[Pkg-gnupg-maint] RFC: Moving gpg to /bin?
Gabor Gombas
gombasg at sztaki.hu
Thu Sep 3 16:39:17 UTC 2009
On Thu, Sep 03, 2009 at 04:06:53PM +0200, Daniel Leidert wrote:
> > I'm thinking about moving gpg to /bin to solve bugs #386980 and #477671.
That may be a workaround, but IMHO this is really a bug/limitation in
the way the current init scripts are set up.
There is already the "_netdev" flag in fstab to defer mounting some
filesystems after the network has been initialized. There could be a
similar "_cryptdev" tag for encrypted devices. Then the boot process
would look like:
- do the equivalent of "mount -a -O no_netdev,no_cryptdev". /usr
should be mounted by this step, since it should not contain sensitive
information, therefore it should not be encrypted, or at least not
using gpg.
- configure the network
- "mount -a -O _netdev,no_cryptdev"
- unlock encrypted devices (incl. encrypted iSCSI/AoE/etc. devices)
- "mount -a -O _netdev,_cryptdev"
Now the question is when/how to run fsck, but it is already a problem if
you want to have a file system on an LVM device where one of the PVs is
an AoE device, as I've found out the other day...
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
More information about the Pkg-gnupg-maint
mailing list