Date: Fri, 15 Jan 2010 01:25:50 -0600 (CST) From: Scott Bennett <bennett@cs.niu.edu> To: rsmith@xs4all.nl Cc: freebsd-questions@freebsd.org Subject: Re: GELI file systems unusable after "glabel label" operations Message-ID: <201001150725.o0F7Pook010484@mp.cs.niu.edu>
next in thread | raw e-mail | index | archive | help
On Thu, 14 Jan 2010 18:42:32 +0100 Roland Smith <rsmith@xs4all.nl>
>On Thu, Jan 14, 2010 at 01:31:55AM -0600, Scott Bennett wrote:
>> I used "glabel label" to label each of the file systems I have on ex=
>ternal
>> disk drives. Unfortunately, afterward I am now unable to "geli attach" a=
>ny of
>> the GELI-encrypted file systems. The system is FreeBSD 7.2-STABLE. Is t=
>here
>> a way to get this to work? Or have I just lost everything in the encrypt=
>ed
>> file systems?
>
>Did you use 'geli init /dev/daXsY' and 'glabel label /dev/daXsY'? That will
>overwrite the geli metadata with the glabel metadata!=20
It has been a long time since I created those GELI partitions, but I
think I used the "geli init -K keyfilename /dev/daXsYP", where P is the
partition identifier in slice Y of drive X. What I did when I screwed the
pooch on this was of the form "glabel label fsname /dev/daXsYP", which I had
thought would produce a /dev/label/fsname device and that doing a "geli attach"
afterward would produce a /dev/label/fsname.eli device.
>
>Check /var/backups. There should be *.eli files there. Those are the automa=
>tic
No joy. :-(
>metadata backups that 'geli init' makes (at least in 8.0). You can restore
>those backups with 'geli restore'.
Those must be new in 8.0. I don't see any in 7.2, just {aliases,group,
master.passwd}.bak{,2} in /var/backups.
>
>Running 'geli init' again with the same parameters will not work, because
>'geli init' uses a random component in the key generation. In other words, =
>two
>inits with the same password will not generate the same key!
Is there some way to recover using the existing key files, which I do
still have? And of course, I do know the passphrases.
>
>What you should have done (for future refrence) is use geli(8) to create the
>encrypted device, then create a filesystem on that encrypted device with
>newfs(8) using the '-L' flag to set the volume name. Or use tunefs(8) to set
>the volume name later. These names will be automatically recognized next ti=
>me
>you attach it and listed in /dev/ufs/.
>
Thank you for that information. If only it had been laid out that way
in the man page of the handbook when I read it before starting on the labeling
procedure...sigh.
I have a new 1 TB drive that I will soon connect to the system and begin
creating file systems. I will make gzipped image files with dd(1) of the
damaged partitions and store them on the new drive for a while in case a
workable idea turns up.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001150725.o0F7Pook010484>