There is no way I could feel more disdain for Apple's QA department than I do right now. It seems that, in spite of the fact Leopard was in development for over two years, no one bothered to test what happened when you updated an account using FileVault from Tiger. My experience was:
- The installer worked fine.
- I logged in, and used the OS for a day.
- The kernel paniced.
- On rebooting, my home directory was inaccessible, and Disk Utility was unable to repair the disk image.
Oh well, I thought. It's an occupational hazard when using an encrypted disk image for your home directory; if you don't get a clean shutdown then you can lose data. So, mindful of this, I restored from a recent backup and rebooted. Sure enough, there I was logged in again. Then, a few weeks later, I upgraded to 10.5.1, shut down cleanly, rebooted, and... couldn't log in. Apparently the disk image was corrupted. Worse, it turns out this is a known fault: Leopard always leaves FileVault home directories created with Tiger in an unmountable state when you log out.
I'm going to say that again:
Leopard always leaves FileVault home directories created with Tiger in an unmountable state when you log out.
What kind of monumentally incompetent design is this? I have no idea. Anyway, enough of the ranting. I'm sure what people really want to know is 'what do I do when my shiny new OS has just eaten 30GB of personal data.' Step one is to swear at Apple. A lot. Step two is to realise that this 'corrupt' disk image, with a 'bad superblock' actually mounts fine in Tiger still. Fortunately, I haven't 'up'graded my Powerbook to Leopard. I booted the MBP in target mode, mounted it on the PowerBook, mounted the disk image and copied all of the files out.
I now had /Users/theraven/theraven.sparseimage containing the disk image that Leopard was too inept to use and /Users/tr containing my files. After swapping these over, I rebooted. Could I log in? No. Now it didn't think that the disk image was corrupt, it just couldn't find it. A problem.
This lead to the question of how to tell OS X that I was no longer using FileVault. Apparently this isn't documented anywhere I could find via Google and so I had to spend a long time hunting through the filesystem. Thanks again Apple.
It turns out that the relevant file is /var/db/dslocal/nodes/Default/users/theraven.plist (where theraven is my username). To edit this, you have to log in as root. I did this by booting to single user mode (hold command-s on boot). Inside this file, you will find a key-value pair where the key is home_loc and the value is an array. If you delete this key, then it will fall back to using the home directory as a directory, rather than a mount point. You can then reboot (or just exit from single user mode) and log in. You can probably then reenable file vault and have it re-encrypt your data, but I think I want some confirmation from Apple that they are only mostly incompetent, rather than completely inept before doing this.
Once upon a time, Apple was known for attention to detail and thorough testing. I suppose their current activities are good news for Étoilé, but I'd rather we competed by raising our standards than by Apple lowering theirs.