information the updated
05lvm setup script would require, would we need to add any
new configuration keys to the configuration file for
lvm-snapshot chroots?
Thanks,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20110824/831e501f/attachment.pgp>
More information about the Buildd-tools-devel
mailing list