Date: Tue, 18 Mar 2008 16:04:52 +0100 From: Raphael Becker <rabe@uugrn.org> To: freebsd-stable@freebsd.org Subject: Using /etc/rc.d/geli with labeled devices on 6.3 Message-ID: <20080318150452.GA1561@ma.sigsys.de>
next in thread | raw e-mail | index | archive | help
--yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, given that /dev/ad12 is a geli encryptet device, you might set up /etc/rc.conf like geli_enable=3D"YES" geli_devices=3D"ad12" geli_ad12_flags=3D"-k /root/keys/geli.ad12.key" I don't like absolute device names (they might change) so I label them e.g. FOOcrypt so it show up like /dev/label/FOOcrypt Attaching the FOOcrypt manually works like # geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt=20 Enter passphrase: The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1] so=20 it will be available on /dev/ufs/FOO and can be mounted: # mount /dev/ufs/FOO How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot? geli_enable=3D"YES" geli_devices=3D"label/FOOcrypt" geli_label/FOOcrypt_flags=3D"-k /root/keys/geli.FOO.key" ^^^^^^^^^^^^^^=20 This won't work. How? TIA. Regards Raphael Becker [1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO --=20 Raphael Becker <rabe@uugrn.org> http://rabe.uugrn.org/ GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D =2E........|.........|.........|.........|.........|.........|.........|.. --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFH39oUnNo+exDKny0RAsMMAKDIo/CqzVPHtDasexT51OajwJW+pACdFR7c n2lFbL4xKIq1frV8XOyljds= =7iJg -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080318150452.GA1561>