Hi, Thanks for your excellent reply.
OK, I just accepted the default partition settings during installation, and it seems it did not create a home folder, so I guess I'm screwed unless I can shrink the root partition without formating it. Possible? Otherwise, a reinstallation might be my best option here. (Except that I physically have to move the hard-drive since dfly won't read USB on the X220 laptop ><) A related question: Is it possible to encrypt a HAMMER PFS? Regards Olle On Fri, Oct 13, 2017 at 04:29:45PM -0400, Pierre Abbat wrote: > On Friday, October 13, 2017 9:42:01 PM EDT Olle wrote: > > Hi, > > > > At this point I would be happy to encrypt even just a single file. The > > options seem dead after installation. Any ideas? > > I'm assuming you meant to answer the list, so I'm sending my answer to the > list. > > To create an encrypted partition, you need some free space. If all of your > disk is allocated to filesystems or swap, you need to either shrink some > filesystem or add a disk. If /home is on a separate partition and you want to > encrypt it, copy everything in it (which shouldn't be much if you just > installed) to somewhere else and remove the partition from /etc/fstab. If you > are using LVM and have some free space in a volume group, you can make a new > logical volume. > > Once you have an empty partition in a slice or an empty logical volume, you > can make an encrypted partition with cryptsetup. Use the luksFormat command. > > Having done that, create a file /etc/crypttab. Mine looks like this: > crypt /dev/serno/WD-<snip>.s1d none tries=3,timeout=200 > This file is used by the cryptdisks service. > > Run "/etc/rc.d/cryptdisks start". cryptsetup will ask you for the password of > the encrypted partition. Enter it, and you'll get the plaintext of the > partition (which will be gibberish, since you're decrypting zeros) in /dev/ > mapper/. Make a filesystem on the device in /dev/mapper/. > > Add a line in /etc/fstab similar to this: > /dev/mapper/crypt /crypt hammer rw,noauto 1 1 > You can now mount your new filesystem on your encrypted partition. > > At the time I created the encrypted partition, there was a bug that caused a > kernel panic if I tried to load the dm module when booting. I therefore > created the following script /usr/local/bin/mountcrypt: > #!/bin/sh > kldload dm > /etc/rc.d/cryptdisks start > mount /crypt > mount /usr/obj > If your computer is remote, and you can't enter the cryptdisk password when > booting, you'll need a script like this. You will need to run this as root, > and if you encrypt /home, you have to ssh in as root, because you can't log > in > as yourself when your home directory is unavailable. > > Pierre > -- > The Black Garden on the Mountain is not on the Black Mountain. >
