Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Jan 2010 18:42:32 +0100
From:      Roland Smith <rsmith@xs4all.nl>
To:        Scott Bennett <bennett@cs.niu.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: GELI file systems unusable after "glabel label" operations
Message-ID:  <20100114174232.GA12391@slackbox.xs4all.nl>
In-Reply-To: <201001140731.o0E7VtQ0018243@mp.cs.niu.edu>
References:  <201001140731.o0E7VtQ0018243@mp.cs.niu.edu>

next in thread | previous in thread | raw e-mail | index | archive | help

--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jan 14, 2010 at 01:31:55AM -0600, Scott Bennett wrote:
>      I used "glabel label" to label each of the file systems I have on ex=
ternal
> disk drives.  Unfortunately, afterward I am now unable to "geli attach" a=
ny of
> the GELI-encrypted file systems.  The system is FreeBSD 7.2-STABLE.  Is t=
here
> a way to get this to work?  Or have I just lost everything in the encrypt=
ed
> file systems?

Did you use 'geli init /dev/daXsY' and 'glabel label  /dev/daXsY'? That will
overwrite the geli metadata with the glabel metadata!=20

Check /var/backups. There should be *.eli files there. Those are the automa=
tic
metadata backups that 'geli init' makes (at least in 8.0). You can restore
those backups with 'geli restore'.

Running 'geli init' again with the same parameters will not work, because
'geli init' uses a random component in the key generation. In other words, =
two
inits with the same password will not generate the same key!

What you should have done (for future refrence) is use geli(8) to create the
encrypted device, then create a filesystem on that encrypted device with
newfs(8) using the '-L' flag to set the volume name. Or use tunefs(8) to set
the volume name later. These names will be automatically recognized next ti=
me
you attach it and listed in /dev/ufs/.

Roland
--=20
R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEARECAAYFAktPV4gACgkQEnfvsMMhpyUjXQCcCVwohdAAR9QlLRH8Qfz5bmpO
yJEAnA5ciJlT9GXVk8eHJE7pZZxiQplY
=0NSO
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100114174232.GA12391>