[opensuse] Problem with cryptotab and Opensuse 10.3
/etc/cryptotab: /dev/loop1 /dev/sdb1 /media/hdd5 reiserfs twofish256 acl,user_xattr After umount /media/hdd5 a remount produces: 'dev/sdb1: cryptotab_loop1 already mapped' However there is no loop1 mount present. I'm aware of the changes in cryptomount but the old way suppose to work according to the release notes. Any idea how to solve this? Di I miss something? It worked on 10.2. thx /j -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-11-24 at 23:26 +0100, Jan Tiggy wrote:
/etc/cryptotab: /dev/loop1 /dev/sdb1 /media/hdd5 reiserfs twofish256 acl,user_xattr
After umount /media/hdd5 a remount produces:
How do you umount it? command line "umount"?
'dev/sdb1: cryptotab_loop1 already mapped' However there is no loop1 mount present.
I'm aware of the changes in cryptomount but the old way suppose to work according to the release notes.
Any idea how to solve this?
Try umounting using "/etc/init.d/boot.crypto stop" instead. Or, if you mount/umount normally, define the mount in fstab instead. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSKzmtTMYHG2NR9URAsmOAJ4pqJE+VCRqJPDnKZtl8iW+NnhYpwCcDaLL UNiOIDoj/hzJQpBQAFDq+pc= =rKT9 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. schrieb: lo Carlos
Try umounting using "/etc/init.d/boot.crypto stop" instead. Or, if you
I can't do it. I got a couple of crypted hard disks thus I copy the particular cryptotabs into /etc/ before mounting them manually.
mount/umount normally, define the mount in fstab instead.
I don't want to have the crypted hard disks in fstab and mount during the boot time. I mount it manually. The procedure looks something like this: mount procedure includes 3 o more files: #/bin/mntsdb #!/bin/bash sudo cp /etc/cryptotabsdb /etc/cryptotab sudo /etc/init.d/boot.crypto start sudo cp /etc/cryptotaborg /etc/cryptotab #/etc/cryptotabsdb: /dev/loop3 /dev/sdb1 /srv/hdd5 reiserfs twofish256 acl,user_xattr #/etc/cryptotaborg #empty umount procedure is plain: 'umount /srv/hdd5' Then comes the error everytime i remount the same hdd like above thx /j -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-11-25 at 00:17 +0100, Jan Tiggy wrote:
lo Carlos
Try umounting using "/etc/init.d/boot.crypto stop" instead. Or, if you
I can't do it. I got a couple of crypted hard disks thus I copy the particular cryptotabs into /etc/ before mounting them manually.
mount/umount normally, define the mount in fstab instead.
I don't want to have the crypted hard disks in fstab and mount during the boot time. I mount it manually.
Simply use the option "noauto" and they will not be mounted during boot. It works, I use it.
The procedure looks something like this:
mount procedure includes 3 o more files:
#/bin/mntsdb #!/bin/bash sudo cp /etc/cryptotabsdb /etc/cryptotab sudo /etc/init.d/boot.crypto start sudo cp /etc/cryptotaborg /etc/cryptotab
Oh my! You overwrite it! I'm not surprised you get the errors you see.
umount procedure is plain:
'umount /srv/hdd5'
Then comes the error everytime i remount the same hdd like above
Obviously. At that time, the cryptotab definition doesn't match. If you do it that way, you have to remove the loop device manually, using "losetup -a" to see them, then "losetup -d" to remove them. But seriously, consider this method, via fstab: /dev/device /mnt/mountpoint xfs reiserfs noauto,user,loop,encryption=twofish256 1 4 You can mount it as user (no sudo needed), it will not be mounted during boot, the "loop" device is dynamically selected, and ... I forgot the and, the telly interrupted my thoughts :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSLsHtTMYHG2NR9URAqSpAJ42Ra7+8WFRdQ2P/h3OKvVnjO/ulACgjh0H uDih3FFjosX4MQ/NNMQJzp0= =pzXf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. schrieb:
Oh my! You overwrite it! I'm not surprised you get the errors you see.
I know, but it worked in 10.2 w/o any probs.
But seriously, consider this method, via fstab: /dev/device /mnt/mountpoint xfs reiserfs noauto,user,loop,encryption=twofish256 1 4
You can mount it as user (no sudo needed), it will not be mounted during boot, the "loop" device is dynamically selected, and ... I forgot the and, the telly interrupted my thoughts :-)
Well I tried and it doesn't work somehow. The /etc/cryptotab looks like this (just for one partition at present): /dev/loop0 /dev/sdb1 /srv/more reiserfs twofish256 defaults The /etc/fstab contains: dev/sdb1 /srv/more reiserfs noauto,user,loop,encryption=twofish256 Then while mounting with: mount /srv/more and entering the password I'm getting: ioctl: LOOP_SET_STATUS: Invalid argument But when I remove the fstab line then the cryptosystem mounts perfectly during the boot. Any idea? thx /j -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
me wrote:
The /etc/cryptotab looks like this: /dev/loop0 /dev/sdb1 /srv/more reiserfs twofish256 defaults
The /etc/fstab contains: dev/sdb1 /srv/more reiserfs noauto,user,loop,encryption=twofish256
ioctl: LOOP_SET_STATUS: Invalid argument
I did some digging ;) /usr/share/doc/release-notes/openSUSE man cryptosetup then lsmod |grep cryptoloop modeprobe cryptoloop changed in: /etc/sysconfig/kernel to: MODULES_LOADED_ON_BOOT="cryptoloop" losetup -v -e twofish-cbc -k 128 -H sha256 /dev/loop0 /dev/sdb1 as user: mount /srv/more umount /srv/more mount /srv/more SOLVED! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2007-11-25 at 15:38 +0100, Jan Tiggy wrote:
Well I tried and it doesn't work somehow.
The /etc/cryptotab looks like this (just for one partition at present):
/dev/loop0 /dev/sdb1 /srv/more reiserfs twofish256 defaults
The /etc/fstab contains:
dev/sdb1 /srv/more reiserfs noauto,user,loop,encryption=twofish256
It must be /dev/sdb1, there is a slash missing. And, there are two numbers missing at the end of the line.
Then while mounting with:
mount /srv/more
and entering the password I'm getting:
ioctl: LOOP_SET_STATUS: Invalid argument
When you see that, have a look at the log or dmesg output. There you can see, or you should see, what the real cause is.
But when I remove the fstab line then the cryptosystem mounts perfectly during the boot.
fstab works diferently; normally you should not define the same entry on both files. You also need to edit /etc/sysconfig/kernel: MODULES_LOADED_ON_BOOT="cryptoloop twofish" [...] Ah, I see you did something similar later. You also need twofish there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHSdultTMYHG2NR9URAq0GAJ4+C+G5u+3Id7ymzQ/8OIQxIyYsWQCfeMnk GycPf+pPd5Pu9K9sV14/bxA= =v3w7 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-11-26 at 00:10 +0100, Jan Tiggy wrote:
Carlos E. R. schrieb:
[...]
Ah, I see you did something similar later. You also need twofish there.
Thx Carlos I've sorted it out with your help.
We have been talking about encrypted filesystems in the opensuse-security mail list. You might be interested in reading about it in the archive, some interesting docs and sites have come out. If you use fstab entries with the encryption options there (like option "encryption=twofish256"), it will use the old "cryptoloop" method (<= 10.2). To use the new "dm-crypt" method (10.3) you need to use /etc/cryptotab or /etc/crypttab (they are different). In both cases you can manually mount/umount a partition using "/etc/init.d/boot.crypto start" or "stop": using cryptotab: /etc/init.d/boot.crypto start /crypto_mount_point using crypttab: /etc/init.d/boot.crypto start /crypto_partition_or_image_file It is not possible to mount encrypted filesystems by the new "dm-crypt" by using the command "mount" alone or entries in fstab; mount does not support it (yet?). A device mapper "thing" has to be created previously using cryptsetup. And, a kernel bug has come out affecting "cryptoloop": if you are affected, the encrypted filesystem freezes with no error logged, just that the apps writing there freeze and can not be halted. Requires hard power off :-( - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFHUBuNtTMYHG2NR9URAkV4AJ4trqEtWTgX12bVqNZN8Qb0mnivCACcD/nh CbHqe+/u9fBvI4P1tHDVf1I= =vmUB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Carlos E. R. -
Jan Tiggy