Sunday, February 27, 2011

An interesting but mostly pointless exercise.

So, let me explain my mind frame when I was approaching this.  Some of it is quasi logical, other parts is just me being weird.

For some reason or other.. I wanted to have a few raw block devices.  They're usually created using dd command.

ie.  dd if=/dev/zero of=foobar.raw bs=1M count=2048
bs = block size so the size of foobar.raw = 1m * 2048 = 2048mb = 2 gb.

Now some operations you can perform directly on the file foobar.raw (like formatting it), but since I'm trying to do crytpo + lvm, I need to at least pretend that it's a device.  losetup lets me associate a device name, in my case /dev/loop0 with a file on my file system.

So...  here's my instruction set to get a file to behave like a file system, and allow you to do all sorts of unholy things to it.

**Most of these commands assume root.  Either prepend sudo to all of these, or just become root via su - or your favorite procedure to get god mode.

1.  Create a raw file.

    # dd if=/dev/zero of=foobar.raw bs=1M count=2048

2.  Losetup, to associate file with a device name.

    # losetup /dev/loop0  ./foobar.raw


3.  Cryptosetup, really really not needed, but hey.. why not. 

3a.  Format the device we just created (loop0) to be cryptsetup device.
cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/loop0
 
3b.  Lets open the device, and give the encrypted device a name. 
 
 cryptsetup luksOpen /dev/loop0 cryptoLoop    ## 
 
4.  Now that we have an encryption layer.. lets's create an LVM, which allows me to 
extend the size of my file system or join multiple files...and all sorts of craziness/flexibility.

Most of these steps are your standard LVM setup, but we'll note them here for consitency.

pvcreate /dev/mapper/cryptoLoop
vgcreate cryptoLvmGrp
lvcreate -l100%VG -n lvmData cryptoLvmGrp

now, in theory you can format the lvm.

mkfs -t ext3 /dev/cryptoLvmGrp/lvmData
mount /dev/cryptoLvmGrp/lvmData loopback

standard usage rules apply, permissions and such.  Once you're done
using it, you need to shut down all the layers in order.

Shutdown:
1.  umount loopback
2.  vgchange -a n 
3.  crypsetup luksClose cryptoLoop
4.  losetup -d /dev/loop0 


So, in retrospect. I can probably just create an xfs/ext file system and expand the file system as needed... but meh.. I kinda like this elaborate setup.

I'm going post some scripts to automate the creation, loading, and unloading of these systems, though some of the paths for LVM and cryptsetup depends on the distro.

Edit:  https://github.com/safaci2000/RawCryptoLVM  Some really dumb scripts that work for me.  

No comments:

Post a Comment