GELI file systems unusable after "glabel label" operations

Scott Bennett bennett at
Fri Jan 15 07:26:43 UTC 2010

     On Thu, 14 Jan 2010 18:42:32 +0100 Roland Smith <rsmith at>
>On Thu, Jan 14, 2010 at 01:31:55AM -0600, Scott Bennett wrote:
>>      I used "glabel label" to label each of the file systems I have on ex=
>> disk drives.  Unfortunately, afterward I am now unable to "geli attach" a=
>ny of
>> the GELI-encrypted file systems.  The system is FreeBSD 7.2-STABLE.  Is t=
>> a way to get this to work?  Or have I just lost everything in the encrypt=
>> file systems?
>Did you use 'geli init /dev/daXsY' and 'glabel label  /dev/daXsY'? That will
>overwrite the geli metadata with the glabel metadata!=20

     It has been a long time since I created those GELI partitions, but I
think I used the "geli init -K keyfilename /dev/daXsYP", where P is the
partition identifier in slice Y of drive X.  What I did when I screwed the
pooch on this was of the form "glabel label fsname /dev/daXsYP", which I had
thought would produce a /dev/label/fsname device and that doing a "geli attach"
afterward would produce a /dev/label/fsname.eli device.
>Check /var/backups. There should be *.eli files there. Those are the automa=

     No joy. :-(

>metadata backups that 'geli init' makes (at least in 8.0). You can restore
>those backups with 'geli restore'.

     Those must be new in 8.0.  I don't see any in 7.2, just {aliases,group,
master.passwd}.bak{,2} in /var/backups.
>Running 'geli init' again with the same parameters will not work, because
>'geli init' uses a random component in the key generation. In other words, =
>inits with the same password will not generate the same key!

     Is there some way to recover using the existing key files, which I do
still have?  And of course, I do know the passphrases.
>What you should have done (for future refrence) is use geli(8) to create the
>encrypted device, then create a filesystem on that encrypted device with
>newfs(8) using the '-L' flag to set the volume name. Or use tunefs(8) to set
>the volume name later. These names will be automatically recognized next ti=
>you attach it and listed in /dev/ufs/.
     Thank you for that information.  If only it had been laid out that way
in the man page of the handbook when I read it before starting on the labeling
     I have a new 1 TB drive that I will soon connect to the system and begin
creating file systems.  I will make gzipped image files with dd(1) of the
damaged partitions and store them on the new drive for a while in case a
workable idea turns up.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *

More information about the freebsd-questions mailing list