GNU bug report logs - #52882
[PATCH] gnu: system: Add crypt-key field for mapped filesystems

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: chayleaf <chayleaf <at> pavluk.org>
Cc: 52882 <at> debbugs.gnu.org, Josselin Poiret <dev <at> jpoiret.xyz>, chayleaf <chayleaf <at> protonmail.com>
Subject: [bug#52882] [PATCH] gnu: system: Add crypt-key field for mapped filesystems
Date: Wed, 05 Jan 2022 22:20:37 +0100

Hello,

One comment about the interface (the security showstopper Josselin
described would need to be addressed first, though):

chayleaf <chayleaf <at> pavluk.org> skribis:

> --- a/gnu/system/mapped-devices.scm
> +++ b/gnu/system/mapped-devices.scm
> @@ -50,6 +50,7 @@ (define-module (gnu system mapped-devices)
>              mapped-device-target
>              mapped-device-targets
>              mapped-device-type
> +            mapped-device-crypt-key
>              mapped-device-location
>  
>              mapped-device-kind
> @@ -80,6 +81,8 @@ (define-record-type* <mapped-device> %mapped-device
>    (source    mapped-device-source)                ;string | list of strings
>    (targets   mapped-device-targets)               ;list of strings
>    (type      mapped-device-type)                  ;<mapped-device-kind>
> +  (crypt-key mapped-device-crypt-key              ;bytevector | gexp
> +             (default (const #f)))
>    (location  mapped-device-location
>               (default (current-source-location)) (innate)))

The <mapped-device> type is used for mapped devices other than LUKS,
such as RAID devices.  Thus, there’s no reason for there to be a
‘crypt-key’ field.

Instead, the extra information should be passed in some other way,
either via the ‘source’ field, or maybe via an extra ‘arguments’ field
that would be passed as-is to the mapped-device type handler.

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.