I am using a combination of dm_crypt and vinum to keep most of my data
(sans root, which is on a different volume) in an encrypted RAID-1
setup. Specifically, physical slices are strung together with vinum,
with a single LUKS volume (set up via ‘cryptsetup’) sitting on top.
With the rc-scripts from base, this combination won’t boot on its own,
since the ordering is slightly off: ‘cryptdisks’ is run before
‘dumpon’, and ‘dumpon’ comes before ‘disks’. Since ‘vinum’ provides
‘disks‘, rcorder will run it -after ‘cryptdisks‘, and the boot falls
apart.
This is easily solved: By having ‘cryptdisks‘ explicitely come -after-
‘disks‘ (and not depending on ‘dumpon’), boot now first brings up vinum,
and only -then- cryptdisks, and it -almost- boots:
| ----------------------------- etc/rc.d/cryptdisks
-----------------------------
| index 3bc6232..d530437 100644
| @@ -1,7 +1,8 @@
| #!/bin/sh
|
| # PROVIDE: cryptdisks
| -# BEFORE: mountcritlocal localswap dumpon
| +# BEFORE: mountcritlocal localswap
| +# REQUIRE: disks
|
| $_rc_subr_loaded . /etc/rc.subr
I’m still wondering what exactly I am breaking by not having ‘dumpon’
ready when ‘cryptdisks’ comes up. I have been running this patch for
half a year and have not yet experienced any weirdness—but then again, I
don’t really know what ‘dumpon’ exactly does…
There‘s yet another glitch: This early in the boot process, ‘/usr’ is
not yet available, which makes perfect sense, since disks, volumes and
stuff is still being brought up. But ‘/sbin/vinum’ is dynamically
linked and requires libraries which reside in ‘/usr/lib’:
| Shared object ‘libdevstat.so.3‘ not found, required by ‘vinum’.
I find it very weird that /sbin contains -any- dynamically linked
binaries at all, especially binaries that require /usr already mounted,
so this is perhaps an oversight. The second patch patches the Makefile
for ‘/sbin/vinum’ and forces static linking.
With both patches, LUKS-on-top-of-Vinum boots like a charm:
| ----------------------------- sbin/vinum/Makefile
-----------------------------
| index 9e6de2d..c427e0d 100644
| @@ -7,7 +7,7 @@ WARNS?= 2
|
| CFLAGS+= -I${.CURDIR}/../../lib/libedit -I${.CURDIR}/../../sys
| DPADD= ${LIBEDIT} ${LIBNCURSES} ${LIBDEVSTAT}
| -LDADD= -lprivate_edit -lprivate_ncurses -ldevstat
| +LDADD= -lprivate_edit -lprivate_ncurses -ldevstat -static
| LDFLAGS+= ${PRIVATELIB_LDFLAGS}
|
| .include <bsd.prog.mk>
Stefan
--
▪ Die Internetbleibe. Schick, magisch, leistungsstark.
https://internetbleibe.de/
▪ medoly media UG (haftungsbeschränkt) | Hausburgstraße 13, 10249 Berlin
▪ [email protected] | https://medolymedia.de/ | Tel. 030 609 826‒560 | Fax
…‒569
▪ Geschäftsführer: Matthias Nothhaft | HRB 131198 (Amtsgericht
Berlin-Charlottenburg), Sitz: Berlin, USt-ID: DE275221203
diff --git a/etc/rc.d/cryptdisks b/etc/rc.d/cryptdisks
index 3bc6232..d530437 100644
--- a/etc/rc.d/cryptdisks
+++ b/etc/rc.d/cryptdisks
@@ -1,7 +1,8 @@
#!/bin/sh
# PROVIDE: cryptdisks
-# BEFORE: mountcritlocal localswap dumpon
+# BEFORE: mountcritlocal localswap
+# REQUIRE: disks
$_rc_subr_loaded . /etc/rc.subr
diff --git a/sbin/vinum/Makefile b/sbin/vinum/Makefile
index 9e6de2d..c427e0d 100644
--- a/sbin/vinum/Makefile
+++ b/sbin/vinum/Makefile
@@ -7,7 +7,7 @@ WARNS?= 2
CFLAGS+= -I${.CURDIR}/../../lib/libedit -I${.CURDIR}/../../sys
DPADD= ${LIBEDIT} ${LIBNCURSES} ${LIBDEVSTAT}
-LDADD= -lprivate_edit -lprivate_ncurses -ldevstat
+LDADD= -lprivate_edit -lprivate_ncurses -ldevstat -static
LDFLAGS+= ${PRIVATELIB_LDFLAGS}
.include <bsd.prog.mk>
