[arch-general] Kpartx should be in the repos and archiso for enabling encrypted GPT install

Sun Jan 13 23:22:02 UTC 2019

On Sun, 13 Jan 2019 08:56:55 -0800 (PST)
Neven Sajko via arch-general <arch-general at archlinux.org> wrote:

> To mount a root GPT partition which resides on an encrypted disk, one
> needs the kpartx tool to make the mapping for the partition (the
> kernel does not independently make those for partitions on device
> mapper maps, which is what a dm-crypt decrypted device is). Thus
> kpartx needs to be on the Archlinux installation ISO to enable that
> kind of setup.

Hi,

I'm not sure this is applicable to your setup (I'm tired right now but
skimmed the hole thread), but I'm using a root GPT inside a LUKS
container. To make the kernel aware of the partitions at boot, I run
partprobe (part of parted) on the opened LUKS mapping device:

$ cat /etc/initcpio/install/partprobe 
#!/bin/bash

build() {
    add_binary partprobe
    add_runscript
}

help() {
    cat <<HELPEOF
This custom hook scans a mapped LUKS container for GPT partitions and
informs the OS kernel about them.
HELPEOF
}

$ cat /etc/initcpio/hooks/partprobe 
#!/usr/bin/ash

run_hook() {
    partprobe /dev/mapper/matrix_vol
}

Works fine for me. Sorry if I'm missing the point here.

Kind Regards,

Merlin

> 
> It would of course first be necessary for an Archlinux Developer or
> Trusted User to adopt kpartx, so I hope there is somebody willing to
> do this ...? Note that kpartx is a common utility and in its own
> package across a lot of distributions; like Debian, Ubuntu, Fedora,
> OpenSUSE, ...
> 
> Note: it may be possible to use losetup instead of kpartx so as to
> make a loop device instead of a device map, but that would come with
> an overhead? Another alternative setup, perhaps more widely used, is
> having encrypted LVM. While this does not require kpartx, LVM may be
> undesireable because of its complexity and requiring multiple
> userspace daemons beside Udev.
> 
> Appended is an example PKGBUILD which only installs the kpartx
> executable and manual page:
> 
> pkgname=(kpartx)
> pkgver=0.7.9
> pkgrel=1
> pkgdesc='Create device mapper maps for partitions in devices or files'
> arch=(x86_64)
> url='http://christophe.varoqui.free.fr'
> license=(LGPL GPL GPL2)
> depends=(device-mapper)
> makedepends=(gzip)
> source=('mpt.tar.gz::https://git.opensvc.com/?p=multipath-tools/.git;a=snapshot;h=5c67a8b5944dd13542e6b44fa2ae9803e0cc4282;sf=tgz')
> md5sums=()
> sha512sums=('d4abc9580b6a3e457c99bee96d5aaab29a984ae77f91cbbe52e1b4af16809319a9100c45ce5600242fa52819dd44a9cb77e13305bc4f9651c532906243f2d544')
> 
> build() {
> 	cd multipath-tools-5c67a8b/kpartx
> 	gcc -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
> -DLIBDM_API_COOKIE -l devmapper -o kpartx $CPPFLAGS $CFLAGS $LDFLAGS
> *.c gzip kpartx.8 }
> 
> package() {
> 	cd multipath-tools-5c67a8b/kpartx
> 	install -d "$pkgdir/usr/bin"
> 	install -m 755 kpartx "$pkgdir/usr/bin"
> 	install -d "$pkgdir/usr/share/man/man8"
> 	install -m 644 kpartx.8.gz "$pkgdir/usr/share/man/man8"
> }

-- 
Merlin Büge