[opensuse-factory] Mounting existing crypted partition fails on 11.2rc1
Hi! I installed rc1 on my laptop and got stuck mounting my crypted /home. It complains about the filesystem type (mount -t auto ??? ). I tried manually mount /dev/mapper/cr_sda8, but the filesystem seems corrupt now :( . Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Jan-Simon Möller wrote:
I installed rc1 on my laptop and got stuck mounting my crypted /home. It complains about the filesystem type (mount -t auto ??? ).
fstab, crypttab, logs? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Mittwoch 28 Oktober 2009 09:51:54 schrieb Ludwig Nussel:
I changed it "auto" to ext3 lateron. crypttab: cr_sda8 /dev/disk/by-id/ata-WDC_WD2500BEVS-22UST0_WD-WXE807E07297-part8 none none y2log here: http://filebin.ca/znhyfd/y2log-1_crypt.tar.bz2 These lines worry me a bit: y2log-1:27696:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/crypttab y2log-1:27709:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] SystemCmd.cc(addLine):553 Adding Line 1 "cr_sda8: 0 300623250 crypt aes-cbc-essiv:sha256 00000000000000000000000000000000 0 8:8 1032" y2log-1:27784:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27785:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):428 dentry:proc mount:/proc fstab:0 cryptotab:0 y2log-1:27787:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):446 fstab:0x7f82fea0d9c0 cryptotab:0 lineno:-1 y2log-1:27790:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findPrefix):453 file:/mnt/etc/fstab mount:/proc crypto:true y2log-1:27793:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(save):64 deleting file /mnt/etc/crypttab <<<<<<<<<<<<<<<<<< y2log-1:27800:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/cryptotab y2log-1:27801:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/cryptotab y2log-1:27802:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27803:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/crypttab y2log-1:27810:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27811:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):428 dentry:sysfs mount:/sys fstab:0 cryptotab:0 y2log-1:27813:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):446 fstab:0x7f82feab47d0 cryptotab:0 lineno:-1 First it adds the right option, but deletes the file then?! Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Jan-Simon Möller wrote:
I hope it's a LUKS image (cryptsetup isLuks /dev/...)? Otherwise the result would be rather unpredictable. I don't know if yast is still able to detect other encryption methods (requires wild guessing). cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Mittwoch 28 Oktober 2009 11:29:00 schrieb Ludwig Nussel:
No result on cryptsetup isLuks (no output at all). But cryptsetup luksDump gives: LUKS header information for /dev/sda8 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 1032 MK bits: 128 MK digest: b5 d8 5c d5 53 c8 09 69 7f 62 08 cf e7 89 ea fd 55 0f e7 5d MK salt: bd e6 35 db 8b c1 68 cf b8 31 9c fc a3 3c e8 a3 c1 ad 33 bb b5 01 a8 c1 97 52 7e c5 b1 95 9b ab MK iterations: 10 UUID: cf2997f7-338a-5122-91aa-52f58e0fb8fc Key Slot 0: ENABLED Iterations: 356581 Salt: 91 0b e5 ed 85 19 ba 50 b2 52 6b a3 8a 21 a3 33 f5 fa 5b b2 d9 3e 55 c0 6b 93 65 e0 59 71 58 6b Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED (key letters not from konsole output) Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Jan-Simon Möller wrote:
It tells it's result via exit status. 0 == luks.
Ok, it's LUKS. So crypttab is correct. The file system corruption is not caused by wrong crypto settings then and it should be safe to run fsck. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Wed, 28 Oct 2009 09:51:54 +0100 Ludwig Nussel <ludwig.nussel@suse.de> wrote:
OT: having "/etc/init.d/boot.crypto fsck" would be a welcome feature. Sometimes you _want_ to check the fs, but even back when we still did autocheck ext3 every 180 days or so, we never did on cryptohome. (I know how to do it anyway, but it would be nice if it would be easier). -- Stefan Seyfried "Any ideas, John?" "Well, surrounding them's out." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stefan Seyfried wrote:
OT: having "/etc/init.d/boot.crypto fsck" would be a welcome feature.
bug 462929
Sometimes you _want_ to check the fs, but even back when we still did autocheck ext3 every 180 days or so, we never did on cryptohome.
It should work if fs_passno != 0 in fstab. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-10-28 at 11:33 +0100, Ludwig Nussel wrote:
I remember that one ;-)
It has a side effect, though: if, for instance, you enter the wrong password (a mistake easy to make with the long passwords used for this), the system will abort booting and enter filesystem repair mode. It is even worse if that particular line has the "noauto" option for not mounting on boot, because then it doesn't ask for the password, but will attempt to fsck all times... I did have a "1" there for a while and had to revert to "0" pretty soon. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkroyN0ACgkQtTMYHG2NR9XYDgCeMnoL7tWZvNYivMLyrWWBFMoA QZAAnAtwuQL5PonKB+ABwJrMRnUa3JMW =i+Mg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
Yes, that fsck behavior isn't optimal. Matthias König tried to improve it¹ and the outcome was that /etc/init.d/boot.localfs skips devices with mount option 'nofail' entirely. boot.crypto will take care of fsck then. That doesn't work with devices that need to by unlocked by boot.crypto-early already though :-( So for those you better set timeout=0,tries=0 in crypttab. I guess I should document that in the manpage. cu Ludwig [1] http://markmail.org/message/dso3oggybuygy2xe -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LSU.2.00.0910301653110.5346@nimrodel.valinor> On Thursday, 2009-10-29 at 09:16 +0100, Ludwig Nussel wrote:
Yes, please :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkrrDAIACgkQtTMYHG2NR9XwLACfek1XOc3UFvwP/n7jHlXAmPX2 QmwAn3IWFeBRovuBepajz2FQMypy7AOz =I2EN -----END PGP SIGNATURE-----
Jan-Simon Möller wrote:
I installed rc1 on my laptop and got stuck mounting my crypted /home. It complains about the filesystem type (mount -t auto ??? ).
fstab, crypttab, logs? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Mittwoch 28 Oktober 2009 09:51:54 schrieb Ludwig Nussel:
I changed it "auto" to ext3 lateron. crypttab: cr_sda8 /dev/disk/by-id/ata-WDC_WD2500BEVS-22UST0_WD-WXE807E07297-part8 none none y2log here: http://filebin.ca/znhyfd/y2log-1_crypt.tar.bz2 These lines worry me a bit: y2log-1:27696:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/crypttab y2log-1:27709:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] SystemCmd.cc(addLine):553 Adding Line 1 "cr_sda8: 0 300623250 crypt aes-cbc-essiv:sha256 00000000000000000000000000000000 0 8:8 1032" y2log-1:27784:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27785:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):428 dentry:proc mount:/proc fstab:0 cryptotab:0 y2log-1:27787:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):446 fstab:0x7f82fea0d9c0 cryptotab:0 lineno:-1 y2log-1:27790:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findPrefix):453 file:/mnt/etc/fstab mount:/proc crypto:true y2log-1:27793:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(save):64 deleting file /mnt/etc/crypttab <<<<<<<<<<<<<<<<<< y2log-1:27800:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/cryptotab y2log-1:27801:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/cryptotab y2log-1:27802:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27803:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(logContent):91 content of /mnt/etc/crypttab y2log-1:27810:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] AsciiFile.cc(reload):40 loading file /mnt/etc/crypttab y2log-1:27811:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):428 dentry:sysfs mount:/sys fstab:0 cryptotab:0 y2log-1:27813:2009-10-27 16:57:16 <1> 192.168.1.238(7788) [libstorage] EtcFstab.cc(findFile):446 fstab:0x7f82feab47d0 cryptotab:0 lineno:-1 First it adds the right option, but deletes the file then?! Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Jan-Simon Möller wrote:
I hope it's a LUKS image (cryptsetup isLuks /dev/...)? Otherwise the result would be rather unpredictable. I don't know if yast is still able to detect other encryption methods (requires wild guessing). cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Mittwoch 28 Oktober 2009 11:29:00 schrieb Ludwig Nussel:
No result on cryptsetup isLuks (no output at all). But cryptsetup luksDump gives: LUKS header information for /dev/sda8 Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 1032 MK bits: 128 MK digest: b5 d8 5c d5 53 c8 09 69 7f 62 08 cf e7 89 ea fd 55 0f e7 5d MK salt: bd e6 35 db 8b c1 68 cf b8 31 9c fc a3 3c e8 a3 c1 ad 33 bb b5 01 a8 c1 97 52 7e c5 b1 95 9b ab MK iterations: 10 UUID: cf2997f7-338a-5122-91aa-52f58e0fb8fc Key Slot 0: ENABLED Iterations: 356581 Salt: 91 0b e5 ed 85 19 ba 50 b2 52 6b a3 8a 21 a3 33 f5 fa 5b b2 d9 3e 55 c0 6b 93 65 e0 59 71 58 6b Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED (key letters not from konsole output) Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Jan-Simon Möller wrote:
It tells it's result via exit status. 0 == luks.
Ok, it's LUKS. So crypttab is correct. The file system corruption is not caused by wrong crypto settings then and it should be safe to run fsck. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (4)
-
Carlos E. R. -
Jan-Simon Möller -
Ludwig Nussel -
Stefan Seyfried