From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 11:02:23 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF9A016A420 for ; Mon, 30 Jan 2006 11:02:23 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 78CA543D45 for ; Mon, 30 Jan 2006 11:02:23 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0UB2Nsd019580 for ; Mon, 30 Jan 2006 11:02:23 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0UB2K8R019539 for freebsd-geom@freebsd.org; Mon, 30 Jan 2006 11:02:21 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 30 Jan 2006 11:02:21 GMT Message-Id: <200601301102.k0UB2K8R019539@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 11:02:23 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/01/21] kern/76538 geom [gbde] nfs-write on gbde partition stalls o [2005/08/04] kern/84556 geom [geom] GBDE-encrypted swap causes panic a o [2005/10/16] kern/87544 geom [gbde] mmaping large files on a gbde file o [2005/11/16] kern/89102 geom [geom_vfs] [panic] panic when forced unmo o [2005/12/08] bin/90093 geom fdisk(8) incapable of altering in-core ge o [2005/12/18] kern/90582 geom [geom_mirror] [panic] Restore cause panic 6 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/02/26] bin/78131 geom gbde "destroy" not working. o [2005/03/26] kern/79251 geom [2TB] newfs fails on 2.6TB gbde device 2 problems total. From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 14:55:59 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6038F16A420 for ; Mon, 30 Jan 2006 14:55:59 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: from smtp.operax.com (net-internal.operax.com [213.50.74.197]) by mx1.FreeBSD.org (Postfix) with SMTP id 810FE43D48 for ; Mon, 30 Jan 2006 14:55:57 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: (qmail 46144 invoked by uid 0); 30 Jan 2006 14:55:56 -0000 Received: from lulex02.ad.operax.com (192.168.2.13) by treo.operax.com with SMTP; 30 Jan 2006 14:55:56 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Mon, 30 Jan 2006 15:55:55 +0100 Message-ID: <33656995C5C5094A983DE84DA649A92449F8CC@lulex02.ad.operax.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Expandable filesystem with more disk Thread-Index: AcYlrUXHvWh2SxloTfqONLwcKZxYHQ== From: =?iso-8859-1?Q?Markus_=D6rebrand?= To: Subject: Expandable filesystem with more disk X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 14:55:59 -0000 I need a possibility to expand a filesystem by adding more disk. I am sensing that a certain GEOM setup would do the job. The ideal conditions would be: - The filesystem is created on a GEOM.=20 - Initially, the GEOM has only one consumer. - A consumer is a FreeBSD partition (created with bsdlabel(8)) - The size of the GEOM is expandable by adding more consumers. - The filesystem is expandable by using growfs(8). Are these conditions realistic? What is the procedure to a) do basic setup, b) expand the filesystem? Would this be secure (i.e. is there a risk of data corruption or -loss)? I am fairly confident that the hardware should pose no security risk (hardware RAID5, UPS on disks and server). I am thankful for all advice, Markus =D6rebrand, Systems administrator @ Operax From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 16:00:52 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6660216A420 for ; Mon, 30 Jan 2006 16:00:52 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C20FE43D46 for ; Mon, 30 Jan 2006 16:00:51 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1F3bRx-0003Rf-4k for freebsd-geom@freebsd.org; Mon, 30 Jan 2006 17:00:19 +0100 Received: from 222-1-124-83.dsl.3u.net ([83.124.1.222]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Jan 2006 17:00:17 +0100 Received: from christian.baer by 222-1-124-83.dsl.3u.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 30 Jan 2006 17:00:17 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Christian Baer Date: Mon, 30 Jan 2006 16:46:38 +0100 (CET) Organization: Convenimus Projekt Lines: 53 Message-ID: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 222-1-124-83.dsl.3u.net User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: A few things about GELI X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 16:00:52 -0000 Good afternoon[1], fellow readers! :-) Because I wanted something new to play with and because I found the idea of encrypting swap and temp space, I decided to give GELI a try. The idea of using crypto(9) seems good too, because that way hardware support is added at no extra cost - I know, that was part of the reason, why GELI was written. :-) Note: This thread is not really related to the one I started on the security mailing-list. Because of the existing crypto-hardware GELI won that race described there. This here is more of personal interest. The question is more of an academic nature, but interesting just the same: Can it be said that GELI is more secure (by design) than GBDE or vice versa? The differences are not only of cosmetic nature or in the user interface, but there is a real difference within the concept. Can one of these approaches be called more secure than the other[2]? Are there any plans to add additional ciphers like Twofish or Serpant to GELI? What does this "sector-to-sector encryption" mean and how is it different from GBDE's approach? Are there plans for a geli(4) manpage inspired by gbde(4) manpage? It just shows the non-expert wonderfully, how it works and how safe it is (in numbers). Now for some *real* questions... :-) GBDE wants to be attached to a partition like adxs1d. The examples in the handbook however suggest that GELI should be attached to the hardware-device adx and not to a partition. Why is this so? I am guessing that GELI would be just as happy to be attached to ad1s1d as to ad1 (wouldn't this be mandatory if there were more than one partition on the drive?), but does this have any (dis-) advantages? If I were to use encrypted swap space I couldn't use the fstab for these anymore. Should I do this with a start-up script and if so, where should I put it? 'Where' as in 'where should it be in the boot-order?' Basicly the same thing goes for temp-space. When should it be mounted. And more importantly, if I use a new key every time, wouldn't I need a newfs during every boot - before I mount /tmp? Regards Chris [1] Depending on your time zone of course. :-) [2] I don't see either of them being cracked any time soon and if either were attacked it would probably be easier to brute force the passphrase than to attack the architecture itself. From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 16:15:21 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB5BB16A420 for ; Mon, 30 Jan 2006 16:15:21 +0000 (GMT) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67D6E43D45 for ; Mon, 30 Jan 2006 16:15:21 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id BFBC211A50D for ; Mon, 30 Jan 2006 17:15:04 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 87900-09 for ; Mon, 30 Jan 2006 17:15:04 +0100 (CET) Received: from oxy (dsl85-238-76-104.pool.tvnet.hu [85.238.76.104]) by green.field.hu (Postfix) with ESMTP id 94ABE119C90 for ; Mon, 30 Jan 2006 17:15:04 +0100 (CET) Message-ID: <000901c625b8$68954120$0201a8c0@oxy> From: "OxY" To: Date: Mon, 30 Jan 2006 17:15:37 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Subject: geli bugreport? fdisk error with non default sector size X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 16:15:22 -0000 hi! i tried to encrypt my root partition and the whole hard disk.. used this cmd to initalize geli: #geli init -b -s 4096 -l 256 /dev/ad2 it succed, but after then i tried to use #fdisk -f part.cfg /dev/ad2.eli and it gave me an error: length must be multiple of sector size.. when i gave 4096,8192, so on to length the error was the same.. i tried to init the provdier without -s switch, then the fdisk ran without any error.. did i do something wrong or is this a bug? thanks! From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 16:47:18 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E482B16A420 for ; Mon, 30 Jan 2006 16:47:18 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1727B43D49 for ; Mon, 30 Jan 2006 16:47:17 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0ITW0069VZXYTE@ms-dienst.rz.rwth-aachen.de> for freebsd-geom@freebsd.org; Mon, 30 Jan 2006 17:46:47 +0100 (MET) Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22]) by circe (MailMonitor for SMTP v1.2.2 ) ; Mon, 30 Jan 2006 17:46:46 +0100 (MET) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by smarthost.rwth-aachen.de (8.13.1/8.13.1/1) with ESMTP id k0UGkjhp005897; Mon, 30 Jan 2006 17:46:45 +0100 Received: from lorien.hitnet.rwth-aachen.de ([137.226.181.92] helo=haakonia.hitnet.rwth-aachen.de) by bigboss.hitnet.rwth-aachen.de with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1F3cAw-0001mh-5H; Mon, 30 Jan 2006 17:46:46 +0100 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id B25BD3F40A; Mon, 30 Jan 2006 17:46:45 +0100 (CET) Date: Mon, 30 Jan 2006 17:46:45 +0100 From: Christian Brueffer In-reply-to: To: Christian Baer Message-id: <20060130164645.GA1486@haakonia.hitnet.RWTH-Aachen.DE> MIME-version: 1.0 Content-type: multipart/signed; boundary=PNTmBPCT7hxwcZjr; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.0-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: Cc: freebsd-geom@freebsd.org Subject: Re: A few things about GELI X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 16:47:19 -0000 --PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 30, 2006 at 04:46:38PM +0100, Christian Baer wrote: > Good afternoon[1], fellow readers! :-) >=20 > Because I wanted something new to play with and because I found the idea > of encrypting swap and temp space, I decided to give GELI a try. The > idea of using crypto(9) seems good too, because that way hardware > support is added at no extra cost - I know, that was part of the reason, > why GELI was written. :-) >=20 > Note: > This thread is not really related to the one I started on the security > mailing-list. Because of the existing crypto-hardware GELI won that > race described there. This here is more of personal interest. >=20 > The question is more of an academic nature, but interesting just the > same: Can it be said that GELI is more secure (by design) than GBDE or > vice versa? The differences are not only of cosmetic nature or in the > user interface, but there is a real difference within the concept. Can > one of these approaches be called more secure than the other[2]? >=20 There was a huge thread about this very topic on one of the NetBSD lists and freebsd-hackers@ between phk and the guy that implemented cgd for NetBSD (very similar in concept to geli). So, if you're interested in the gory details, I suggest you look that thread up. To cut it short: opinions differ greatly. >=20 > Are there plans for a geli(4) manpage inspired by gbde(4) manpage? It > just shows the non-expert wonderfully, how it works and how safe it is > (in numbers). >=20 That would be very useful indeed. > Now for some *real* questions... :-) >=20 > GBDE wants to be attached to a partition like adxs1d. The examples in > the handbook however suggest that GELI should be attached to the > hardware-device adx and not to a partition. Why is this so? I am > guessing that GELI would be just as happy to be attached to ad1s1d as to > ad1 (wouldn't this be mandatory if there were more than one partition on > the drive?), but does this have any (dis-) advantages? >=20 You can encrypt arbitrary providers with geli (same as with gbde). E.g. on my notebook I have encrypted ad0s1f with geli and have it attach at boot with the corresponding rc.conf variables. > If I were to use encrypted swap space I couldn't use the fstab for these > anymore. Should I do this with a start-up script and if so, where should > I put it? 'Where' as in 'where should it be in the boot-order?' >=20 To have your partitions encrypted, you just have to add .eli (for geli) or .bde (for gbde) to your device name in /etc/fstab, e.g. /dev/ad0s1b.eli on my notebook. The /etc/rc.d/encswap script does the rest automagically. That means you don't have to worry about the boot-order. (The above is true for 7-CURRENT and 6-STABLE, I'm not sure whether encswap was part of 6.0-RELEASE. For older versions, there were special gbde optio= ns for rc.conf). > Basicly the same thing goes for temp-space. When should it be mounted. > And more importantly, if I use a new key every time, wouldn't I need a > newfs during every boot - before I mount /tmp? >=20 You could use a tmpmfs (see corresponding rc.conf variables). Adding it to the geli_devices variable probably just works(tm), but it depends on the order of the rc scripts. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3kL1bHYXjKDtmC0RApr7AKDR6hNdBuIoT5FleaHYvTr+qCis/wCfa3Jr 6O/DyfZw1DCbhqConl03QuU= =pVdm -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr-- From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 19:26:47 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7838E16A420 for ; Mon, 30 Jan 2006 19:26:47 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2AD843D48 for ; Mon, 30 Jan 2006 19:26:39 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 97A3550A7F; Mon, 30 Jan 2006 20:26:36 +0100 (CET) Received: from localhost (dlt101.neoplus.adsl.tpnet.pl [83.24.49.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 6793150A16; Mon, 30 Jan 2006 20:26:30 +0100 (CET) Date: Mon, 30 Jan 2006 20:26:26 +0100 From: Pawel Jakub Dawidek To: OxY Message-ID: <20060130192626.GA928@garage.freebsd.pl> References: <000901c625b8$68954120$0201a8c0@oxy> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: <000901c625b8$68954120$0201a8c0@oxy> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: geli bugreport? fdisk error with non default sector size X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 19:26:47 -0000 --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 30, 2006 at 05:15:37PM +0100, OxY wrote: +> hi! +>=20 +> i tried to encrypt my root partition and the whole hard disk.. +> used this cmd to initalize geli: +> #geli init -b -s 4096 -l 256 /dev/ad2 +>=20 +> it succed, but after then i tried to use #fdisk -f part.cfg /dev/ad2.eli= =20 +> and it gave me an error: length must be multiple of sector size.. +> when i gave 4096,8192, so on to length the error was the same.. +> i tried to init the provdier without -s switch, then the fdisk ran witho= ut +> any error.. +>=20 +> did i do something wrong or is this a bug? Could you give me output of: # diskinfo /dev/ad2 /dev/ad2.eli --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3mhiForvXbEpPzQRAqcIAKCVMkip+vFq2CXIVKc9NJkpq1kgnwCgu6Id yHvrEfbgozSD+7bTIBD9Jz4= =2dj0 -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 20:13:05 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D92D216A420 for ; Mon, 30 Jan 2006 20:13:05 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F6AC43D48 for ; Mon, 30 Jan 2006 20:13:05 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id AABE650A7F; Mon, 30 Jan 2006 21:13:03 +0100 (CET) Received: from localhost (dlt101.neoplus.adsl.tpnet.pl [83.24.49.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id A047E50A16; Mon, 30 Jan 2006 21:12:57 +0100 (CET) Date: Mon, 30 Jan 2006 21:12:52 +0100 From: Pawel Jakub Dawidek To: Christian Baer Message-ID: <20060130201252.GB928@garage.freebsd.pl> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LyciRD1jyfeSSjG0" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: A few things about GELI X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 20:13:06 -0000 --LyciRD1jyfeSSjG0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 30, 2006 at 04:46:38PM +0100, Christian Baer wrote: +> The question is more of an academic nature, but interesting just the +> same: Can it be said that GELI is more secure (by design) than GBDE or +> vice versa? The differences are not only of cosmetic nature or in the +> user interface, but there is a real difference within the concept. Can +> one of these approaches be called more secure than the other[2]? I'm not going to answer this. In my opinion both are secure enough for most uses (ie. for data privacy). +> Are there any plans to add additional ciphers like Twofish or Serpant to +> GELI? If those will be added to crypto(9) it will be trivial to add them to geli(8). +> What does this "sector-to-sector encryption" mean and how is it +> different from GBDE's approach? In GBDE there is one sector with keys per 32 sectors with data. In GELI there is one main key and each data sector is represented by exactly one sector in *.eli provider. +> Are there plans for a geli(4) manpage inspired by gbde(4) manpage? It +> just shows the non-expert wonderfully, how it works and how safe it is +> (in numbers). Yes, there are plans... +> GBDE wants to be attached to a partition like adxs1d. The examples in +> the handbook however suggest that GELI should be attached to the +> hardware-device adx and not to a partition. Why is this so? I am +> guessing that GELI would be just as happy to be attached to ad1s1d as to +> ad1 (wouldn't this be mandatory if there were more than one partition on +> the drive?), but does this have any (dis-) advantages? Both gbde(8) and geli(8) can work just fine with any GEOM providers (disks, partitions, slices, mirrors, stripes, etc.). +> If I were to use encrypted swap space I couldn't use the fstab for these +> anymore. Should I do this with a start-up script and if so, where should +> I put it? 'Where' as in 'where should it be in the boot-order?' For swap devices you simply can put /dev/adXs1.eli to /etc/fstab and /etc/rc.d/encswap script will detect .eli suffix and configure it with one-time key. +> Basicly the same thing goes for temp-space. When should it be mounted. +> And more importantly, if I use a new key every time, wouldn't I need a +> newfs during every boot - before I mount /tmp? There is no rc.d script for this yet. So now you need to put something like this into /etc/rc.early: prov=3D`mdconfig -a -t swap -s 64m` geli onetime /dev/${prov} newfs /dev/${prov} +> [2] I don't see either of them being cracked any time soon and if either +> were attacked it would probably be easier to brute force the +> passphrase than to attack the architecture itself. In geli(8) password is protected with PKCS#5v2. On my laptop my passphrase is protected with 131072 interactions, which bascially means it is 2^17 times harder to break. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --LyciRD1jyfeSSjG0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3nNEForvXbEpPzQRAof6AKCxH5S6uOXZKF+wUgB8zmCEssp++gCeLHw3 jbsYgbnoaLENZ7fHqrEa5/4= =wMid -----END PGP SIGNATURE----- --LyciRD1jyfeSSjG0-- From owner-freebsd-geom@FreeBSD.ORG Mon Jan 30 20:29:34 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C43716A427 for ; Mon, 30 Jan 2006 20:29:34 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id C073743D45 for ; Mon, 30 Jan 2006 20:29:33 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id F039050A7F; Mon, 30 Jan 2006 21:29:31 +0100 (CET) Received: from localhost (dlt101.neoplus.adsl.tpnet.pl [83.24.49.101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 182E850A16; Mon, 30 Jan 2006 21:29:25 +0100 (CET) Date: Mon, 30 Jan 2006 21:29:21 +0100 From: Pawel Jakub Dawidek To: Markus =?iso-8859-2?Q?=D6rebrand?= Message-ID: <20060130202920.GC928@garage.freebsd.pl> References: <33656995C5C5094A983DE84DA649A92449F8CC@lulex02.ad.operax.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jy6Sn24JjFx/iggw" Content-Disposition: inline In-Reply-To: <33656995C5C5094A983DE84DA649A92449F8CC@lulex02.ad.operax.com> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: Expandable filesystem with more disk X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 20:29:34 -0000 --jy6Sn24JjFx/iggw Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 30, 2006 at 03:55:55PM +0100, Markus =D6rebrand wrote: +> I need a possibility to expand a filesystem by adding more disk. I am +> sensing that a certain GEOM setup would do the job. +>=20 +> The ideal conditions would be: +> - The filesystem is created on a GEOM.=20 +> - Initially, the GEOM has only one consumer. +> - A consumer is a FreeBSD partition (created with bsdlabel(8)) +> - The size of the GEOM is expandable by adding more consumers. +> - The filesystem is expandable by using growfs(8). +>=20 +>=20 +> Are these conditions realistic? What is the procedure to a) do basic +> setup, b) expand the filesystem? +>=20 +> Would this be secure (i.e. is there a risk of data corruption or -loss)? +> I am fairly confident that the hardware should pose no security risk +> (hardware RAID5, UPS on disks and server). You can do it with gconcat(8). Create concatenated device with two components: # gconcat label NAME ad0s1d ad1 # newfs /dev/concat/NAME When you want to add another disk: # gconcat label NAME ad0s1d ad1 ad2 # growfs /dev/concat/NAME With 'label' and 'create' subcommand you need to give at least two providers currently, but now I see it will be useful to allow to specify only one. I'll change it soon. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD3ncgForvXbEpPzQRAibNAJ9jJAhSftmVdtVEEyGztLbmlI5yFACglf4M cQbRCmT3Jy+ibv/BOgbD3ag= =B1tE -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw-- From owner-freebsd-geom@FreeBSD.ORG Tue Jan 31 09:44:39 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B694B16A420; Tue, 31 Jan 2006 09:44:39 +0000 (GMT) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4501043D45; Tue, 31 Jan 2006 09:44:39 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 0E48C11A50D; Tue, 31 Jan 2006 10:44:17 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 30531-06; Tue, 31 Jan 2006 10:44:16 +0100 (CET) Received: from oxy (dsl217-197-187-23.pool.tvnet.hu [217.197.187.23]) by green.field.hu (Postfix) with ESMTP id BC11F119C90; Tue, 31 Jan 2006 10:44:16 +0100 (CET) Message-ID: <001001c6264a$f391eca0$0201a8c0@oxy> From: "OxY" To: "Pawel Jakub Dawidek" References: <000901c625b8$68954120$0201a8c0@oxy> <20060130192626.GA928@garage.freebsd.pl> Date: Tue, 31 Jan 2006 10:44:37 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Cc: freebsd-geom@freebsd.org Subject: Re: geli bugreport? fdisk error with non default sector size X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 09:44:39 -0000 i will send it a couple hours later, i am away from the test machine right now. i've got one question: is it neccesary to leave the /boot unencrypted or it has no effect that i get non system disk message during boot after encrypted the whole system disk.. On Mon, Jan 30, 2006 at 05:15:37PM +0100, OxY wrote: +> hi! +> +> i tried to encrypt my root partition and the whole hard disk.. +> used this cmd to initalize geli: +> #geli init -b -s 4096 -l 256 /dev/ad2 +> +> it succed, but after then i tried to use #fdisk -f part.cfg /dev/ad2.eli +> and it gave me an error: length must be multiple of sector size.. +> when i gave 4096,8192, so on to length the error was the same.. +> i tried to init the provdier without -s switch, then the fdisk ran without +> any error.. +> +> did i do something wrong or is this a bug? Could you give me output of: # diskinfo /dev/ad2 /dev/ad2.eli -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! ----- Original Message ----- From: "Pawel Jakub Dawidek" To: "OxY" Cc: Sent: Monday, January 30, 2006 8:26 PM Subject: Re: geli bugreport? fdisk error with non default sector size From owner-freebsd-geom@FreeBSD.ORG Tue Jan 31 11:19:23 2006 Return-Path: X-Original-To: freebsd-geom@FreeBSD.org Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51C1C16A420 for ; Tue, 31 Jan 2006 11:19:23 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: from smtp.operax.com (net-internal.operax.com [213.50.74.197]) by mx1.FreeBSD.org (Postfix) with SMTP id 33BEC43D45 for ; Tue, 31 Jan 2006 11:19:21 +0000 (GMT) (envelope-from Markus.Orebrand@operax.com) Received: (qmail 36475 invoked by uid 0); 31 Jan 2006 11:19:20 -0000 Received: from lulex02.ad.operax.com (192.168.2.13) by treo.operax.com with SMTP; 31 Jan 2006 11:19:20 -0000 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Tue, 31 Jan 2006 12:19:20 +0100 Message-ID: <33656995C5C5094A983DE84DA649A92449F99D@lulex02.ad.operax.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Expandable filesystem with more disk Thread-Index: AcYl2+l2Z6N2NymESnytqAwD5wcFzwAejLxA From: =?iso-8859-1?Q?Markus_=D6rebrand?= To: "Pawel Jakub Dawidek" Cc: freebsd-geom@FreeBSD.org Subject: RE: Expandable filesystem with more disk X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 11:19:23 -0000 > -----Original Message----- > From: Pawel Jakub Dawidek [mailto:pjd@FreeBSD.org]=20 > Sent: den 30 januari 2006 21:29 > To: Markus =D6rebrand > Cc: freebsd-geom@FreeBSD.org > Subject: Re: Expandable filesystem with more disk >=20 > You can do it with gconcat(8). Create concatenated device with two > components: >=20 > # gconcat label NAME ad0s1d ad1 > # newfs /dev/concat/NAME >=20 > When you want to add another disk: >=20 > # gconcat label NAME ad0s1d ad1 ad2 > # growfs /dev/concat/NAME >=20 > With 'label' and 'create' subcommand you need to give at least two > providers currently, but now I see it will be useful to allow=20 > to specify > only one. I'll change it soon. >=20 Thanks for your answer. I sort of figured gconcat would be the way to go. And yes, it would be useful to allow creation with only one provider (sorry for the provider/consumer confusion earlier), especially with a number of repos of this kind. Still, what are the chances of data corruption when adding more providers and then growfs? Growfs comes bundled with warnings at least... -- Markus =D6rebrand, Systems administrator @ Operax From owner-freebsd-geom@FreeBSD.ORG Tue Jan 31 12:01:52 2006 Return-Path: X-Original-To: freebsd-geom@FreeBSD.org Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 808D716A420 for ; Tue, 31 Jan 2006 12:01:52 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D50A43D49 for ; Tue, 31 Jan 2006 12:01:51 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 861D650A7F; Tue, 31 Jan 2006 13:01:49 +0100 (CET) Received: from localhost (ana50.internetdsl.tpnet.pl [83.17.82.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 5320850A3E; Tue, 31 Jan 2006 13:01:37 +0100 (CET) Date: Tue, 31 Jan 2006 13:01:30 +0100 From: Pawel Jakub Dawidek To: Markus =?iso-8859-2?Q?=D6rebrand?= Message-ID: <20060131120130.GC83051@garage.freebsd.pl> References: <33656995C5C5094A983DE84DA649A92449F99D@lulex02.ad.operax.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cHMo6Wbp1wrKhbfi" Content-Disposition: inline In-Reply-To: <33656995C5C5094A983DE84DA649A92449F99D@lulex02.ad.operax.com> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-geom@FreeBSD.org Subject: Re: Expandable filesystem with more disk X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 12:01:52 -0000 --cHMo6Wbp1wrKhbfi Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 31, 2006 at 12:19:20PM +0100, Markus =D6rebrand wrote: +> And yes, it would be useful to allow creation with only one provider +> (sorry for the provider/consumer confusion earlier), especially with a +> number of repos of this kind. I committed such functionality to HEAD, should be available in 6.1. +> Still, what are the chances of data corruption when adding more +> providers and then growfs? Growfs comes bundled with warnings at +> least... Adding more providers with gconcat(8) is safe (as long as you don't change the order of providers). I don't know how reliable growfs(8) is... --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --cHMo6Wbp1wrKhbfi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD31GaForvXbEpPzQRAi3BAKC5oBsW4CohjoDguStFYZp5yxmGoACgjhHa d7+Q7DhNOve+mz+cxZ9y0CA= =ONcK -----END PGP SIGNATURE----- --cHMo6Wbp1wrKhbfi-- From owner-freebsd-geom@FreeBSD.ORG Tue Jan 31 22:04:25 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FC3716A422; Tue, 31 Jan 2006 22:04:25 +0000 (GMT) (envelope-from oxy@field.hu) Received: from green.field.hu (green.field.hu [217.20.130.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9173343D48; Tue, 31 Jan 2006 22:04:24 +0000 (GMT) (envelope-from oxy@field.hu) Received: from localhost (green.field.hu [217.20.130.28]) by green.field.hu (Postfix) with ESMTP id 39EB911A50D; Tue, 31 Jan 2006 23:03:58 +0100 (CET) Received: from green.field.hu ([217.20.130.28]) by localhost (green.field.hu [217.20.130.28]) (amavisd-new, port 10024) with ESMTP id 72795-02; Tue, 31 Jan 2006 23:03:58 +0100 (CET) Received: from oxy (dsl217-197-187-23.pool.tvnet.hu [217.197.187.23]) by green.field.hu (Postfix) with ESMTP id E960B119C90; Tue, 31 Jan 2006 23:03:57 +0100 (CET) Message-ID: <002101c626b2$4b850200$0201a8c0@oxy> From: "OxY" To: "Pawel Jakub Dawidek" Date: Tue, 31 Jan 2006 23:04:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Scanned: by Amavisd-new (Spamassassin+Razor2+Pyzor+DCC+Bayes db, Clamd Antivirus) at field.hu Cc: freebsd-geom@freebsd.org Subject: root partition on geli+gmirror X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 22:04:25 -0000 hi! now, i'm in the last phase, the encrypted system is bootable, everything is set, need to go! booting fs is (/dev/mirror/plex0s1a) but i can't boot... the system asks for password for the encrypted file system (/dev/mirror/plex0s2.elia) before mounting the root fs.. after it's done booting sequence prints the usual geli attach msg, then goes on.. and then..it hangs, mountroot:> line, need to type in the valid path for the root fs however i did it before to the fstab.. /dev/mirror/plex0s2.elib none swap sw 0 0 /dev/mirror/plex0s2.elia / ufs rw 1 1 after i type in the: ufs:mirror/plex0s2.elia path then boot goes on, everythings fine, system boots up! did i do anything wrong, or theres something mess around geli+gmirror combo.. before the mirroring i tested geli alone, and it booted up well, without any problem.. may i attach any log, output, etc? thanks for your help in advance! From owner-freebsd-geom@FreeBSD.ORG Wed Feb 1 00:51:48 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB7B716A420 for ; Wed, 1 Feb 2006 00:51:48 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCCB443D49 for ; Wed, 1 Feb 2006 00:51:47 +0000 (GMT) (envelope-from gcubfg-freebsd-geom@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1F46Di-0005gP-9I for freebsd-geom@freebsd.org; Wed, 01 Feb 2006 01:51:38 +0100 Received: from p508c1b93.dip0.t-ipconnect.de ([80.140.27.147]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 01 Feb 2006 01:51:38 +0100 Received: from christian.baer by p508c1b93.dip0.t-ipconnect.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 01 Feb 2006 01:51:38 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-geom@freebsd.org From: Christian Baer Date: Tue, 31 Jan 2006 11:48:58 +0100 (CET) Organization: Convenimus Projekt Lines: 22 Message-ID: References: <000901c625b8$68954120$0201a8c0@oxy> <20060130192626.GA928@garage.freebsd.pl> <001001c6264a$f391eca0$0201a8c0@oxy> X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: p508c1b93.dip0.t-ipconnect.de User-Agent: slrn/0.9.8.1 (FreeBSD) Sender: news Subject: Re: geli bugreport? fdisk error with non default sector size X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2006 00:51:48 -0000 On Tue, 31 Jan 2006 10:44:37 +0100 OxY wrote: > i've got one question: > is it neccesary to leave the /boot unencrypted or it has no effect > that i get non system disk message during boot after encrypted the > whole system disk.. I'm not sure what you are getting at, so I'll just put this in a general statement: You cannot boot the kernel from an encrypted file system. This would be a little like the "chicken or the egg problem". Encrypted filesystems cannot be read unless attached to the kernel. But without reading from your encrypted file system, you can't boot the kernel - because it's on there. If you really want to encrypt *all* of your disk space, boot the kernel from something else (CD-ROM, USB-Stick etc.). Regards Chris From owner-freebsd-geom@FreeBSD.ORG Wed Feb 1 08:50:00 2006 Return-Path: X-Original-To: freebsd-geom@freebsd.org Delivered-To: freebsd-geom@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0781816A420 for ; Wed, 1 Feb 2006 08:50:00 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F46F43D45 for ; Wed, 1 Feb 2006 08:49:53 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 6F54552D03; Wed, 1 Feb 2006 09:49:51 +0100 (CET) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 9762A51878; Wed, 1 Feb 2006 09:49:45 +0100 (CET) Date: Wed, 1 Feb 2006 09:49:40 +0100 From: Pawel Jakub Dawidek To: OxY Message-ID: <20060201084940.GB764@garage.freebsd.pl> References: <002101c626b2$4b850200$0201a8c0@oxy> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline In-Reply-To: <002101c626b2$4b850200$0201a8c0@oxy> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: root partition on geli+gmirror X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2006 08:50:00 -0000 --+g7M9IMkV8truYOl Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 31, 2006 at 11:04:22PM +0100, OxY wrote: +> hi! +>=20 +> now, i'm in the last phase, the encrypted system is bootable, everything +> is set, need to go! +> booting fs is (/dev/mirror/plex0s1a) +> but i can't boot... the system asks for password for the encrypted file = system (/dev/mirror/plex0s2.elia) before mounting the root fs.. +> after it's done booting sequence prints the usual geli attach msg, then = goes on.. +> and then..it hangs, mountroot:> line, need to type in the valid path for= the root fs +> however i did it before to the fstab.. +> /dev/mirror/plex0s2.elib none swap sw 0 0 +> /dev/mirror/plex0s2.elia / ufs rw 1 1 +>=20 +> after i type in the: ufs:mirror/plex0s2.elia path then boot goes on, e= verythings fine, +> system boots up! +> did i do anything wrong, or theres something mess around geli+gmirror co= mbo.. +> before the mirroring i tested geli alone, and it booted up well, without= any problem.. +> may i attach any log, output, etc? Can you try to add /etc/fstab file to the device from which you are booting (where you have /boot/ directory)? --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD4HYjForvXbEpPzQRAmJaAKDakD2+u0lghFfUwXyJY71CzD8KcACglj10 g6ccrt/kW75sW67x6i+wLzA= =9/BE -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl-- From owner-freebsd-geom@FreeBSD.ORG Wed Feb 1 22:35:22 2006 Return-Path: X-Original-To: geom@freebsd.org Delivered-To: freebsd-geom@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F5E316A420 for ; Wed, 1 Feb 2006 22:35:22 +0000 (GMT) (envelope-from gbaratto@superb.net) Received: from smail2.superb.net (smail2.superb.net [64.251.80.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E48B43D46 for ; Wed, 1 Feb 2006 22:35:21 +0000 (GMT) (envelope-from gbaratto@superb.net) Received: from [64.251.80.100] (100.80.251.64.yvr1.superb.net [64.251.80.100]) by smail2.superb.net (Postfix) with ESMTP id C56C41F8EE3 for ; Wed, 1 Feb 2006 14:35:20 -0800 (PST) Message-ID: <43E137A9.9060701@superb.net> Date: Wed, 01 Feb 2006 14:35:21 -0800 From: "Gustavo A. Baratto" User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: geom@freebsd.org References: <013c01c622cb$43256ef0$6450fb40@guinness> <43D97268.2030700@fer.hr> <01a601c622eb$f5d62970$6450fb40@guinness> <20060127085517.GA789@garage.freebsd.pl> In-Reply-To: <20060127085517.GA789@garage.freebsd.pl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: gmirror + ggate X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Feb 2006 22:35:22 -0000 Hey all... ggate doesnt seem to have a start script like other geom classes. What's the best way to mount a gmirrored ggated device at start up? Before gmirror was running in this server, I just created a simple script in /usr/local/etc/rc.d to mount the ggate devices: --------- #!/bin/sh /sbin/ggatec create -R 262144 -S 262144 -o rw 10.10.10.3 /dev/da0s1g /sbin/ggatec create -R 262144 -S 262144 -o rw 10.10.10.4 /dev/da0s1g /sbin/mount /dev/ggate0 /mount_point_0 /sbin/mount /dev/ggate1 /mount_point_1 --------- Now... If at boot time I want to startup these two ggate devices gmirrored, what's the best approach? I was thinking I could add 'geom_mirror_load="YES"' in loader.conf, then then run 'gmirror configure -h gm0' Is that the recommended approach? If yes, do I still need to run the script above to plumb the ggate devices, or -h does that for us? Cheers all ;) Pawel Jakub Dawidek wrote: > On Thu, Jan 26, 2006 at 06:47:06PM -0800, Gustavo A. Baratto wrote: > +> Thanks for the links Ivan... > +> > +> They answered some of my questions, but mostly they don't really describe what I wanna do, because they mostly refer to more than one client mounting a gmirrored+ggated > +> device. I want just one server to mount a gmirrored device, exported from two different boxes through ggated. > +> > +> Being more specific: > +> > +> - Servers X and Y will be file server. They will have big sized identical partitions (for example /dev/da0s1f), that will be exported through ggated, and of course not > +> mounted on servers X and Y. > +> > +> - Server A will ggatec the remote /dev/da0s1f devices from both servers X and Y (/dev/ggate0 and /dev/ggate1). > +> Then, server A will create the mirror with the devices ggate0 and ggate1: > +> # gmirror label -v -b round-robin data ggate0 > +> # gmirror insert data ggate1 > +> # mount /dev/mirror/data /mnt > +> > +> Just server A will mount /dev/mirror/data RW (or even RO). > > There will be a problem when you lost connection to one of the servers - > ggate will return EIO (or ENXIO) on every I/O request, so gmirror will > mark this component as broken and will remove it from the mirror so it > won't be automatically reconnected when the connection come back. > > I was wondering how to handle this better. I think we can return ENXIO > from ggate and just disconnect provider on error != EIO (without marking > it as broken). > From owner-freebsd-geom@FreeBSD.ORG Thu Feb 2 02:23:29 2006 Return-Path: X-Original-To: geom@freebsd.org Delivered-To: freebsd-geom@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E51EE16A422 for ; Thu, 2 Feb 2006 02:23:29 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id EDDBA43D45 for ; Thu, 2 Feb 2006 02:23:26 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 532FF50A7F; Thu, 2 Feb 2006 03:23:25 +0100 (CET) Received: from localhost (dlu224.neoplus.adsl.tpnet.pl [83.24.50.224]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id A2C4350A3E; Thu, 2 Feb 2006 03:23:18 +0100 (CET) Date: Thu, 2 Feb 2006 03:23:11 +0100 From: Pawel Jakub Dawidek To: "Gustavo A. Baratto" Message-ID: <20060202022310.GA7770@garage.freebsd.pl> References: <013c01c622cb$43256ef0$6450fb40@guinness> <20060127085517.GA789@garage.freebsd.pl> <02d901c623c2$3cb54ca0$6450fb40@guinness> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline In-Reply-To: <02d901c623c2$3cb54ca0$6450fb40@guinness> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: geom@freebsd.org Subject: Re: gmirror + ggate X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 02:23:30 -0000 --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 27, 2006 at 08:20:57PM -0800, Gustavo A. Baratto wrote: +> Hi Pawel... +>=20 +> Is there any patch available for that out there? or it is something in t= he "to be done" queue? No patch yet, but I'm slowly moving to that direction:) --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD4W0OForvXbEpPzQRAlAoAKCnjALyK1ZrbGWO2mOBikG9IFlDyACeN/FO vsMFIEE+YVj3C5EpLEB12Xw= =1Eh6 -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv-- From owner-freebsd-geom@FreeBSD.ORG Thu Feb 2 02:29:17 2006 Return-Path: X-Original-To: geom@freebsd.org Delivered-To: freebsd-geom@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C07416A420 for ; Thu, 2 Feb 2006 02:29:17 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl [83.17.198.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90F0543D45 for ; Thu, 2 Feb 2006 02:29:16 +0000 (GMT) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id C2FC650A7F; Thu, 2 Feb 2006 03:29:14 +0100 (CET) Received: from localhost (dlu224.neoplus.adsl.tpnet.pl [83.24.50.224]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 0F86A50A3E; Thu, 2 Feb 2006 03:29:08 +0100 (CET) Date: Thu, 2 Feb 2006 03:29:01 +0100 From: Pawel Jakub Dawidek To: "Gustavo A. Baratto" Message-ID: <20060202022901.GB7770@garage.freebsd.pl> References: <013c01c622cb$43256ef0$6450fb40@guinness> <43D97268.2030700@fer.hr> <01a601c622eb$f5d62970$6450fb40@guinness> <20060127085517.GA789@garage.freebsd.pl> <43E137A9.9060701@superb.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PmA2V3Z32TCmWXqI" Content-Disposition: inline In-Reply-To: <43E137A9.9060701@superb.net> X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 7.0-CURRENT i386 User-Agent: mutt-ng/devel-r535 (FreeBSD) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: geom@freebsd.org Subject: Re: gmirror + ggate X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 02:29:17 -0000 --PmA2V3Z32TCmWXqI Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 01, 2006 at 02:35:21PM -0800, Gustavo A. Baratto wrote: +> Hey all... +>=20 +> ggate doesnt seem to have a start script like other geom classes. +>=20 +> What's the best way to mount a gmirrored ggated device at start up? +>=20 +> Before gmirror was running in this server, I just created a simple scrip= t in /usr/local/etc/rc.d to mount the ggate devices: +> --------- +> #!/bin/sh +>=20 +> /sbin/ggatec create -R 262144 -S 262144 -o rw 10.10.10.3 /dev/da0s1g +> /sbin/ggatec create -R 262144 -S 262144 -o rw 10.10.10.4 /dev/da0s1g +>=20 +> /sbin/mount /dev/ggate0 /mount_point_0 +> /sbin/mount /dev/ggate1 /mount_point_1 +> --------- +>=20 +> Now... If at boot time I want to startup these two ggate devices gmirror= ed, what's the best approach? +>=20 +> I was thinking I could add 'geom_mirror_load=3D"YES"' in loader.conf, th= en then run 'gmirror configure -h gm0' So just has to create ggate provider (with ggatec), gmirror(8) will handle the rest automatically. +> Is that the recommended approach? If yes, do I still need to run the scr= ipt above to plumb the ggate devices, or -h does that for us? You don't need -h and you don't need to use gmirror in your script at all. There is currently no rc.d/ scripts for ggate, but you can check out freebsd-geom@ archives, I think someone post such scripts some time ago, but I haven't had time to look into it yet. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --PmA2V3Z32TCmWXqI Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD4W5tForvXbEpPzQRAgc6AKDOq+jn1dEl7gFlVoZivpt0rHdjXACdH7Fv /ksfe0xK+6fJ8DlJ7zNvx2M= =C22M -----END PGP SIGNATURE----- --PmA2V3Z32TCmWXqI--