diff options
author | Roger Newman <roger.newman@riseup.net> | 2014-10-08 13:11:22 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-10-08 11:45:29 +0000 |
commit | 7a572cf8890d22a4dd35d3a1db03a2c2d77dcdb1 (patch) | |
tree | f283c37e0d29e8a242868172149d77eb2c543ecc /main/cryptsetup/dmcrypt.confd | |
parent | 5f40964641a56938d86361d87d9b427aef00ed59 (diff) | |
download | aports-7a572cf8890d22a4dd35d3a1db03a2c2d77dcdb1.tar.bz2 aports-7a572cf8890d22a4dd35d3a1db03a2c2d77dcdb1.tar.xz |
main/cryptsetup: add support for dmcrypt at boot
Diffstat (limited to 'main/cryptsetup/dmcrypt.confd')
-rw-r--r-- | main/cryptsetup/dmcrypt.confd | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/main/cryptsetup/dmcrypt.confd b/main/cryptsetup/dmcrypt.confd new file mode 100644 index 0000000000..35a1fd2cb3 --- /dev/null +++ b/main/cryptsetup/dmcrypt.confd @@ -0,0 +1,98 @@ +# /etc/conf.d/dmcrypt + +# For people who run dmcrypt on top of some other layer (like raid), +# use rc_need to specify that requirement. See the runscript(8) man +# page for more information. + +#-------------------- +# Instructions +#-------------------- + +# Note regarding the syntax of this file. This file is *almost* bash, +# but each line is evaluated separately. Separate swaps/targets can be +# specified. The init-script which reads this file assumes that a +# swap= or target= line starts a new section, similar to lilo or grub +# configuration. + +# Note when using gpg keys and /usr on a separate partition, you will +# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly +# and ensure that gpg has been compiled statically. +# See http://bugs.gentoo.org/90482 for more information. + +# Note that the init-script which reads this file detects whether your +# partition is LUKS or not. No mkfs is run unless you specify a makefs +# option. + +# Global options: +#---------------- + +# Max number of checks to perform (1 per second) +#dmcrypt_max_timeout=120 + +# Arguments: +#----------- +# target=<name> == Mapping name for partition. +# swap=<name> == Mapping name for swap partition. +# source='<dev>' == Real device for partition. +# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media. +# remdev='<dev>' == Device that will be assigned to removable media. +# gpg_options='<opts>' == Default are --quiet --decrypt +# options='<opts>' == cryptsetup, for LUKS you can only use --readonly +# loop_file='<file>' == Loopback file. +# pre_mount='cmds' == commands to execute before mounting partition. +# post_mount='cmds' == commands to execute after mounting partition. +#----------- +# Supported Modes +# gpg == decrypt and pipe key into cryptsetup. +# Note: new-line character must not be part of key. +# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey' + +#-------------------- +# dm-crypt examples +#-------------------- + +## swap +# Swap partitions. These should come first so that no keys make their +# way into unencrypted swap. +# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom +# If no makefs is given then mkswap will be assumed +#swap=crypt-swap +#source='/dev/hda2' + +## /home with passphrase +#target=crypt-home +#source='/dev/hda5' + +## /home with regular keyfile +#target=crypt-home +#source='/dev/hda5' +#key='/full/path/to/homekey' + +## /home with gpg protected key +#target=crypt-home +#source='/dev/hda5' +#key='/full/path/to/homekey:gpg' + +## /home with regular keyfile on removable media(such as usb-stick) +#target=crypt-home +#source='/dev/hda5' +#key='/full/path/to/homekey' +#remdev='/dev/sda1' + +##/home with gpg protected key on removable media(such as usb-stick) +#target=crypt-home +#source='/dev/hda5' +#key='/full/path/to/homekey:gpg' +#remdev='/dev/sda1' + +##/tmp with regular keyfile +#target=crypt-tmp +#source='/dev/hda6' +#key='/full/path/to/tmpkey' +#pre_mount='/sbin/mkreiserfs -f -f ${dev}' +#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}' + +## Loopback file example +#mount='crypt-loop-home' +#source='/dev/loop0' +#loop_file='/mnt/crypt/home' |