[PC-BSD Testing] Encrypted Install Problems
kris at pcbsd.com
Tue Feb 2 12:43:32 PST 2010
On 02/02/2010 15:20, Mike Bybee wrote:
> On Tue, Feb 2, 2010 at 12:23 PM, Josh Paetzel<josh at tcbug.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> On 02/02/10 13:13, Mike Bybee wrote:
>>> Hi all - has anyone had any success doing an encrypted /usr mount on the
>>> I have one running that way under 7, but so far 3 consecutive installs on
>>> RC have resulted in some variation of this error:
>>> (single user mode)
>>> Setting hostid: 0x94f9b9ed.
>>> Entropy harvesting: interrupts ethernet point_to_point kickstart.
>>> Configuring Disk Encryption for label/usr0.
>>> geli: Cannot read metadata from label/usr0: Invalid argument.
>>> Attach failed; attempt 1of 3.
>>> Starting file system checks:
>>> /dev/label/rootfs0: FILE SYSTEM CLEAN; SKIPPING CHECKS
>>> /dev/label/rootfs0: clean, 830817 free (2297 frags, 103565 blocks, 0.2%
>>> /dev/lable/var0: FILE SYSTEM CLEAN; SKIPPING CHECKS
>>> /dev/label/rootfs0: clean, 484206 free (334frags, 60484 blocks, 0.1%
>>> Can't stat /dev/label/usr0.eli: No such file or directory
>>> Unknown error; help!
>>> ERROR: ABORTING BOOT (sending SIGTERM to parent)!
>>> Each time this happens after the initial install complete successfully.
>>> is under VirtualBox.
>>> Running dmesg shows that the device was created at one point:
>>> GEOM_ELI: Device ad0s1e.eli created.
>>> GEOM_ELI: Encryption: AES-CBC 128
>>> GEOM_ELI: Crypto: software
>>> No errors in dmesg.
>>> I'll re-run the same install again w/o encryption, but leave this session
>>> for any suggestions.
>> The filesystem label probably isn't usr0.eli
>> Does it go to single user? Can you ls /dev/label/ ?
>> - --
>> Josh Paetzel
> It does go single user. Here's what that produces:
> # ls /dev/label
> rootfs0 swap0 usr0 var0
> Looks like the /etc/fstab has /dev/label/usr0.eli
> I tried mounting /usr0 directly (via mount /dev/label/usr0 /usr) and that
> seems to work fine. I can read the filesystem.
> I modified /etc/fstab for this (saving the original), and I'll try a restart
Ahh, that looks like the problem for sure. I did a test here, and when
we use glabel, the .eli extension is no longer necessary on the
'labelized' name. I'll fix this in SVN right away :)
More information about the Testing