[dm-crypt] UUID question

Sven Eschenberg sven at whgl.uni-frankfurt.de
Fri Dec 21 02:24:07 CET 2012


Hi Yaron,

Old bugs it seems. Neither my gentoo box, nor a Ubuntu 12.10 showed the
behavior you describe. Can you verify that the entries under
/dev/disk/by-uuid/ are softlinks on Lucid?

Regards

-Sven

On Thu, December 20, 2012 12:16, Yaron Sheffer wrote:
> Hi Sven,
>
> a quick correction: blkid is (surprisingly) not smart enough, and your
> command line results in duplicates. Both the /dev (e.g. /dev/sdg) and
> the equivalent /dev/disk/by-uuid are listed.
>
> So you want to use:
>
> blkid -t TYPE="crypto_LUKS" -s UUID /dev/disk/by-uuid/*
>
> (tested on Ubuntu 10.04 Lucid).
>
> Thanks,
>      Yaron
>
> On 12/20/2012 01:00 PM, dm-crypt-request at saout.de wrote:
>> Date: Thu, 20 Dec 2012 00:30:23 +0100
>> From: "Sven Eschenberg" <sven at whgl.uni-frankfurt.de>
>> To: dm-crypt at saout.de
>> Subject: Re: [dm-crypt] UUID question
>> Message-ID:
>> 	<18e39b1120b315e7553bdb330e5103c5.squirrel at ssl.verfeiert.org>
>> Content-Type: text/plain;charset=utf-8
>>
>> cryptsetup luksUUID <dev> will return the luks header's UUID if <dev>
>> holds a luks header, and yes, this should usually not change the same
>> way
>> as the UUID of a filesystem souldn't.
>>
>> There's 2 problems though:
>>
>> 1.) You'd have to know <dev> in advance or iterate over all possible
>> (non
>> locked) blockdevices (which is what blkid usually does anyway for you)
>>
>> 2.) a blockdev could possibly hold a luks header and still be part of a
>> md
>> device (depending on metadata version), you'd better hope that the md
>> device is set up already, when you issue your cryptsetup commands.
>>
>> Concerning the original question:
>>
>> The UUID within the LUKS header should not change throughout the LUKS
>> volume's lifetime, except for enforced changes (as noted before).
>>
>> To associated keys based on luks UUID, using something like:
>> 'blkid -t TYPE="crypto_LUKS" -s UUID'
>> is probably a good starting point, as it gives you the UUID to retrieve
>> the keys based on the UUID and the device inode you'd use on further
>> calls
>> to cryptsetup etc. - The rest is just a little shell magic ;-)
>>
>> Regards
>>
>> -Sven
>>
>>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>




More information about the dm-crypt mailing list