headers
Farkas Levente | 13 Jun 18:32

cryptsetup is 100 times slower then in 1.0.6

hi,
my home directory is a luks encrypted volume. the key for this volume is 
on my pendrive. before i'd like to login i just plug my pendrive and it 
then:
- udev recognize my pendrive
- mount one of the partition on it (which hold the keyfile)
- use the keyfile on the mounted partition and open the luks partirion
- mount the device mapper as my home
- umount my pendrive
this was works perfectly on fedora 8 and takes about 2-4sec to my home 
dir be mounted.
now on fedora 9 it's still works, but it takes about 3-4 minutes (!!!) 
to finish. when i look into what happened:
- udev recognize my pendrive
- mount one of the partition on it (which hold the keyfile)
- use the keyfile on the mounted partition and open the luks partirion
and here waits for minutes in this place what is see in ps axf:
--------------------------------------
   522 ?        S<s    0:00 /sbin/udevd -d
  2523 ?        S<     0:00  \_ /sbin/udevd -d
  2536 ?        S<     0:00      \_ /bin/bash /root/bin/home-up 
/dev/System/lfarkas
  2553 ?        S<     0:00          \_ /bin/bash /root/bin/luks-up
/dev/System/lfarkas
  2569 ?        S<L    0:00              \_ /sbin/cryptsetup luksOpen
/dev/System/lfarkas home-lfarkas
  2718 ?        S<     0:00                  \_ /sbin/udevsettle
--------------------------------------
i assume udevsettle wait for something, but i don't know for what?
and why?
(Continue reading)

Permalink | Reply |
headers
Lurkos | 15 Jun 01:31

Re: cryptsetup is 100 times slower then in 1.0.6

On Fri, Jun 13, 2008 at 6:34 PM, Farkas Levente <lfarkas@...> wrote:
> my home directory is a luks encrypted volume. the key for this volume is on
> my pendrive. before i'd like to login i just plug my pendrive and it then:
> - udev recognize my pendrive
> - mount one of the partition on it (which hold the keyfile)
> - use the keyfile on the mounted partition and open the luks partirion
> - mount the device mapper as my home
> - umount my pendrive

I can't help you in solving this problem, but I would be very
interested in knowing how you have realized this solution.
Can you explain me how to configure GNU/Linux (probably init scripts)
to realize this situation?
Thanks a lot.

--

-- 
Lurkos
Permalink | Reply |
headers
Till Maas | 17 Jun 00:33
Favicon

Re: cryptsetup is 100 times slower then in 1.0.6

Lurkos wrote:

> Can you explain me how to configure GNU/Linux (probably init scripts)
> to realize this situation?

You can find the scripts attached to this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=451241

Regards,
Till
Permalink | Reply |
headers
Farkas Levente | 17 Jun 16:00

Re: cryptsetup is 100 times slower then in 1.0.6

On Sun, Jun 15, 2008 at 1:31 AM, Lurkos <lurkos.usenet@...> wrote:

> On Fri, Jun 13, 2008 at 6:34 PM, Farkas Levente <lfarkas@...>
> wrote:
> > my home directory is a luks encrypted volume. the key for this volume is
> on
> > my pendrive. before i'd like to login i just plug my pendrive and it
> then:
> > - udev recognize my pendrive
> > - mount one of the partition on it (which hold the keyfile)
> > - use the keyfile on the mounted partition and open the luks partirion
> > - mount the device mapper as my home
> > - umount my pendrive
>
> I can't help you in solving this problem, but I would be very
> interested in knowing how you have realized this solution.
> Can you explain me how to configure GNU/Linux (probably init scripts)
> to realize this situation?
>

hi,
first of all you need an udev rules to recognize your pendrive in
/etc/udev/rules.d/10-local.rules.
then you need one or two script to do the work. i actually create 4 separate
script (because i use them from other places):
home-up, home-down, luks-up, luks-down. and my home-* scripts also copy an
ssh dsa key for root (so in this case my other scripts run as root has more
power:-)
unfortunately the deadlock still exist and i don't know the solution.
(Continue reading)

Permalink | Reply |
headers
Farkas Levente | 17 Jun 16:05

Re: cryptsetup is 100 times slower then in 1.0.6

Lurkos wrote:
> On Fri, Jun 13, 2008 at 6:34 PM, Farkas Levente <lfarkas@...> wrote:
>> my home directory is a luks encrypted volume. the key for this volume is on
>> my pendrive. before i'd like to login i just plug my pendrive and it then:
>> - udev recognize my pendrive
>> - mount one of the partition on it (which hold the keyfile)
>> - use the keyfile on the mounted partition and open the luks partirion
>> - mount the device mapper as my home
>> - umount my pendrive
> 
> I can't help you in solving this problem, but I would be very
> interested in knowing how you have realized this solution.
> Can you explain me how to configure GNU/Linux (probably init scripts)
> to realize this situation?
> Thanks a lot.

and the scripts:-)

--

-- 
   Levente                               "Si vis pacem para bellum!"

ACTION=="add", KERNEL=="sd[a-z]", SUBSYSTEM=="block", ATTR{size}=="2880",
ATTRS{serial}=="07530736300A", ATTRS{product}=="USB DISK Pro", SYMLINK+="lfarkas",
RUN+="/root/bin/home-up /dev/System/lfarkas"
ACTION=="remove", KERNEL=="sd[a-z]", SUBSYSTEM=="block",
ENV{ID_SERIAL}=="_USB_DISK_Pro_07530736300A*", RUN+="/root/bin/home-down lfarkas"

#!/bin/bash
(Continue reading)

Permalink | Reply |

Gmane