LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   lvm and cryptsetup (https://www.linuxquestions.org/questions/linux-newbie-8/lvm-and-cryptsetup-4175466259/)

otaviolb 06-16-2013 06:06 PM
lvm and cryptsetup
 
Hi: I would appreciate comments on this problem. I want to learn, not just solve the problem.

I would like to backup a directory structure greater than 4GB in an encrypted usb device, under the following restrictions: keep the usb device formatted as FAT32, with a single partition; leave some unencrypted space for ordinary use.

Since FAT32 is limited to 4GB files, I thought I could create two or more files and mount a logical volume with them. It worked for the first time, but not anymore. I am failing somewhere, but I cannot figure out how to improve. It follows what I have done:

Create three files, two limited to 4Gb and another one (it could have been the three same size):
Code:
dd if=dev/urandom of=/media/usbdevice/0 bs=1M count=2000
dd if=dev/urandom of=/media/usbdevice/1 bs=1M count=4000
dd if=dev/urandom of=/media/usbdevice/2 bs=1M count=4000
Associate the files with a loop device:
Code:
su
for i in `seq 0 1 2`;do losetup /dev/loop$i /media/usbdevice/$i;done
Open them:
Code:
for i in `seq 0 1 2`;do cryptsetup --key-file="/home/fooname/passwordfile" luksOpen /dev/loop$i cryptfun$i ;done
Create the logical volumes, leaving some unused room:
Code:
pvcreate /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2
vgcreate vgpendrive_fooname /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2
lvcreate -L 9700M vgpendrive_fooname
vgchange -a y vgpendrive_fooname
Make a file system compatible with files greater than 4GB. I like ext2
Code:
mkfs -t ext2 /dev/vgpendrive_fooname/lvol0
Mount it:
Code:
mount /dev/vgpendrive_fooname/lvol0 /mnt/lvm
For some reason, I was not able to mount with my uid: mount -t ext2 -o rw,uid=1000 dev/vgpendrive_fooname/lvol0 /mnt/lvm, but this is another question for another time. So, I simply changed permissions:
Code:
chown root:fooname /mnt/lvm
chmod g+rwx /mnt/lvm/
As normal user, check whether it works or not: just copy some stuff into the mounted volume
Code:
su fooname
cp morethan4GBfile /mnt/lvm
Great. It works!

Now, I want undo each step:
Code:
su
umount /mnt/lvm/
vgchange -a n vgpendrive_fooname
vgremove vgpendrive_fooname
pvremove /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2
for i in `seq 0 1 2`;do cryptsetup luksClose cryptfun$i ;done
for i in `seq 0 1 2`;do  losetup -d /dev/loop$i ;done
Great again. It works fine. Now, I want repeat almost the same steps another day; I tried:
Code:
for i in `seq 0 1 2`;do losetup /dev/loop$i /media/usbdevice/$i;done
for i in `seq 0 1 2`;do cryptsetup --key-file="/home/fooname/passwordfile" luksOpen /dev/loop$i cryptfun$i ;done
pvcreate /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2
vgcreate vgpendrive_fooname /dev/mapper/cryptfun0 /dev/mapper/cryptfun1 /dev/mapper/cryptfun2
lvcreate -L 9700M vgpendrive_fooname
vgchange -a y vgpendrive_fooname
mount /dev/vgpendrive_fooname/lvol0 /mnt/lvm
Here I cannot go further because of an error message:
Quote:
mount: you must specify the filesystem type
If I try:
Code:
mount -t ext2 /dev/vgpendrive_fooname/lvol0 /mnt/lvm
I get:
Quote:
mount: wrong fs type, bad option, bad superblock on /dev/mapper/vgpendrive_fooname-lvol0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
This shows I am thinking wrong, but I do not know why. What should I have done?

Aditional information:
Code:
uname -a
Quote:
Linux hostname 2.6.32-5-686 #1 SMP Fri Feb 15 15:48:27 UTC 2013 i686 GNU/Linux
Code:
lvcreate --version
Quote:
LVM version: 2.02.66(2) (2010-05-20)
Library version: 1.02.48 (2010-05-20)
Driver version: 4.15.
USB device: 16GB

Greetings.

lvvloten 06-17-2013 01:17 AM
Just a small thought - did you actually create the filesystem in your second attempt? I miss the mkfs command, you did use it in the first attempt. Since you recreate everything, including the encryption, all information including the filesystem information has been erased.
Hope this helps,
Lucas

r0b0 06-17-2013 05:28 AM
When you wanted to "repeat" the steps, did you expect to find all data intact? If not, you forgot to run mkfs (as Lucas above said).

If you did, too bad, it's not going to work this way. I don't know for sure but some of the LVM commands (most probably lvcreate) gave different result the second time than the first time and your data is gone.

I wouldn't bother with cryptsetup & LVM over loopback. Too much hassle and too little gain. Maybe you could use truecrypt, which works on file-based storage natively as opposed to cryptsetup which works on block devices.

otaviolb 06-17-2013 06:00 AM
Thank you for your comments. That is the point, I expected to find the data intact! This works without lvm:
1st step: dd if=dev/urandom of=/media/usbdevice/0 bs=1M count=2000; losetup /media/usbdevice/0; cryptsetup luksFormat /dev/loop0; cryptsetup luksOpen /dev/loop0 somename; mkfs -t ext2 /dev/mapper/somename; mount /dev/mapper/somename mnt/mntpoint; cp data /mnt/mntpoint; umount /mnt/mntpoint; cryptsetupluksClose /dev/mapper/somesame; losetup -d /dev/loop0

2nd step All the above except luksFormat and mkfs. Copied data are intact.

I susepct that vgremove is important to understand. After running this command, it asks if I am sure. Perhaps vgremove cannot be used if data must be preserved. However, without removing the volume, luksClose and losetup -d fail.

r0b0 06-17-2013 06:29 AM
Try vgexport and vgimport instead of vgremove & vgcreate. They are designed to keep your data intact while fiddling with underlying PVs.

otaviolb 06-17-2013 08:06 PM
Solved: encrypted file system greater than 4 GB in a single partition FAT32 usb device
 
Thank you! It works!

This is what I did: After mounting the logical volume as described above, I run:
umount /dev/vgpendrive_fooname/lvol0
vgchange -a n vgpendrive_fooname
vgexport vgpendrive_fooname
for i in `seq 0 1 2`;do cryptsetup luksClose cryptfun$i ;done
for i in `seq 0 1 2`;do losetup -d /dev/loop$i ;done
umount /media/usbdevice

Data are supposed to be protected.

When the data must be accessed again, mount or hotplug the usb device and:
for i in `seq 0 1 2`;do losetup /dev/loop$i /media/usbdevice/$i;done
for i in `seq 0 1 2`;do cryptsetup --key-file="/home/fooname/password" luksOpen /dev/loop$i cryptfun$i ;done
pvscan
vgchange -a y vgpendrive_otavio
mount /dev/vgpendrive_fooname/lvol0 /mnt/lvm

Data are intact in /mnt/lvm! We have got an encrypted file system greater than 4 GB in a single partition FAT32 usb device ;-)

Only use vgremove and pvremove if data can be lost.

Greetings


All times are GMT -5. The time now is 04:16 AM.