Hi,

I have recently installed SL 5.5, while waiting for the final SL 6 ...

Since this shouldnt be much longer now, I haven't done anything "serious" in my SL 5.5 box...

I really want to shift to SL 6 because there are a lot of packages i need to build which are not in the 5.5 repos... Gnumeric 1.6.3 from epel is unusable, Paraview needs the latest Qt4, Scilab needs a most recent version of PCRE, etc.

Since this will be a production machine, I need stability ( that's why I have chosen SL 6/CentOS 6), as well as some compatibility with closed source apps, like Intel Compilers, Abaqus, or Pro Engineer.


My issue here is the following...:

This machine will have a 2 TB disk which I intend to partition as follows :

100 Mb -> /boot -> ext4
50 Gb -> / -> ext4
1 Gb -> swap -> swap ( this will be a 16 Gigs Ram machine, so... no more swap )
1948.9 Gb -> /home -> ext4 -> luks encrypted

Should I need to reinstall, or decide to change my OS, if I leave /home untouched in the (re)install, i will be able to luks mount my /home, right...?

I mean... any "modern" distro should allow me to do this... right...?

In another thread I was just talking about maybe moving from Mandriva to OpenSUSE. I commented that I have several issues to sort out before I am willing to make the move.

One of those issues is exactly this one. All of my system except the system partition is encrypted. That includes 6 hard drives and partitions everyplace.

Now, I certainly would expect that I can mount any of my encrypted partitions using any Linux distro, but I haven't proved it yet.

In the next couple of days, I am going to unmount one of my data partitions from the host, and make it available as a physical partition for one of my OpenSUSE virtual machines. Then, we'll see. If it is recognized and I can mount it, then that is one less problem to worry about.

I just haven't gotten around to doing it yet.

By the way, I run an encrypted swap partition, and the directories /tmp, /var/cache, and /var/tmp are located on partitions other than my system partition in order to prevent data leaks into the unencrypted part of the computer.

At boot time my /tmp is wiped off, all temporary files from previous sessions vanish, IMHO none of my workhorse apps write to /var/cache and /var/tmp, and all the "critical" files that leave the computer leave as gpg encrypted, is there really need to encrypt /var/*...?

What about if the power plug is pulled, as the thief grabs your machine and heads for the door? If he puts a Knoppix disk into your drive and boots your computer, what might he find in /tmp?

Also, kde uses /var/tmp. My system uses /var/cache. Some of that is Mandriva, some is other things. While writing this, I realized that /var/lib/mysql contains a lot of genuine data, so I just moved it over too. I have just recently completed my platform encryption project, and I elected to not encrypt the system partition for now at least, so as I find these things they get moved.

I see...

The only possibe secure HPC platform would have to be implemented using Computation over encrypted instances then...

Now thieves can steel my machine at will huh... !?

If only i knew enough to deploy such a thing...

Bad attitude.
Backups are more important than encryption in the general scheme of things. Not much good having it all scrambled it you lose access to it (destroyed, not as in stolen).

Thx Syg00

Sometimes ppl just do not bkup out of lazyness... to just regret it when s**t happens...

I've always thought that a /home and a / are enough to keep a system running nicely. /boot is $moot. The exception would be an SSD.

But I'm not the kind of Guru jim or syg are.

Don't get mislead by the "guru" tag - I merely have some experience others may find useful. Or not. Applies to almost all of us.
I've told jeremy I'd be happy if the labels (and post count) were done away with altogether. But that's for other threads.

Exactly. You shouldn't avoid backing up.

Totally agree. Learnt it a bad way through personal experience. Yeah, experience teaches more than anything and anyone in this world.

OK. To follow up on this thread, I have successfully tested dmcrypt, moving a partition from one machine to another.

I unmounted a data partition from my Mandriva 2010.1 32 bit host, and defined that partition as belonging to one of my OpenSUSE 11.3 64 bit virtual machines.

I then booted that OpenSUSE system, did a cryptsetup luksOpen, entered the passphrase, then mounted the opened volume.

I browsed into the volume in OpenSUSE, played a video on the volume, and stored some data there.

I then dismounted the volume from OpenSUSE, remounted it on Mandriva, opened it, and read the data I had written from OpenSUSE.

Now, of course, we would certainly have expected this to work. So, that it works is really no surprise. But we never really know until we try, now do we.

And, given that these are encrypted partitions, if it DOESN'T work, it could cause all kinds of grief. Better to test it first.

Hi...

Nice to know this...

Now waiting for SL to deploy my machine...

I dont care about separate /boot partition, never needed one



I like (and suggest you too) to add a second OS partition - with some basic linux and all kinds of recovery stuff installed, few tar.xz's of the root partition / usefull packages / iso's of the CD of your distro. This way you can instantly recover your OS even if you have nothing at hand besides the computer itself

To minimize the space required for this partition you can store some of the stuff in /home (assuming you are going only to reinstall root ever)

You can go as far as installing a second grub in the root partition and chain loading it from the first grub. This way you garantee that whatever upgrade you do to the main OS you can only screw its grub and not the main grub that boots the recovery system

You can install the second partition system independent so that you can boot the hard drive in any other computer, and use it as a live-hdd (like live-cd) to recover another computer. Dont you just like all those multifunctional tools to be at your hand at all times ?

[Off Topic Nerd]

Pokemon!!!

[/Off Topic Nerd]