磁盘复制
2 个月前,我使用 dd 备份了装有 Ubuntu 16.04 的旧笔记本电脑的 128G 硬盘:
# sudo dd if=/dev/sda of=/media/victor/blackWD/ss9backup.img conv=noerror bs=128k status=progress
然后我擦除了笔记本电脑的 128G 硬盘并换了一台新笔记本电脑。
今天,我想从旧笔记本电脑 128 硬盘上制作的 dd 映像中恢复我的旧主文件夹。我正在使用新笔记本电脑(512G 硬盘)工作,上面装有 ubuntu 17.04。
安装
这是存储在我的外部硬盘(Western Digital 1TB)上的 128G dd 映像:
# file /media/victor/blackWD/ss9backup.img
/media/victor/blackWD/ss9backup.img: DOS/MBR boot sector
我将 dd 图像链接到环回设备上:
# losetup --partscan --find --show /media/victor/blackWD/ss9backup.img
/dev/loop0
我检查了所有的lossup:
# losetup --all
/dev/loop0: [2049]:26922 (/media/victor/blackWD/ss9backup.img)
我fdisk在loop0:
# sudo fdisk -l /dev/loop0
Disk /dev/loop0: 119,2 GiB, 128035676160 bytes, 250069680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00026d62
Device Boot Start End Sectors Size Id Type
/dev/loop0p1 * 2048 499711 497664 243M 83 Linux
/dev/loop0p2 501758 250068991 249567234 119G 5 Extended
/dev/loop0p5 501760 250068991 249567232 119G 8e Linux LVM
确实,我备份的硬盘是使用 LVM 进行分区的。以下是一些blkid详细信息:
# blkid
/dev/loop0: PTUUID="00026d62" PTTYPE="dos"
/dev/loop0p1: UUID="77d30c72-6286-49b5-9954-10f7651ee5c2" TYPE="ext2" PARTUUID="00026d62-01"
/dev/loop0p5: UUID="nkDpfj-PptW-Zo21-GUPs-G6Ro-OdIT-0tFk6N" TYPE="LVM2_member" PARTUUID="00026d62-05"
/dev/nvme0n1: PTUUID="0e1db479-955c-4964-8587-823e6cb15c98" PTTYPE="gpt"
/dev/nvme0n1p1: UUID="3F7E-BC4A" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="b4138b1c-f47a-4dd2-922e-c632e2712136"
/dev/nvme0n1p2: UUID="fc71fdfa-77ff-4104-95f6-6499348f2490" TYPE="ext4" PARTUUID="2b783871-027c-4e97-8781-cfe7c67d52bb"
/dev/sda1: LABEL="blackWD" UUID="038764D1793B8A8D" TYPE="ntfs" PARTUUID="0008c009-01"
现在使用以下命令映射设备kpartx:
# kpartx -a /dev/loop0
检查结果:
# sudo file -Ls /dev/mapper/*
/dev/mapper/control: ERROR: cannot read `/dev/mapper/control' (Invalid argument)
/dev/mapper/loop0p1: Linux rev 1.0 ext2 filesystem data (mounted or unclean), UUID=77d30c72-6286-49b5-9954-10f7651ee5c2
/dev/mapper/loop0p2: DOS/MBR boot sector; partition 1 : ID=0x8e, start-CHS (0x1f,59,29), end-CHS (0x3ff,254,63), startsector 2, 249567232 sectors
/dev/mapper/loop0p5: LVM2 PV (Linux Logical Volume Manager), UUID: nkDpfj-PptW-Zo21-GUPs-G6Ro-OdIT-0tFk6N, size: 127778422784
/dev/mapper/ubuntu--vg-root: Linux rev 1.0 ext4 filesystem data, UUID=8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2 (needs journal recovery) (extents) (large files) (huge files)
/dev/mapper/ubuntu--vg-swap_1: data
使用以下命令检查 LVM 分区的状态lvdisplay:
# lvdisplay
--- Logical volume ---
LV Path /dev/ubuntu-vg/root
LV Name root
VG Name ubuntu-vg
LV UUID o20hjC-DEsi-Xtlb-z2J6-7Z1B-9tKl-4HzE17
LV Write Access read/write
LV Creation host, time ubuntu, 2014-03-29 01:34:48 +0100
LV Status available
# open 0
LV Size 111,29 GiB
Current LE 28490
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:3
--- Logical volume ---
LV Path /dev/ubuntu-vg/swap_1
LV Name swap_1
VG Name ubuntu-vg
LV UUID qhSxpL-pZAp-DUDi-aR7R-wCy1-w5JI-XCYNIn
LV Write Access read/write
LV Creation host, time ubuntu, 2014-03-29 01:34:48 +0100
LV Status available
# open 0
LV Size 7,71 GiB
Current LE 1974
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:4
和vgdisplay:
# vgdisplay
--- Volume group ---
VG Name ubuntu-vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 3
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 119,00 GiB
PE Size 4,00 MiB
Total PE 30464
Alloc PE / Size 30464 / 119,00 GiB
Free PE / Size 0 / 0
VG UUID 1qtlsn-vTuS-xPkL-wqwP-Gxvc-LUcm-sd68LV
我使用以下命令激活 LVM 分区vgchange:
# vgchange -a y ubuntu-vg
2 logical volume(s) in volume group "ubuntu-vg" now active
我挂载根分区:
# mount -t ext4 -o ro,noload /dev/ubuntu-vg/root /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2
# ls /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2
boot dev home proc root run sys tmp var
问题
.ecryptfs在挂载的 LVM 分区中缺少:
/home# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/
total 12K
drwxr-xr-x 3 root root 4,0K juin 2 2015 .
drwxr-xr-x 11 root root 4,0K juin 2 2015 ..
dr-x------ 2 victor victor 4,0K mars 29 2014 victor
而这是我当前的/home内容:
/home# ls -ahl
total 24K
drwxr-xr-x 4 root root 4,0K sept. 8 11:35 .
drwxr-xr-x 24 root root 4,0K oct. 11 11:22 ..
drwxrwxr-x 3 root root 4,0K sept. 8 11:35 .ecryptfs
drwx------ 41 victor victor 12K oct. 21 14:45 victor
并且因为这个符号链接没有更新:
# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs
lrwxrwxrwx 1 victor victor 32 mars 29 2014 /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs -> /home/.ecryptfs/victor/.ecryptfs
这两个输出是相等的:
# ls -ahl /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs/
total 20K
drwx------ 2 victor victor 4,0K sept. 8 11:48 .
drwxrwxr-x 4 victor victor 4,0K sept. 8 11:35 ..
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-mount
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-umount
-rw------- 1 victor victor 13 sept. 8 11:35 Private.mnt
-rw------- 1 victor victor 34 sept. 8 11:35 Private.sig
-rw------- 1 victor victor 58 sept. 8 11:35 wrapped-passphrase
-rw-r--r-- 1 victor victor 0 sept. 8 11:48 .wrapped-passphrase.recorded
我现在的家:
# ls -ahl /home/victor/.ecryptfs
lrwxrwxrwx 1 victor victor 32 sept. 8 11:35 /home/victor/.ecryptfs -> /home/.ecryptfs/victor/.ecryptfs
# ls -ahl /home/.ecryptfs/victor/.ecryptfs
total 20K
drwx------ 2 victor victor 4,0K sept. 8 11:48 .
drwxrwxr-x 4 victor victor 4,0K sept. 8 11:35 ..
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-mount
-rw-rw-r-- 1 victor victor 0 sept. 8 11:35 auto-umount
-rw------- 1 victor victor 13 sept. 8 11:35 Private.mnt
-rw------- 1 victor victor 34 sept. 8 11:35 Private.sig
-rw------- 1 victor victor 58 sept. 8 11:35 wrapped-passphrase
-rw-r--r-- 1 victor victor 0 sept. 8 11:48 .wrapped-passphrase.recorded
在哪里寻找丢失的 /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/.ecryptfs ?
如能得到帮助将非常感激!
我在 dd 图像上有一些非常重要的文件和内存图片......
答案1
看起来您的主目录并没有完全加密,只有.Private主目录中的一个加密目录(),可能是用创建的ecryptfs-setup-private。
支持这一点的是文件夹及其内容,它们看起来与在新的未加密用户上运行时发生的情况/media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.ecryptfs/相同(加上一个神秘的零字节)。.wrapped-passphrase.recordedecryptfs-setup-private
如果有/media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.Private目录我会说它证实了这一点。
要解密旧文件,你需要做的就是准备好旧密码并运行
ecryptfs-recover-private /media/victor/8b19f5a8-33e4-481f-b8d7-4a3d0f2b39f2/home/victor/.Private