In the discussion of root passwords, Felix discussed using partition labels instead of UUIDs. I've long considered doing this, but I have several LUKS-encrypted partitions, and none of the documentation I've read has anything to say about using labels in that situation. Can it be done, and if so, what's the procedure for setting it up? Leslie -- openSUSE Leap 15.2 x86_64
On 02/03/2021 23.05, J Leslie Turriff wrote:
In the discussion of root passwords, Felix discussed using partition labels instead of UUIDs. I've long considered doing this, but I have several LUKS-encrypted partitions, and none of the documentation I've read has anything to say about using labels in that situation. Can it be done, and if so, what's the procedure for setting it up?
Yes and no. You can not use classic MBR partition tables, because the "label" would be written inside the filesystem, which is encrypted, and thus invisible to the kernel at the point you have to enter the password. The label would then be unusable in /etc/crypttab. You have got instead to use GPT partitioned disks and "partlabels", that are written to the partition table itself, and thus, accessible as soon as the disk is detected. Example configuration: /etc/crypttab: cr_home /dev/disk/by-partlabel/home none timeout=300,discard /etc/fstab: /dev/mapper/cr_home /home xfs lazytime,exec,nofail 1 2 -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-03-02 18:15:34 Carlos E.R. wrote:
|On 02/03/2021 23.05, J Leslie Turriff wrote: |> In the discussion of root passwords, Felix discussed using partition |> labels instead of UUIDs. I've long considered doing this, but I have |> several LUKS-encrypted partitions, and none of the documentation I've |> read has anything to say about using labels in that situation. Can it |> be done, and if so, what's the procedure for setting it up? | |Yes and no. | | |You can not use classic MBR partition tables, because the "label" would |be written inside the filesystem, which is encrypted, and thus invisible |to the kernel at the point you have to enter the password. The label |would then be unusable in /etc/crypttab. | |You have got instead to use GPT partitioned disks and "partlabels", that |are written to the partition table itself, and thus, accessible as soon |as the disk is detected. | | |Example configuration: | | |/etc/crypttab: | |cr_home /dev/disk/by-partlabel/home none timeout=300,discard | | |/etc/fstab: | |/dev/mapper/cr_home /home xfs lazytime,exec,nofail 1 2
Okay. How do I know which kind of partition table I have? YaST Partitioner doesn't tell me that. Leslie -- openSUSE Leap 15.2 x86_64
J Leslie Turriff composed on 2021-03-02 19:26 (UTC-0600):
Okay. How do I know which kind of partition table I have? YaST Partitioner doesn't tell me that.
YaST2 does tell me that, by regurgitating head of FDISK information in disk overview, where it's called disklabel type. -- Evolution as taught in public schools, like religion, is based on faith, not on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
On 2021-03-02 20:29:02 Felix Miata wrote:
|J Leslie Turriff composed on 2021-03-02 19:26 (UTC-0600): |> Okay. How do I know which kind of partition table I have? YaST |> Partitioner doesn't tell me that. | |YaST2 does tell me that, by regurgitating head of FDISK information in | disk overview, where it's called disklabel type.
Yes, I see that now. Thank you. Leslie -- openSUSE Leap 15.2 x86_64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2021-03-02 a las 19:26 -0600, J Leslie Turriff escribió:
On 2021-03-02 18:15:34 Carlos E.R. wrote:
|On 02/03/2021 23.05, J Leslie Turriff wrote:
...
Okay. How do I know which kind of partition table I have? YaST Partitioner doesn't tell me that.
Several ways. Isengard:~ # fdisk -l /dev/sda Disk /dev/sda: 111.8 GiB, 120034123776 bytes, 234441648 sectors Disk model: KINGSTON SMS200S Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt <========= Disk identifier: DBC3DCEC-... Device Start End Sectors Size Type /dev/sda1 2048 321535 319488 156M EFI System /dev/sda2 321536 19214335 18892800 9G Microsoft basic data /dev/sda3 19214336 38090751 18876416 9G Microsoft basic data /dev/sda4 38090752 80035839 41945088 20G Microsoft basic data /dev/sda5 80035840 226838527 146802688 70G Microsoft basic data Isengard:~ # Isengard:~ # lsblk --output NAME,KNAME,RA,RM,RO,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,MOUNTPOINT,UUID,PARTUUID,WWN,MODEL,ALIGNMENT /dev/sda NAME KNAME RA RM RO SIZE TYPE FSTYPE LABEL PARTLABEL MOUNTPOINT UUID PARTUUID > sda sda 512 0 0 111.8G disk > ├─sda1 sda1 512 0 0 156M part vfat primary /boot/efi BD39-068A cada5ef3-03a1-4d0b-a984-49c1c16c7> ├─sda2 sda2 512 0 0 9G part swap Swap primary [SWAP] dee28afc-9697-4f8c-9b42-da0cf6da0ff1 53321f59-61c7-48f0-a358-fedac3882> ├─sda3 sda3 512 0 0 9G part ext4 Other primary 2d5ceee1-bb49-4afd-8b36-0fb76937172c 375c1f95-f5f8-434d-8268-8a4a708b6> PARTLABEL, PARTUUID are populated. ├─sda4 sda4 512 0 0 20G part ext4 System primary / 0d457df1-b43d-4587-aa5a-6c919bcbedb8 45be0ffb-ec39-4fb3-b44b-dc87d96c0> └─sda5 sda5 512 0 0 70G part crypto_LUKS primary ff42b205-a2a7-4d9a-84e9-4729c6775108 78016944-086f-4603-9673-2485beb13> └─cr_home dm-0 512 0 0 70G crypt xfs /home 5dc1df5e-3316-4b21-b8cc-1707f42cd61e > There are 5 partitions, all are primaries, there is no extended. I would not use yast2 for this job, I would use gparted. And before that, I would wonder if there is some CLI tool to set the partition label directly. Maybe there is, I don't know. [...] Quick search on "apropos label" did not hit one. So I'd try google "set gpt partition label linux" Maybe: parted /dev/vdb -s -- name 1 TEST But I have not tried this, dunno if safe (on existing partition). Should be. - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHIEARECADIWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYD739xQccm9iaW4ubGlz dGFzQGdteC5lcwAKCRC1MxgcbY1H1V/RAJ0SnewqRbrlBGqGk2Np45IIoKL2lwCc CWBH6S7ommFH21sYGMMjECqVDHE= =DvS3 -----END PGP SIGNATURE-----
On 2021-03-02 20:44:07 Carlos E. R. wrote:
|El 2021-03-02 a las 19:26 -0600, J Leslie Turriff escribió: |> On 2021-03-02 18:15:34 Carlos E.R. wrote: |>> |On 02/03/2021 23.05, J Leslie Turriff wrote: | |... | |> Okay. How do I know which kind of partition table I have? YaST |> Partitioner doesn't tell me that. | |Several ways. | | |Isengard:~ # fdisk -l /dev/sda |Disk /dev/sda: 111.8 GiB, 120034123776 bytes, 234441648 sectors |Disk model: KINGSTON SMS200S |Units: sectors of 1 * 512 = 512 bytes |Sector size (logical/physical): 512 bytes / 512 bytes |I/O size (minimum/optimal): 512 bytes / 512 bytes |Disklabel type: gpt <========= |Disk identifier: DBC3DCEC-... | |Device Start End Sectors Size Type |/dev/sda1 2048 321535 319488 156M EFI System |/dev/sda2 321536 19214335 18892800 9G Microsoft basic data |/dev/sda3 19214336 38090751 18876416 9G Microsoft basic data |/dev/sda4 38090752 80035839 41945088 20G Microsoft basic data |/dev/sda5 80035840 226838527 146802688 70G Microsoft basic data |Isengard:~ # | | | |Isengard:~ # lsblk --output | NAME,KNAME,RA,RM,RO,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,MOUNTPOINT,UUID,PART |UUID,WWN,MODEL,ALIGNMENT /dev/sda NAME KNAME RA RM RO SIZE TYPE | FSTYPE LABEL PARTLABEL MOUNTPOINT UUID | PARTUUID > sda sda 512 0 0 111.8G | disk | > ├─sda1 sda1 512 0 0 | 156M part vfat primary /boot/efi BD39-068A | cada5ef3-03a1-4d0b-a984-49c1c16c7> ├─sda2 sda2 512 0 | 0 9G part swap Swap primary [SWAP] | dee28afc-9697-4f8c-9b42-da0cf6da0ff1 53321f59-61c7-48f0-a358-fedac3882> | ├─sda3 sda3 512 0 0 9G part ext4 Other primary | 2d5ceee1-bb49-4afd-8b36-0fb76937172c | 375c1f95-f5f8-434d-8268-8a4a708b6> | | |PARTLABEL, PARTUUID are populated. | |├─sda4 sda4 512 0 0 20G part ext4 System primary / | 0d457df1-b43d-4587-aa5a-6c919bcbedb8 | 45be0ffb-ec39-4fb3-b44b-dc87d96c0> └─sda5 sda5 512 0 0 70G | part crypto_LUKS primary | ff42b205-a2a7-4d9a-84e9-4729c6775108 78016944-086f-4603-9673-2485beb13> | └─cr_home dm-0 512 0 0 70G crypt xfs /home | 5dc1df5e-3316-4b21-b8cc-1707f42cd61e | > | |There are 5 partitions, all are primaries, there is no extended. | | |I would not use yast2 for this job, I would use gparted. And before that, |I would wonder if there is some CLI tool to set the partition label |directly. Maybe there is, I don't know. [...] Quick search on "apropos |label" did not hit one. | |So I'd try google "set gpt partition label linux" | |Maybe: | |parted /dev/vdb -s -- name 1 TEST | |But I have not tried this, dunno if safe (on existing partition). Should | be.
Yes, that's the other part of the puzzle: can I relabel a volume on the fly? Perhaps I could do it from a rescue disk? Changing the label ought not change the UUID, right? So I could relabel, reboot, then switch from UUID to Label mounts. One last thing is crypttab, which glues the drives' partitions to fstab. I'm somewhat sure that it also supports Labels vs UUID; I'll have to look that up. Leslie -- openSUSE Leap 15.2 x86_64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2021-03-02 at 22:27 -0600, J Leslie Turriff wrote:
On 2021-03-02 20:44:07 Carlos E. R. wrote:
|El 2021-03-02 a las 19:26 -0600, J Leslie Turriff escribió: |> On 2021-03-02 18:15:34 Carlos E.R. wrote: |>> |On 02/03/2021 23.05, J Leslie Turriff wrote: | |...
|I would not use yast2 for this job, I would use gparted. And before that, |I would wonder if there is some CLI tool to set the partition label |directly. Maybe there is, I don't know. [...] Quick search on "apropos |label" did not hit one. | |So I'd try google "set gpt partition label linux" | |Maybe: | |parted /dev/vdb -s -- name 1 TEST | |But I have not tried this, dunno if safe (on existing partition). Should | be.
Yes, that's the other part of the puzzle: can I relabel a volume on the fly? Perhaps I could do it from a rescue disk? Changing the label ought not change the UUID, right? So I could relabel, reboot, then switch from UUID to Label mounts. One last thing is crypttab, which glues the drives' partitions to fstab. I'm somewhat sure that it also supports Labels vs UUID; I'll have to look that up.
No, crypttab does not "support" labels. Not in the sense that fstab does: LABEL=somename / ext4 defaults 1 1 UUID=someuuid / ext4 defaults 1 1 What crypttab reads are links, so it accepts: cr_home /dev/disk/by-partlabel/home none timeout=300,discard cr_home /dev/disk/by-uuid/someuuid none timeout=300,discard crypttab did not accept this in the past: cr_hoard UUID=someuuid none none but the man page says it does, and yast used that syntax on my last created encrypted partition. As to setting partlabel, I found this in google, but I have my doubts: parted /dev/vdb -s -- name 1 TEST syntax is: parted [options] [device [command [options...]...]] -s, --script never prompts for user intervention So it is a script, and the "--" indicates the "script" comes in the command line following. And the command is: name partition name Set the name of partition to name. This option works only on Mac, PC98, and GPT disklabels. The name can be placed in quotes, if necessary. In parted parlance, the label is something else: mklabel label-type Create a new disklabel (partition table) of label-type. label-type should be one of "aix", "amiga", "bsd", "dvh", "gpt", "loop", "mac", "msdos", "pc98", or "sun". So my doubt is if "name" changes both "label" and "partlabel". I think only the second, because it can not format the filesystem, no provision. I'll try. Isengard:~ # lsblk --output NAME,KNAME,RA,RM,RO,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,MOUNTPOINT,UUID,PARTUUID,WWN,MODEL,ALIGNMENT /dev/sda NAME KNAME RA RM RO SIZE TYPE FSTYPE LABEL PARTLABEL MOUNTPOINT UUID sda sda 512 0 0 111.8G disk ├─sda1 sda1 512 0 0 156M part vfat primary /boot/efi BD39- (trimmed) ├─sda2 sda2 512 0 0 9G part swap Swap primary [SWAP] dee28 ├─sda3 sda3 512 0 0 9G part ext4 Other primary 2d5ce ├─sda4 sda4 512 0 0 20G part ext4 System primary / 0d457 └─sda5 sda5 512 0 0 70G part crypto_LUKS primary ff42b └─cr_home dm-0 512 0 0 70G crypt xfs /home 5dc1d Isengard:~ # man parted Isengard:~ # parted /dev/sda -s -- name 1 EFI_part Isengard:~ # lsblk --output NAME,KNAME,RA,RM,RO,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,MOUNT NAME KNAME RA RM RO SIZE TYPE FSTYPE LABEL PARTLABEL MOUNTPOINT UUID sda sda 512 0 0 111.8G disk ├─sda1 sda1 512 0 0 156M part vfat EFI_part /boot/efi BD39- ├─sda2 sda2 512 0 0 9G part swap Swap primary [SWAP] dee28 ├─sda3 sda3 512 0 0 9G part ext4 Other primary 2d5ce ├─sda4 sda4 512 0 0 20G part ext4 System primary / 0d457 └─sda5 sda5 512 0 0 70G part crypto_LUKS primary ff42b └─cr_home dm-0 512 0 0 70G crypt xfs /home 5dc1d Isengard:~ # It works, and instantly! caveat is "/dev/disk/by-partlabel/" doesn't get changed, but that is not important for me now. All partlabels changed in a few seconds in the running system: Isengard:~ # lsblk --output NAME,KNAME,RA,RM,RO,SIZE,TYPE,FSTYPE,LABEL,PARTLABEL,MOUNTPOINT,UUID,PARTUUID,WWN,MODEL,ALIGNMENT /dev/sda NAME KNAME RA RM RO SIZE TYPE FSTYPE LABEL PARTLABEL MOUNTPOINT UUID sda sda 512 0 0 111.8G disk ├─sda1 sda1 512 0 0 156M part vfat EFI_part /boot/efi BD39-0 ├─sda2 sda2 512 0 0 9G part swap Swap Swap [SWAP] dee28a (trimmed) ├─sda3 sda3 512 0 0 9G part ext4 Other Other 2d5cee ├─sda4 sda4 512 0 0 20G part ext4 System System / 0d457d └─sda5 sda5 512 0 0 70G part crypto_LUKS LUKS_home ff42b2 └─cr_home dm-0 512 0 0 70G crypt xfs /home 5dc1df Isengard:~ # - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYD93Oxwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVVXgAoJQr1DYauXmkBwd8Nsdt f31uxdGAAJ4yBBxOW4rHRMvijWiqMmn3ChAsWA== =IW/R -----END PGP SIGNATURE-----
participants (5)
-
Carlos E. R. -
Carlos E. R. -
Carlos E.R.
-
Felix Miata -
J Leslie Turriff