1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
loop-AES for Debian Max Vozeler <xam@debian.org>
Quick start
-----------
$ apt-get install loop-aes-utils
for Debian kernels
$ m-a auto-install loop-aes
for custom kernels
$ cd /usr/src
$ tar -xjf loop-aes.tar.bz2
$ cd /path/to/kernel
$ make-kpkg modules_image
$ dpkg -i /usr/src/loop-aes*.deb
Building loop-AES with module-assistant
---------------------------------------
module-assistant makes it very easy to build loop-AES packages
for both Debian kernels and custom kernels. It is also the
recommended way to build loop-AES on Debian systems.
The below command builds and installs a loop-AES module package
for the currently running kernel:
# module-assistant auto-install loop-aes
For custom kernels, you can specify the source tree with
option --kernel-dir /path/to/src. More detailed information
can be found in the module-assistant(1) man page.
Building loop-AES in other ways
-------------------------------
loop-AES can also be built using the traditional make-kpkg
modules_image command. More information about this can be
found in the make-kpkg(1) man page.
# cd /usr/src && tar -xjf loop-aes.tar.bz2
It's also possible to build loop-AES without any package
management. In order to do this, you can use the sources
in /usr/src/modules/loop-aes (directories loop-AES and
ciphers) as described in README and README.ciphers.
Mount support
-------------
The loop-AES kernel module requires support in the mount tools
(mount, umount, swapon, losetup) to work correctly that the
Debian mount package doesn't fully provide. In order to get full
loop-AES support, you can install the loop-aes-utils package.
Loading loop-AES with udev
--------------------------
If udev is used to manage /dev, the normal mechanism to load
the loop-AES module automatically does not work. To work around
this problem it is recommended to add "loop" to /etc/modules so
that the modules gets loaded during boot.
Checking file systems
---------------------
The loop-aes-utils package includes an init script to check
file systems on loop-encrypted files/devices at boot before
they will be setup by mount. The script is not enabled by
default, but it is recommended that you enable it so that fsck
can regularly be done. More information can be found in
/usr/share/doc/loop-aes-utils/README.
Note about loop-AES ciphers
---------------------------
The loop-AES cipher modules blowfish, twofish and serpent are
included in this package. They are distributed as a separate
package upstream but have been merged in Debian to allow builds
with correct symbol versioning.
Testsuite in Debian packages
----------------------------
The upstream testsuite for loop-AES and the cipher modules is
provided in the package loop-aes-testsuite. You can use it to verify
correct operation of loop-AES and the cipher kernel modules:
# /usr/sbin/loop-aes-runtests
GnuPG patch (recommended)
-------------------------
The gnupg package in Debian is not built with the loop-AES
patch for increased key iterations (see Debian bug #237908).
The author of loop-AES recommends to apply this patch before
using gnupg to create loop-AES key files.
$ apt-get install build-essential
$ apt-get build-dep gnupg
$ apt-get source gnupg
$ cd gnupg-*
$ dpatch-edit-patch 20_loop-AES
$ patch -p1 < /usr/src/modules/loop-aes/gnupg-1.4.1.diff
$ exit
$ echo 20_loop-AES >> debian/patches/00list
$ dpkg-buildpackage -rfakeroot
$ dpkg -i ../gnupg*.deb
If you want to prevent this package from being upgraded and
overwritten with the (unpatched) Debian version, you can put it
on hold. Note that this prevents automatic upgrades, including
versions that provide security and bug fixes:
$ echo gnupg hold | dpkg --set-selections
Note that the gnupg patch is only relevant at the time keyfiles
are created, so if you don't plan on creating new keyfiles, there
is no need for putting gnupg on hold.
-- Revision: $Id: README.Debian 1237 2006-09-17 22:44:09Z max $
|
