zfskeys requires /usr/bin/timeout

R

robot468

I'm trying to make system, with all datasets encrypted except root. So, /usr is encrypted.
But zfskeys requires it. Is this legal for /etc/rc.d script to use something from /usr ? :)

I tried to register on bugs.freebsd.org, but I don't seem to get any mail from there.

UPS: zfskeys is only script using timeout in /etc/rc.d
 

Attachments

  • 2022-07-14_19-31-36 (2).png
    2022-07-14_19-31-36 (2).png
    65.2 KB · Views: 300
If you want to use an encrypted provider in your startup scripts, you would have to decrypt it on startup. Assuming you used geli(8), you could add "-bg" flags to your encrypted volume and in the very beginning of the boot you will get a password prompt to decrypt it:
Bash: 
geli configure -bg <provider>
You can check if the flags were set like so (check the flags value):
Bash: 
geli dump <provider>

Of course, this means your startup will be blocked until you enter a password, if this is what you want.

Can you please explain what exactly end goal you are trying to achieve? Maybe there is an easier way?
 
D-FENS said:
Can you please explain what exactly end goal you are trying to achieve? Maybe there is an easier way?
Click to expand...
I want use native zfs encryption(not geli), to encrypt all data on server. Server boots with usb stick, containing root partition with decryption key file on it.
 
robot468 said:
I want use native zfs encryption(not geli), to encrypt all data on server. Server boots with usb stick, containing root partition with decryption key file on it.
Click to expand...
I don't know how to do that, but I would be interested if someone else knows the solution.
 
D-FENS said:
I don't know how to do that, but I would be interested if someone else knows the solution.
Click to expand...
i know how to do that - script /etc/rc.d/zfskeys should be fixed. I can do it myself, but it would be better if it was fixed in the system :)
 
You must log in or register to reply here.
Back
Top