From owner-freebsd-stable@FreeBSD.ORG Tue Mar 18 15:29:16 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 01F60106566C for ; Tue, 18 Mar 2008 15:29:16 +0000 (UTC) (envelope-from rabe@uugrn.org) Received: from mail.uugrn.org (mail.uugrn.org [195.49.138.123]) by mx1.freebsd.org (Postfix) with ESMTP id 76F688FC2C for ; Tue, 18 Mar 2008 15:29:15 +0000 (UTC) (envelope-from rabe@uugrn.org) Received: from rabe.uugrn.org (root@rabe.uugrn.org [195.49.138.102]) by mail.uugrn.org (8.13.8/8.13.8) with ESMTP id m2IF4Sdf054094 for ; Tue, 18 Mar 2008 16:04:38 +0100 (CET) (envelope-from rabe@uugrn.org) Received: from daemon.ma.sigsys.de (rabe@rabe.uugrn.org [195.49.138.102]) by rabe.uugrn.org (8.13.8/8.13.8) with ESMTP id m2IF4Shg054090 for ; Tue, 18 Mar 2008 16:04:28 +0100 (CET) (envelope-from rabe@uugrn.org) Received: from daemon.ma.sigsys.de (localhost.ma.sigsys.de [127.0.0.1]) by daemon.ma.sigsys.de (8.14.2/8.13.1) with ESMTP id m2IF4qhM011090 for ; Tue, 18 Mar 2008 16:04:52 +0100 (CET) (envelope-from rabe@uugrn.org) Received: (from rabe@localhost) by daemon.ma.sigsys.de (8.14.2/8.14.2/Submit) id m2IF4quS011089 for freebsd-stable@freebsd.org; Tue, 18 Mar 2008 16:04:52 +0100 (CET) (envelope-from rabe@uugrn.org) X-Authentication-Warning: daemon.ma.sigsys.de: rabe set sender to rabe@uugrn.org using -f Date: Tue, 18 Mar 2008 16:04:52 +0100 From: Raphael Becker To: freebsd-stable@freebsd.org Message-ID: <20080318150452.GA1561@ma.sigsys.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM" Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: Using /etc/rc.d/geli with labeled devices on 6.3 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Mar 2008 15:29:16 -0000 --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, given that /dev/ad12 is a geli encryptet device, you might set up /etc/rc.conf like geli_enable=3D"YES" geli_devices=3D"ad12" geli_ad12_flags=3D"-k /root/keys/geli.ad12.key" I don't like absolute device names (they might change) so I label them e.g. FOOcrypt so it show up like /dev/label/FOOcrypt Attaching the FOOcrypt manually works like # geli attach -k /root/geli.FOO.key /dev/label/FOOcrypt=20 Enter passphrase: The UFS on /dev/label/FOOcrypt.eli is labeled FOO[1] so=20 it will be available on /dev/ufs/FOO and can be mounted: # mount /dev/ufs/FOO How should I set up /etc/rc.conf to get this by /etc/rc.d/geli on boot? geli_enable=3D"YES" geli_devices=3D"label/FOOcrypt" geli_label/FOOcrypt_flags=3D"-k /root/keys/geli.FOO.key" ^^^^^^^^^^^^^^=20 This won't work. How? TIA. Regards Raphael Becker [1] newfs -L FOO ... /dev/label/FOOcrypt.eli --> /dev/ufs/FOO --=20 Raphael Becker http://rabe.uugrn.org/ GnuPG: E7B2 1D66 3AF2 EDC7 9828 6D7A 9CDA 3E7B 10CA 9F2D =2E........|.........|.........|.........|.........|.........|.........|.. --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFH39oUnNo+exDKny0RAsMMAKDIo/CqzVPHtDasexT51OajwJW+pACdFR7c n2lFbL4xKIq1frV8XOyljds= =7iJg -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--