[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] Finding/designing a tar replacement
|
From: |
Randall Nortman |
|
Subject: |
Re: [rdiff-backup-users] Finding/designing a tar replacement |
|
Date: |
Thu, 25 Sep 2003 11:39:00 -0500 |
|
User-agent: |
Mutt/1.3.28i |
On the subject of mounting a filesystem on loopback devices:
Newer Linux kernels also have the option to encrypt loopback devices
transparently. This allows you to turn any filesystem into an
encrypted filesystem by mounting it on an encrypted loopback device.
I do this with ReiserFS for all my rdiff-backup repositories to get
encryption on them for free, and then I rsync the encrypted filesystem
image to a third (untrusted) offsite machine for a
backup-of-the-backup.
In order to make this work, you need a patched 2.4 kernel (including
the Linux kernel crypto API and the cryptoloop module) or a recent
2.5/2.6 kernel, and also a recent losetup. See
http://www.kerneli.org/index.phtml for more information (or ask me,
because I just did this myself a couple of weeks ago and it's all
fresh in my mind). Once all this is set up, you can do something
like:
dd if=/dev/random of=/path/to/image.dat bs=1M count=<xxx>
losetup -e blowfish /dev/loop0 /path/to/image.dat
[You will be prompted for keysize and passphrase]
mkreiserfs /dev/loop0
mount -t reiserfs /dev/loop0 /mnt/backup-volume
If you encrypt in this way, you will not be able to determine file
names, paths, sizes, or even the amount of the filesystem image that's
actually used, unless you know the crypto algorithm used (blowfish in
my example), the key size, and the passphrase.
The disadvantage of the filesystem-on-loopback methodology in general,
as others have pointed out, is that the filesystem is created with a
fixed size and resizing it is inconvenient. Instead of actually using
this method, you might consider simply being inspired by it, and make
a filesystem-like archive format which is written directly to a file
(without need of the loopback driver) with block-level encryption and
automatic sizing of the file. (Sounds like a disseration topic to
me... Hmmm...)
On Wed, Sep 24, 2003 at 05:42:53PM -0700, dean gaudet wrote:
> > Neat, that's a good idea. The strategy of using volumes as file
> > systems should be an important consideration. I didn't even know that
> > Linux could mount an iso image. (How can I try this?)
>
> you want loopback device support -- either built in or as a module.
> (i use this stuff all the time because i maintain image files for
> simulators.)
>
> then it's a simple matter of doing this:
>
> mount -o loop /path/to/isofile /mnt
[...]