From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML, like Gecko)
Description of problem:
I would like to use cryptsetup for creating encrypted block devices. To do this in a useful manner requires that cryptsetup be available before most of the block devices are used (IE when only the root fs is mounted). This means that the binary needs to be moved out of /usr, I think that /usr/sbin is the best location (/bin is not appropriate as a user who lacks administrative privs can't use it).
For an encrypted root file system we need to run cryptsetup from the initrd, so it needs to be statically linked.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Created attachment 103210 [details]
Patch to cryptsetup.spec that causes cryptsetup to be statically linked
Fixed in 0.1-3.
0.1-3 still seems to contain a dynamically linked cryptsetup:
[root@imp permissions.d]# rpm -q cryptsetup
[root@imp permissions.d]# ldd /sbin/cryptsetup
libdevmapper.so.1.00 => /lib/libdevmapper.so.1.00 (0x0fe70000)
libc.so.6 => /lib/tls/libc.so.6 (0x0fd28000)
/lib/ld.so.1 => /lib/ld.so.1 (0x30000000)
I'd like to reopen this bug but I am unable to.
Oops, that's what I get for misreading; 0.1-3 is just statically
linked for moving to the root fs.
The patch I proposed in comment #1 should do it.
Ideally, we should probably add a flag to the configure script that
turns on or off dynamically linking and get the patch up stream.
Fixed in -4.