From owner-freebsd-rc@FreeBSD.ORG Sun Jun 23 16:58:50 2013 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C1497F1D; Sun, 23 Jun 2013 16:58:50 +0000 (UTC) (envelope-from swhetzel@gmail.com) Received: from mail-bk0-x236.google.com (mail-bk0-x236.google.com [IPv6:2a00:1450:4008:c01::236]) by mx1.freebsd.org (Postfix) with ESMTP id 0570215D6; Sun, 23 Jun 2013 16:58:49 +0000 (UTC) Received: by mail-bk0-f54.google.com with SMTP id it16so3930009bkc.13 for ; Sun, 23 Jun 2013 09:58:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=62kCkak0882mBu5cjQj/4IN+/B8N9X+gKlOlIeljnDM=; b=NC4nVvRg8zuFjdxSZnpppdSFo+vDmamMk6D8pIYv24QMrmfT1DMS0IsQXZS8u8m8wP OZd6nNlSuWIbkIw0gSOEKtBBr6AguzTM7E7CyENXiJ6bk0yAMi1vAe9wzgPZS4e0yO1D V9vguhU8OjKzqv6SOOPhDIwVuB66QDtNxIm+95bkOxY351vv9Rl4FoBYEdo8p/j8paix E9AwQRVm+WAbtp21N8QZFSZ12xRRTNNqfys5+JlGBHhaRZn9c8+r+Tmyf1C9tfvVldb7 DdkmTWATB1UB2dNqxRLqifZATs4C7726pl3URDGb2uTGjW05aok1jmdZRK/2ZXnkUz3r TyVw== MIME-Version: 1.0 X-Received: by 10.204.228.207 with SMTP id jf15mr3162257bkb.16.1372006729124; Sun, 23 Jun 2013 09:58:49 -0700 (PDT) Received: by 10.205.129.204 with HTTP; Sun, 23 Jun 2013 09:58:48 -0700 (PDT) In-Reply-To: <20130623.035356.644417021040610458.hrs@allbsd.org> References: <20130623.035356.644417021040610458.hrs@allbsd.org> Date: Sun, 23 Jun 2013 11:58:48 -0500 Message-ID: Subject: Re: RFC: swapon(8) vnode-backed md and gbde/geli encryption support From: Scot Hetzel To: Hiroki Sato Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-current@freebsd.org, freebsd-rc@freebsd.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jun 2013 16:58:50 -0000 On Sat, Jun 22, 2013 at 1:53 PM, Hiroki Sato wrote: > Hi, > > I created a patchset to add support of automatic generation of > vnode-backed md(4) devices and gbde/geli geom providers to swapon(8) > via /etc/fstab. We already have equivalent functionality by using > rc.d scripts. This simplifies rc.d scripts and fixes a race between > mdconfig/gbde/geli and swapon/swapoff by using /etc/fstab. > > More specifically, the following specification will be supported: > > /dev/ada1p1.bde none swap sw 0 0 > /dev/ada1p2.eli none swap sw 0 0 > md none swap sw,file=/swap.bin 0 0 > md10 none swap sw,file=/swap10.bin 0 0 > md12 none swap sw,file=/usr/swap12.bin,late 0 0 > > Currently, rc.d/swap1, rc.d/encswap handles entries with FSTAB_SW and > then rc.d/addswap for additional swap space specified in rc.conf. > The rc.d/addswap script runs before NETWORKING, so it is difficult to > add a swap space by using a file via NFS on a diskless client. The > "late" keyword in /etc/fstab will give more flexibility in such a > case. > > So, the changes to rc.d scripts are the following: > > rc.d/encswap -> (removed) > rc.d/swap1 -> rc.d/swap > rc.d/swaplate -> (added) > > rc.d/addswap is not removed in the patchset, but is it still > necessary? I do not think using combination of rc.d scripts to > support md(4) device generation for swap spaces is robust, and I > believe /etc/fstab is sufficient for the same functionality. > > Any comments are welcome. Thank you. > The only thing I see is that you are hard coding the geli_swap_flags (i.e. -e aes -l 256 -s 4096 -d) into swapon. It would be better to have swapon read the /etc/fstab file to get these values: /dev/ada1p2.eli none swap sw,ealgo=aes,keylen=256,sectorsize=4096 0 0 /dev/ada2p2.eli none swap sw 0 0 What you could do is that if no options are specified in the swap file, swapon would then use default values for ealgo=aes, keylen=256 and sectorsize=4096. geli onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov The options for the geli encrypted swap file in /etc/fstab would then become: aalgo ealgo keylen sectorsize Note: the '-d' option would still be hard coded. -- DISCLAIMER: No electrons were maimed while sending this message. Only slightly bruised.