[PC-BSD Testing] Encrypted Install Problems

Kris Moore kris at pcbsd.com
Tue Feb 2 12:43:32 PST 2010


On 02/02/2010 15:20, Mike Bybee wrote:
> On Tue, Feb 2, 2010 at 12:23 PM, Josh Paetzel<josh at tcbug.org>  wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 02/02/10 13:13, Mike Bybee wrote:
>>> Hi all - has anyone had any success doing an encrypted /usr mount on the
>> RC?
>>> I have one running that way under 7, but so far 3 consecutive installs on
>> 8
>>> RC have resulted in some variation of this error:
>>>
>>> (single user mode)
>>> Setting hostid: 0x94f9b9ed.
>>> Entropy harvesting: interrupts ethernet point_to_point kickstart.
>>> Configuring Disk Encryption for label/usr0.
>>> geli: Cannot read metadata from label/usr0: Invalid argument.
>>> Attach failed; attempt 1of 3.
>>> (repeats)
>>> Starting file system checks:
>>> /dev/label/rootfs0: FILE SYSTEM CLEAN; SKIPPING CHECKS
>>> /dev/label/rootfs0: clean, 830817 free (2297 frags, 103565 blocks, 0.2%
>>> fragmentation)
>>> /dev/lable/var0: FILE SYSTEM CLEAN; SKIPPING CHECKS
>>> /dev/label/rootfs0: clean, 484206 free (334frags, 60484 blocks, 0.1%
>>> fragmentation)
>>> Can't stat /dev/label/usr0.eli: No such file or directory
>>> Unknown error; help!
>>> ERROR: ABORTING BOOT (sending SIGTERM to parent)!
>>>
>>> Each time this happens after the initial install complete successfully.
>> This
>>> is under VirtualBox.
>>> Running dmesg shows that the device was created at one point:
>>>
>>> GEOM_ELI: Device ad0s1e.eli created.
>>> GEOM_ELI: Encryption: AES-CBC 128
>>> GEOM_ELI:        Crypto: software
>>>
>>> No errors in dmesg.
>>>
>>> I'll re-run the same install again w/o encryption, but leave this session
>> up
>>> for any suggestions.
>>>
>>
>> The filesystem label probably isn't usr0.eli
>>
>> Does it go to single user?  Can you ls /dev/label/ ?
>>
>> - --
>> Thanks,
>>
>> Josh Paetzel
>>
>>
>>
>
> It does go single user. Here's what that produces:
> # ls /dev/label
> rootfs0 swap0 usr0 var0
>
> Looks like the /etc/fstab has /dev/label/usr0.eli
> I tried mounting /usr0 directly (via mount /dev/label/usr0 /usr) and that
> seems to work fine. I can read the filesystem.
> I modified /etc/fstab for this (saving the original), and I'll try a restart
>

Ahh, that looks like the problem for sure. I did a test here, and when 
we use glabel, the .eli extension is no longer necessary on the 
'labelized' name. I'll fix this in SVN right away :)


-- 

Kris Moore
PC-BSD Software
http://www.pcbsd.com


More information about the Testing mailing list