From owner-freebsd-geom@FreeBSD.ORG  Mon Feb  6 11:02:10 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6B66316A420
	for <freebsd-geom@freebsd.org>; Mon,  6 Feb 2006 11:02:10 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1ED5143D49
	for <freebsd-geom@freebsd.org>; Mon,  6 Feb 2006 11:02:10 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (peter@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k16B29Vr081692
	for <freebsd-geom@freebsd.org>; Mon, 6 Feb 2006 11:02:09 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Received: (from peter@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k16B28J9081686
	for freebsd-geom@freebsd.org; Mon, 6 Feb 2006 11:02:08 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Date: Mon, 6 Feb 2006 11:02:08 GMT
Message-Id: <200602061102.k16B28J9081686@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: peter set sender to
	owner-bugmaster@freebsd.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-geom@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2006 11:02:10 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2005/01/21] kern/76538  geom        [gbde] nfs-write on gbde partition stalls
o [2005/08/04] kern/84556  geom        [geom] GBDE-encrypted swap causes panic a
o [2005/10/16] kern/87544  geom        [gbde] mmaping large files on a gbde file
o [2005/11/16] kern/89102  geom        [geom_vfs] [panic] panic when forced unmo
o [2005/12/08] bin/90093   geom        fdisk(8) incapable of altering in-core ge
o [2005/12/18] kern/90582  geom        [geom_mirror] [panic] Restore cause panic

6 problems total.

Non-critical problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2005/02/26] bin/78131   geom        gbde "destroy" not working.
o [2005/03/26] kern/79251  geom        [2TB] newfs fails on 2.6TB gbde device

2 problems total.


From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 09:54:34 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DFBE916A422
	for <freebsd-geom@freebsd.org>; Tue,  7 Feb 2006 09:54:33 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from maya.ngi.it (ns2.ngi.it [194.185.88.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 24E9B43D55
	for <freebsd-geom@freebsd.org>; Tue,  7 Feb 2006 09:54:32 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from k7.diff.org (81-174-26-135.f5.ngi.it [81.174.26.135])
	by maya.ngi.it (8.13.5/8.13.5) with ESMTP id k179sImw005340;
	Tue, 7 Feb 2006 10:54:19 +0100
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by k7.diff.org (8.13.4/8.13.4) with ESMTP id k179ssmw025242;
	Tue, 7 Feb 2006 10:54:54 +0100 (CET)
	(envelope-from nonsolosoft@diff.org)
Message-ID: <43E86E6E.1030200@diff.org>
Date: Tue, 07 Feb 2006 10:54:54 +0100
From: Ferruccio Zamuner <nonsolosoft@diff.org>
Organization: NonSoLoSoft - http://www.nonsolosoft.com/
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051116
X-Accept-Language: it, en-us, en
MIME-Version: 1.0
To: freebsd-geom@freebsd.org
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: nonsolosoft@diff.org
Subject: gvinum setstate failure
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: nonsolosoft@diff.org
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 09:54:34 -0000

Hi,

last night FreeBSD 6 has rebooted.
This morning I've found some trouble mounting /dev/gvinum devices.

I've looked at log/messages

Feb  7 03:01:54 k7 kernel: ad5: FAILURE - READ_DMA 
status=51<READY,DSC,ERROR> error=40<UNCORRECTABLE> LBA=23892776
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: subdisk sicuro.p0.s0 state 
change: up -> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: plex sicuro.p0 state change: up 
-> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: subdisk veloce.p0.s0 state 
change: up -> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: plex veloce.p0 state change: up 
-> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: subdisk vtmp.p0.s0 state change: 
up -> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: plex vtmp.p0 state change: up -> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: subdisk vvar.p0.s0 state change: 
up -> down
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: plex vvar.p0 state change: up -> down
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2990784512, length=2048)]error = 5
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2990786560, length=2048)]error = 6
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2990788608, length=2048)]error = 6
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2990790656, length=2048)]error = 6
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2990792704, length=2048)]error = 6
[...]
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=3179169792, length=2048)]error = 6
Feb  7 03:01:54 k7 kernel: GEOM_VINUM: lost drive 'med'
[...]
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=2242658304, length=2048)]error = 6
Feb  7 03:01:54 k7 kernel: 
g_vfs_done():gvinum/veloce[READ(offset=5788942336, length=2048)]error = 6
Feb  7 03:01:55 k7 kernel: GEOM_VINUM: subdisk sicuro.p0.s0 state 
change: down -> stale
Feb  7 03:01:55 k7 kernel: GEOM_VINUM: subdisk veloce.p0.s0 state 
change: down -> stale
Feb  7 03:01:55 k7 kernel: GEOM_VINUM: subdisk vtmp.p0.s0 state change: 
down -> stale
Feb  7 03:01:55 k7 kernel: GEOM_VINUM: subdisk vvar.p0.s0 state change: 
down -> stale
Feb  7 03:02:02 k7 kernel: 
g_vfs_done():gvinum/veloce[WRITE(offset=49152, length=16384)]error = 6
Feb  7 03:02:02 k7 kernel: 
g_vfs_done():gvinum/veloce[WRITE(offset=65536, length=16384)]error = 6
Feb  7 03:02:02 k7 kernel: 
g_vfs_done():gvinum/veloce[WRITE(offset=81920, length=16384)]error = 6

And then at next boot:
Feb  7 09:10:00 k7 kernel: ad0: 117246MB <Maxtor 6Y120P0 YAR41BW0> at 
ata0-master UDMA100
Feb  7 09:10:00 k7 kernel: acd0: DVDR <NEC DVD RW ND-3540A/1.01> at 
ata1-master UDMA33
Feb  7 09:10:00 k7 kernel: ad4: 38172MB <MAXTOR 6L040J2 AR1.0500> at 
ata2-master UDMA133
Feb  7 09:10:00 k7 kernel: ad5: 76293MB <Maxtor 6Y080L0 YAR41BW0> at 
ata2-slave UDMA133
Feb  7 09:10:00 k7 kernel: ad6: 78167MB <Maxtor 6Y080L0 YAR41BW0> at 
ata3-master UDMA133
Feb  7 09:10:00 k7 kernel: GEOM_VINUM: subdisk sicuro.p0.s0 state 
change: down -> stale
Feb  7 09:10:00 k7 kernel: GEOM_VINUM: subdisk veloce.p0.s0 state 
change: down -> stale
Feb  7 09:10:00 k7 kernel: GEOM_VINUM: subdisk vtmp.p0.s0 state change: 
down -> stale
Feb  7 09:10:00 k7 kernel: GEOM_VINUM: subdisk vvar.p0.s0 state change: 
down -> stale

While I'm able to execute from gvinum
gvinum -> setstate up veloce.p0.s0

The same command on sicuro.p0.s0 fails:
gvinum -> setstate up sicuro.p0.s0
gvinum: cannot set subdisk state

gvinum -> setstate up sicuro.p1.s0
gvinum: cannot set subdisk state

sicuro is the name of volume in mirror, while veloce is in stripping.

How can I change stale status to up on those subdisks?

I'm upgrading to latest FreeBSD 6.x available and I'll retry.

Is there any suggestion to recover this freebsd partition?


Thank you in advance.                       \fer

From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 10:10:28 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4451316A420
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 10:10:28 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from imap1u.univie.ac.at (imap1u.univie.ac.at [131.130.1.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B35AD43D46
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 10:10:27 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from pcle2.cc.univie.ac.at (pcle2.cc.univie.ac.at [131.130.2.177])
	by imap1u.univie.ac.at (8.12.10/8.12.10) with ESMTP id k17A1FF1005238
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 7 Feb 2006 11:01:16 +0100 (CET)
Date: Tue, 7 Feb 2006 11:01:14 +0100 (CET)
From: Lukas Ertl <le@FreeBSD.org>
To: Ferruccio Zamuner <nonsolosoft@diff.org>
In-Reply-To: <43E86E6E.1030200@diff.org>
Message-ID: <20060207110028.U3500@pcle2.cc.univie.ac.at>
References: <43E86E6E.1030200@diff.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-DCC-ZID-Univie-Metrics: mx9.univie.ac.at 4248; Body=2 Fuz1=2 Fuz2=2
Cc: freebsd-geom@FreeBSD.org
Subject: Re: gvinum setstate failure
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 10:10:28 -0000

On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:

> While I'm able to execute from gvinum
> gvinum -> setstate up veloce.p0.s0
>
> The same command on sicuro.p0.s0 fails:
> gvinum -> setstate up sicuro.p0.s0
> gvinum: cannot set subdisk state
>
> gvinum -> setstate up sicuro.p1.s0
> gvinum: cannot set subdisk state
>
> sicuro is the name of volume in mirror, while veloce is in stripping.
>
> How can I change stale status to up on those subdisks?

If it's a mirror you should run "start <volume>" to let it synchronize.

regards,
le

-- 
Lukas Ertl                         http://homepage.univie.ac.at/l.ertl/
le@FreeBSD.org                     http://people.freebsd.org/~le/

From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 10:40:25 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7977F16A420
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 10:40:25 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from agnus.ngi.it (ns.virtuo.it [88.149.128.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 84F7A43D4C
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 10:40:19 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from k7.diff.org (81-174-26-135.f5.ngi.it [81.174.26.135])
	by agnus.ngi.it (8.13.5/8.13.5) with ESMTP id k17AeCau000963;
	Tue, 7 Feb 2006 11:40:16 +0100
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by k7.diff.org (8.13.4/8.13.4) with ESMTP id k17AekjR026586;
	Tue, 7 Feb 2006 11:40:48 +0100 (CET)
	(envelope-from nonsolosoft@diff.org)
Message-ID: <43E8792E.4080702@diff.org>
Date: Tue, 07 Feb 2006 11:40:46 +0100
From: Ferruccio Zamuner <nonsolosoft@diff.org>
Organization: NonSoLoSoft - http://www.nonsolosoft.com/
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051116
X-Accept-Language: it, en-us, en
MIME-Version: 1.0
To: freebsd-geom@FreeBSD.org
References: <43E86E6E.1030200@diff.org>
	<20060207110028.U3500@pcle2.cc.univie.ac.at>
In-Reply-To: <20060207110028.U3500@pcle2.cc.univie.ac.at>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Ferruccio Zamuner <nonsolosoft@diff.org>
Subject: Re: gvinum setstate failure
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: nonsolosoft@diff.org
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 10:40:25 -0000

Lukas Ertl wrote:

> On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:
>
>> The same command on sicuro.p0.s0 fails:
>> gvinum -> setstate up sicuro.p0.s0
>> gvinum: cannot set subdisk state
>>
>> gvinum -> setstate up sicuro.p1.s0
>> gvinum: cannot set subdisk state
>>
>> sicuro is the name of volume in mirror, while veloce is in stripping.
>>
>> How can I change stale status to up on those subdisks?
>
>
> If it's a mirror you should run "start <volume>" to let it synchronize.
>
> regards,
> le
>
gvinum -> start sicuro
gvinum: can't start: cannot start volume 'sicuro'; errno: 6

How can I fix it?


Thank you again.                     \fer


From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 11:10:52 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9FBB416A422
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 11:10:52 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from imap1u.univie.ac.at (imap1.unet.univie.ac.at [131.130.1.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ED6E743D48
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 11:10:51 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from pcle2.cc.univie.ac.at (pcle2.cc.univie.ac.at [131.130.2.177])
	by imap1u.univie.ac.at (8.12.10/8.12.10) with ESMTP id k17B9BF1041460
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 7 Feb 2006 12:09:12 +0100 (CET)
Date: Tue, 7 Feb 2006 12:09:11 +0100 (CET)
From: Lukas Ertl <le@FreeBSD.org>
To: Ferruccio Zamuner <nonsolosoft@diff.org>
In-Reply-To: <43E8792E.4080702@diff.org>
Message-ID: <20060207120851.N3500@pcle2.cc.univie.ac.at>
References: <43E86E6E.1030200@diff.org>
	<20060207110028.U3500@pcle2.cc.univie.ac.at>
	<43E8792E.4080702@diff.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-DCC-ZID-Univie-Metrics: mx8 4248; Body=2 Fuz1=2 Fuz2=2
Cc: freebsd-geom@FreeBSD.org
Subject: Re: gvinum setstate failure
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 11:10:52 -0000

On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:

>> If it's a mirror you should run "start <volume>" to let it synchronize.
>> 
> gvinum -> start sicuro
> gvinum: can't start: cannot start volume 'sicuro'; errno: 6

Please send me the output of 'gvinum l'.

Thanks,
le

-- 
Lukas Ertl                         http://homepage.univie.ac.at/l.ertl/
le@FreeBSD.org                     http://people.freebsd.org/~le/

From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 11:23:43 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B595F16A420;
	Tue,  7 Feb 2006 11:23:43 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from maya.ngi.it (maya.ngi.it [194.185.88.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0727643D46;
	Tue,  7 Feb 2006 11:23:42 +0000 (GMT)
	(envelope-from nonsolosoft@diff.org)
Received: from k7.diff.org (81-174-26-135.f5.ngi.it [81.174.26.135])
	by maya.ngi.it (8.13.5/8.13.5) with ESMTP id k17BNe20013444;
	Tue, 7 Feb 2006 12:23:40 +0100
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by k7.diff.org (8.13.4/8.13.4) with ESMTP id k17BOFiN026727;
	Tue, 7 Feb 2006 12:24:16 +0100 (CET)
	(envelope-from nonsolosoft@diff.org)
Message-ID: <43E8835F.1020705@diff.org>
Date: Tue, 07 Feb 2006 12:24:15 +0100
From: Ferruccio Zamuner <nonsolosoft@diff.org>
Organization: NonSoLoSoft - http://www.nonsolosoft.com/
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051116
X-Accept-Language: it, en-us, en
MIME-Version: 1.0
To: Lukas Ertl <le@FreeBSD.org>
References: <43E86E6E.1030200@diff.org>
	<20060207110028.U3500@pcle2.cc.univie.ac.at>
	<43E8792E.4080702@diff.org>
	<20060207120851.N3500@pcle2.cc.univie.ac.at>
	<43E88114.30103@diff.org>
	<20060207121721.M3500@pcle2.cc.univie.ac.at>
In-Reply-To: <20060207121721.M3500@pcle2.cc.univie.ac.at>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: nonsolosoft@diff.org, freebsd-geom@FreeBSD.org
Subject: Re: gvinum l (Was: Re: gvinum setstate failure)
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: nonsolosoft@diff.org
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 11:23:43 -0000

Lukas Ertl wrote:

> On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:
>
>> 6 subdisks:
>> S sicuro.p0.s0          State: stale    D: med          Size:         
>> 10 GB
>> S sicuro.p1.s0          State: stale    D: new          Size:         
>> 10 GB
>> S veloce.p0.s0          State: up       D: med          Size:       
>> 5120 MB
>> S veloce.p0.s1          State: up       D: new          Size:       
>> 5120 MB
>> S vtmp.p0.s0            State: stale    D: med          Size:        
>> 300 MB
>> S vvar.p0.s0            State: stale    D: med          Size:        
>> 300 MB
>
>
> Ok, you might succeed with:
>
> setstate -f up sicuro.p0.s0
>
> and the "start sicuro".
>
> HTH,
> cheers,
> le


Thank you. I was sad to see again problem on the mirror.


Bye,                       \fer

From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 11:40:18 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A3E1616A422
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 11:40:18 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from imap1u.univie.ac.at (imap1.unet.univie.ac.at [131.130.1.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D6EA643D45
	for <freebsd-geom@FreeBSD.org>; Tue,  7 Feb 2006 11:40:13 +0000 (GMT)
	(envelope-from le@FreeBSD.org)
Received: from pcle2.cc.univie.ac.at (pcle2.cc.univie.ac.at [131.130.2.177])
	by imap1u.univie.ac.at (8.12.10/8.12.10) with ESMTP id k17BQ9F1050407
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 7 Feb 2006 12:26:10 +0100 (CET)
Date: Tue, 7 Feb 2006 12:26:09 +0100 (CET)
From: Lukas Ertl <le@FreeBSD.org>
To: Ferruccio Zamuner <nonsolosoft@diff.org>
In-Reply-To: <43E8835F.1020705@diff.org>
Message-ID: <20060207122546.P3500@pcle2.cc.univie.ac.at>
References: <43E86E6E.1030200@diff.org>
	<20060207110028.U3500@pcle2.cc.univie.ac.at>
	<43E8792E.4080702@diff.org>
	<20060207120851.N3500@pcle2.cc.univie.ac.at>
	<43E88114.30103@diff.org> <20060207121721.M3500@pcle2.cc.univie.ac.at>
	<43E8835F.1020705@diff.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-DCC-ZID-Univie-Metrics: mx8 4248; Body=2 Fuz1=2 Fuz2=2
Cc: freebsd-geom@FreeBSD.org
Subject: Re: gvinum l (Was: Re: gvinum setstate failure)
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 11:40:18 -0000

On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:

> Thank you. I was sad to see again problem on the mirror.

Does that mean it's working now or not?

regards,
le

-- 
Lukas Ertl                         http://homepage.univie.ac.at/l.ertl/
le@FreeBSD.org                     http://people.freebsd.org/~le/

From owner-freebsd-geom@FreeBSD.ORG  Tue Feb  7 23:50:15 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@FreeBSD.org
Delivered-To: freebsd-geom@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A57216A420;
	Tue,  7 Feb 2006 23:50:15 +0000 (GMT) (envelope-from grog@lemis.com)
Received: from ext-gw.lemis.com (ext-gw.lemis.com [150.101.14.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DD69A43D48;
	Tue,  7 Feb 2006 23:50:14 +0000 (GMT) (envelope-from grog@lemis.com)
Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.135])
	by ext-gw.lemis.com (Postfix) with ESMTP id 9117E1310BC;
	Wed,  8 Feb 2006 10:20:13 +1030 (CST)
Received: by wantadilla.lemis.com (Postfix, from userid 1004)
	id 780A3857EF; Wed,  8 Feb 2006 10:20:13 +1030 (CST)
Date: Wed, 8 Feb 2006 10:20:13 +1030
From: Greg 'groggy' Lehey <grog@FreeBSD.org>
To: Lukas Ertl <le@FreeBSD.org>
Message-ID: <20060207235013.GJ855@wantadilla.lemis.com>
References: <43E86E6E.1030200@diff.org>
	<20060207110028.U3500@pcle2.cc.univie.ac.at>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="k6SrlR5F+BMzH45x"
Content-Disposition: inline
In-Reply-To: <20060207110028.U3500@pcle2.cc.univie.ac.at>
User-Agent: Mutt/1.4.2.1i
Organization: The FreeBSD Project
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-418-838-708
VoIP: sip:0871270137@sip.internode.on.net
WWW-Home-Page: http://www.FreeBSD.org/
X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F  09AC 22E6 F290 507A 4223
Cc: Ferruccio Zamuner <nonsolosoft@diff.org>, freebsd-geom@FreeBSD.org
Subject: Re: gvinum setstate failure
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2006 23:50:15 -0000


--k6SrlR5F+BMzH45x
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tuesday,  7 February 2006 at 11:01:14 +0100, Lukas Ertl wrote:
> On Tue, 7 Feb 2006, Ferruccio Zamuner wrote:
>
>> While I'm able to execute from gvinum
>> gvinum -> setstate up veloce.p0.s0
>>
>> The same command on sicuro.p0.s0 fails:
>> gvinum -> setstate up sicuro.p0.s0
>> gvinum: cannot set subdisk state
>>
>> gvinum -> setstate up sicuro.p1.s0
>> gvinum: cannot set subdisk state
>>
>> sicuro is the name of volume in mirror, while veloce is in stripping.
>>
>> How can I change stale status to up on those subdisks?
>
> If it's a mirror you should run "start <volume>" to let it synchronize.

'setstate' is not the same as 'start'.  It's an emergency function to
manipulate the state without going through the normal procedures.  For
example, if you know that the plex currently marked 'up' is in fact
corrupt, and the plex currently marked 'down' contains the correct
data, you don't want to run start.

Greg
--
See complete headers for address and phone numbers.

--k6SrlR5F+BMzH45x
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFD6TI1IubykFB6QiMRAncGAKCJw3dza1i7Z7nnrw9SGGPo2kICNQCeMPxd
dF/4roqjTl1o+CwI/WeiaEE=
=Xzon
-----END PGP SIGNATURE-----

--k6SrlR5F+BMzH45x--

From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 00:21:11 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF9CE16A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 00:21:11 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6D85043D48
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 00:21:10 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6d4y-0003zj-NO
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 01:21:04 +0100
Received: from 69-0-124-83.dsl.3u.net ([83.124.0.69])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 01:21:04 +0100
Received: from christian.baer by 69-0-124-83.dsl.3u.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 01:21:04 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 01:20:00 +0100 (CET)
Organization: Convenimus Projekt
Lines: 15
Message-ID: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 69-0-124-83.dsl.3u.net
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 00:21:12 -0000

Hi folks!

This question may seem a little strange, but don't hit me yet. :-)

I was just sitting here wanting to set up a new GELI-device when it
struck me: What should I encrypt exactly. If I were to use GBDE, the
usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI
suggests to encrypt all of ad2. I guess I could partition the
pseudo-device then. Would I get something like ad2.gelis1d?

Does this have any advantages oder just encrypting the partition and if
so how important are these?

Cheers!
Chris


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 06:03:52 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 506D016A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 06:03:52 +0000 (GMT)
	(envelope-from chris@haakonia.hitnet.rwth-aachen.de)
Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE
	[134.130.3.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 363AD43D49
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 06:03:50 +0000 (GMT)
	(envelope-from chris@haakonia.hitnet.rwth-aachen.de)
Received: from circe (circe.rz.RWTH-Aachen.DE [134.130.3.36])
	by ms-dienst.rz.rwth-aachen.de
	(iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004))
	with ESMTP id <0IUC00KKNU6D4N@ms-dienst.rz.rwth-aachen.de> for
	freebsd-geom@freebsd.org; Wed, 08 Feb 2006 07:03:49 +0100 (MET)
Received: from talos.rz.RWTH-Aachen.DE ([134.130.3.22])
	by circe (MailMonitor for SMTP v1.2.2 ) ;
	Wed, 08 Feb 2006 07:03:48 +0100 (MET)
Received: from bigboss.hitnet.rwth-aachen.de
	(bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2])	by
	smarthost.rwth-aachen.de
	(8.13.1/8.13.1/1) with ESMTP id k1863lq3023783;
	Wed, 08 Feb 2006 07:03:47 +0100
Received: from haakonia.hitnet.rwth-aachen.de ([137.226.181.92])
	by bigboss.hitnet.rwth-aachen.de with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32)	(Exim 4.50)	id 1F6iQe-0003mf-GR;
	Wed, 08 Feb 2006 07:03:48 +0100
Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001)
	id 59A083F429; Wed, 08 Feb 2006 07:03:48 +0100 (CET)
Date: Wed, 08 Feb 2006 07:03:48 +0100
From: Christian Brueffer <chris@unixpages.org>
In-reply-to: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-id: <20060208060348.GB1729@haakonia.hitnet.RWTH-Aachen.DE>
MIME-version: 1.0
Content-type: multipart/signed; boundary=jho1yZJdad60DJr+;
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-disposition: inline
User-Agent: Mutt/1.5.11
X-Operating-System: FreeBSD 6.0-STABLE
X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc
X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
Cc: freebsd-geom@freebsd.org
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 06:03:52 -0000


--jho1yZJdad60DJr+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 08, 2006 at 01:20:00AM +0100, Christian Baer wrote:
> Hi folks!
>=20
> This question may seem a little strange, but don't hit me yet. :-)
>=20
> I was just sitting here wanting to set up a new GELI-device when it
> struck me: What should I encrypt exactly. If I were to use GBDE, the
> usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI
> suggests to encrypt all of ad2. I guess I could partition the
> pseudo-device then. Would I get something like ad2.gelis1d?
>=20
> Does this have any advantages oder just encrypting the partition and if
> so how important are these?
>=20

You'll probably find the following talk interesting, which was given at
EuroBSDCon and CCC last year:

https://events.ccc.de/congress/2005/fahrplan/events/1139.en.html

There's a link to the paper on that site as well.

- Christian

--=20
Christian Brueffer	chris@unixpages.org	brueffer@FreeBSD.org
GPG Key:	 http://people.freebsd.org/~brueffer/brueffer.key.asc
GPG Fingerprint: A5C8 2099 19FF AACA F41B  B29B 6C76 178C A0ED 982D

--jho1yZJdad60DJr+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD6YnEbHYXjKDtmC0RAiQDAJ4050Irk54foOOAB6e9FvkQrzV3OACgovJJ
ielpfuHcmnZkCkUhwNyIH44=
=hTI3
-----END PGP SIGNATURE-----

--jho1yZJdad60DJr+--


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 07:58:48 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6972716A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 07:58:48 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CE72043D49
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 07:58:47 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id B5CE250D3B; Wed,  8 Feb 2006 08:58:45 +0100 (CET)
Received: from localhost (pjd.wheel.pl [10.0.1.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id 6133850B72;
	Wed,  8 Feb 2006 08:58:39 +0100 (CET)
Date: Wed, 8 Feb 2006 08:58:25 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-ID: <20060208075825.GA11037@garage.freebsd.pl>
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3"
Content-Disposition: inline
In-Reply-To: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng/devel-r535 (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 
	autolearn=ham version=3.0.4
Cc: freebsd-geom@freebsd.org
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 07:58:48 -0000


--BOKacYhQ+x31HxR3
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 08, 2006 at 01:20:00AM +0100, Christian Baer wrote:
+> Hi folks!
+>=20
+> This question may seem a little strange, but don't hit me yet. :-)
+>=20
+> I was just sitting here wanting to set up a new GELI-device when it
+> struck me: What should I encrypt exactly. If I were to use GBDE, the
+> usual concept is to encrpyt (only?) the actual partition ad2s1d. GELI
+> suggests to encrypt all of ad2. I guess I could partition the
+> pseudo-device then. Would I get something like ad2.gelis1d?
+>=20
+> Does this have any advantages oder just encrypting the partition and if
+> so how important are these?

GELI, just like GBDE or any other GEOM class can work on _any_ GEOM
provider (disk, slice, partition, mirror, etc.).

Because this is the second such question I'm seeing, I'll probably add a
note to the manual page.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--BOKacYhQ+x31HxR3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD6aShForvXbEpPzQRAnzrAJ9ym1wk+s3uejCXLGnnFS/g2/4zfACg00S5
HbUjGfDRaEUKwrux7iLDumI=
=yRoi
-----END PGP SIGNATURE-----

--BOKacYhQ+x31HxR3--

From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 12:22:32 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 441E816A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:22:32 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C837243D45
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:22:31 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6oKu-0002Vp-KF
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 13:22:16 +0100
Received: from 126-9-124-83.dsl.3u.net ([83.124.9.126])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 13:22:16 +0100
Received: from christian.baer by 126-9-124-83.dsl.3u.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 13:22:16 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 13:17:02 +0100 (CET)
Organization: Convenimus Projekt
Lines: 18
Message-ID: <dscnfu$fd5$1@nermal.rz1.convenimus.net>
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
	<20060208075825.GA11037@garage.freebsd.pl>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 126-9-124-83.dsl.3u.net
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 12:22:32 -0000

On Wed, 8 Feb 2006 08:58:25 +0100 Pawel Jakub Dawidek wrote:

> GELI, just like GBDE or any other GEOM class can work on _any_ GEOM
> provider (disk, slice, partition, mirror, etc.).

Actually, I knew that it *could* work on any provider. I did read the
manpage. :-) What I wanted to know is where I *should* make it work on.
Basicly speaking, I'm not sure if I like the idea of the partition table
being encrypted too because the risk of losing data seems to be higher
this way. Or am I just paranoid?

> Because this is the second such question I'm seeing, I'll probably add a
> note to the manual page.

More info in the manpage ist always positive. :-)

Cheers!
Chris


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 12:25:18 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E20116A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:25:18 +0000 (GMT)
	(envelope-from anderson@centtech.com)
Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0530443D49
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:25:17 +0000 (GMT)
	(envelope-from anderson@centtech.com)
Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220])
	by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id k18CPHNw090982;
	Wed, 8 Feb 2006 06:25:17 -0600 (CST)
	(envelope-from anderson@centtech.com)
Message-ID: <43E9E32D.6090605@centtech.com>
Date: Wed, 08 Feb 2006 06:25:17 -0600
From: Eric Anderson <anderson@centtech.com>
User-Agent: Thunderbird 1.5 (X11/20060112)
MIME-Version: 1.0
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>	<20060208075825.GA11037@garage.freebsd.pl>
	<dscnfu$fd5$1@nermal.rz1.convenimus.net>
In-Reply-To: <dscnfu$fd5$1@nermal.rz1.convenimus.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.87.1/1280/Tue Feb 7 04:11:53 2006 on mh2.centtech.com
X-Virus-Status: Clean
Cc: freebsd-geom@freebsd.org
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 12:25:18 -0000

Christian Baer wrote:
> On Wed, 8 Feb 2006 08:58:25 +0100 Pawel Jakub Dawidek wrote:
>
>   
>> GELI, just like GBDE or any other GEOM class can work on _any_ GEOM
>> provider (disk, slice, partition, mirror, etc.).
>>     
>
> Actually, I knew that it *could* work on any provider. I did read the
> manpage. :-) What I wanted to know is where I *should* make it work on.
> Basicly speaking, I'm not sure if I like the idea of the partition table
> being encrypted too because the risk of losing data seems to be higher
> this way. Or am I just paranoid?
>   


Why would the risk of losing data be higher?


Eric



-- 
------------------------------------------------------------------------
Eric Anderson        Sr. Systems Administrator        Centaur Technology
Anything that works is better than anything that doesn't.
------------------------------------------------------------------------


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 12:33:31 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2315616A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:33:31 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9F4E043D48
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 12:33:30 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6oV8-0004jf-QH
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 13:32:50 +0100
Received: from 126-9-124-83.dsl.3u.net ([83.124.9.126])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 13:32:50 +0100
Received: from christian.baer by 126-9-124-83.dsl.3u.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 13:32:50 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 13:27:33 +0100 (CET)
Organization: Convenimus Projekt
Lines: 15
Message-ID: <dsco3l$fd5$2@nermal.rz1.convenimus.net>
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
	<20060208060348.GB1729@haakonia.hitnet.RWTH-Aachen.DE>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 126-9-124-83.dsl.3u.net
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 12:33:31 -0000

On Wed, 08 Feb 2006 07:03:48 +0100 Christian Brueffer wrote:

> You'll probably find the following talk interesting, which was given
> at EuroBSDCon and CCC last year:

Indeed I do! Not sure if it answers my question (yet), but I have
bookmarked the page and will hopefully read it during today. I still
have some stuff to do concerning ata(4), but I should have some time to
work through it.

Thanks very much!

Regards
Chris



From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 14:45:59 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 02CB016A446
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 14:45:59 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C00643D53
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 14:45:57 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6qX9-0002BQ-U2
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 15:43:04 +0100
Received: from 87.193.38.20 ([87.193.38.20])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 15:43:03 +0100
Received: from christian.baer by 87.193.38.20 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 15:43:03 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 15:40:59 +0100 (CET)
Organization: Convenimus Projekt
Lines: 30
Message-ID: <dscvtr$fd5$3@nermal.rz1.convenimus.net>
References: <dsbdfg$c1t$1@nermal.rz1.convenimus.net>
	<20060208075825.GA11037@garage.freebsd.pl>
	<dscnfu$fd5$1@nermal.rz1.convenimus.net>
	<43E9E32D.6090605@centtech.com>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 87.193.38.20
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: GELI -> What to encrypt?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 14:45:59 -0000

On Wed, 08 Feb 2006 06:25:17 -0600 Eric Anderson wrote:

> Why would the risk of losing data be higher?

I've looked into the specs a bit and I have to take that one back - the
question, that is. :-)

GBDE seems to pose a slight risk of corrupting the data on a disc if
there is a power-out at the "wrong" time. Corrupting a file system
usually is annoying but most of the data can be salvaged. If the
partition table is broken things can be a little worse. But in any case
this problem only seems to apply if the power out accurs while the
partition table is being written. The chances of that happening are
(considering my usual luck) nearly 100%. :-)

Ok, but back to the actual issue, which I haven't addressed too clearly.
I just read the stuff I've written in this thread and therefore I can
tell. :-)

I am planning on encrypting an entire disc. This disc is to have one big
partition covering basicly the whole disc. Is there any advantage to be
gained by encrypting all of ad2 rather than "just" ad2s1d? As far as I
can tell right now, the only thing not encrypted in the latter case
would be the partition table. All the data stored on the drive would be
encrypted. The advantage of encrypting just ad2s1d would be a higher
compatibility to some degree, like being able to partition the drive
with sysinstall.

Regards
Chris


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 20:01:38 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 79B7616A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 20:01:38 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0FAE343D4C
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 20:01:37 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6vVD-0001UI-A8
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 21:01:23 +0100
Received: from 87.193.38.20 ([87.193.38.20])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 21:01:23 +0100
Received: from christian.baer by 87.193.38.20 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 21:01:23 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 20:56:27 +0100 (CET)
Organization: Convenimus Projekt
Lines: 9
Message-ID: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 87.193.38.20
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 20:01:38 -0000

Hi folks!

Is there some way to make GELI do the same this as GBDE does when the -p
(small 'p') is used? The idea is to run GELI in a script, ask for the
passphrase once and then attach, check and mount several providers with
the same passphrase automatically.

Regards
Chris


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 20:19:18 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 78F1E16A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 20:19:18 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8777E43D45
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 20:19:16 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 1247F50B87; Wed,  8 Feb 2006 21:19:15 +0100 (CET)
Received: from localhost (dkz165.neoplus.adsl.tpnet.pl [83.24.29.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id F23AC50A16;
	Wed,  8 Feb 2006 21:19:07 +0100 (CET)
Date: Wed, 8 Feb 2006 21:18:53 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-ID: <20060208201852.GA732@garage.freebsd.pl>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF"
Content-Disposition: inline
In-Reply-To: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng/devel-r535 (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL,
	RCVD_IN_SORBS_DUL autolearn=no version=3.0.4
Cc: freebsd-geom@freebsd.org
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 20:19:18 -0000


--3MwIy2ne0vdjdPXF
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 08, 2006 at 08:56:27PM +0100, Christian Baer wrote:
+> Hi folks!
+>=20
+> Is there some way to make GELI do the same this as GBDE does when the -p
+> (small 'p') is used? The idea is to run GELI in a script, ask for the
+> passphrase once and then attach, check and mount several providers with
+> the same passphrase automatically.

The '-p' option is gbde(8) is actually only for debug purposes, as other
users can see it in ps(1) output (if not configured otherwise) and the
passphrase will be logged via audit mechanism which is currenty merged
to the tree.

What you want to use is '-k' option.
If you really know what you're doing you can do something like this:

#!/bin/sh

stty -echo
read -p "Enter passphrase: " passphrase
stty echo
echo "${passphrase}" | geli attach -k - da0
echo "${passphrase}" | geli attach -k - da1
echo "${passphrase}" | geli attach -k - da2

I suggest not to use the same passphrase for all providers.
You can always do something like:

pass_da0=3D`echo "0${passphrase}0" | sha256`
pass_da1=3D`echo "1${passphrase}1" | sha256`
pass_da2=3D`echo "2${passphrase}2" | sha256`

echo "${pass_da0}" | geli attach -k - da0
echo "${pass_da1}" | geli attach -k - da1
echo "${pass_da2}" | geli attach -k - da2

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--3MwIy2ne0vdjdPXF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD6lIsForvXbEpPzQRAs4AAKDVCG7sherFzknJTtt45dSy1R2wsgCfTuk3
kEYRGfUUZ0aj5Pl9fRPa3dk=
=iiic
-----END PGP SIGNATURE-----

--3MwIy2ne0vdjdPXF--

From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 22:01:37 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB70A16A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 22:01:37 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 505F543D46
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 22:01:37 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6xNE-000116-11
	for freebsd-geom@freebsd.org; Wed, 08 Feb 2006 23:01:16 +0100
Received: from 87.193.38.20 ([87.193.38.20])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 23:01:15 +0100
Received: from christian.baer by 87.193.38.20 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Wed, 08 Feb 2006 23:01:15 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Wed, 8 Feb 2006 22:51:09 +0100 (CET)
Organization: Convenimus Projekt
Lines: 38
Message-ID: <dsdp4d$gf7$2@nermal.rz1.convenimus.net>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
	<20060208201852.GA732@garage.freebsd.pl>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 87.193.38.20
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 22:01:38 -0000

On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote:

> The '-p' option is gbde(8) is actually only for debug purposes, as other
> users can see it in ps(1) output (if not configured otherwise) and the
> passphrase will be logged via audit mechanism which is currenty merged
> to the tree.

Oops! Doesn't sound to productive if security is an issue. :-)

> What you want to use is '-k' option.
> If you really know what you're doing you can do something like this:

Hmm, I thought the keyfile and the passphrase were treated differently.
Does that mean they are exchangeable, i.e. if I init the provider with a
passphrase I can attach it with a keyfile of the same content as the
passphrase?

> I suggest not to use the same passphrase for all providers.
> You can always do something like:
>
> pass_da0=3D`echo "0${passphrase}0" | sha256`
> pass_da1=3D`echo "1${passphrase}1" | sha256`
> pass_da2=3D`echo "2${passphrase}2" | sha256`

For that to be of any real good[1], the script would have to be on an
encrypted provider - preferably with a *completely* different passphrase
(and as a result a completely different key) itself. But if the attacker
can analyse this script, then a brute forcing the ${passphrase} will grant
access to all providers.

Or am I missing the point here completely?

Regards
Chris

[1] I assume you are trying to prevent that if a brute force attack at
the passphrase works for ad0, the attacker will have the passphrase for
the other providers too.


From owner-freebsd-geom@FreeBSD.ORG  Wed Feb  8 22:47:11 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9362916A420
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 22:47:11 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E332143D46
	for <freebsd-geom@freebsd.org>; Wed,  8 Feb 2006 22:47:10 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id BD1BF50B87; Wed,  8 Feb 2006 23:47:08 +0100 (CET)
Received: from localhost (dkq125.neoplus.adsl.tpnet.pl [83.24.20.125])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id DF47250A16;
	Wed,  8 Feb 2006 23:47:00 +0100 (CET)
Date: Wed, 8 Feb 2006 23:46:45 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-ID: <20060208224645.GF732@garage.freebsd.pl>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
	<20060208201852.GA732@garage.freebsd.pl>
	<dsdp4d$gf7$2@nermal.rz1.convenimus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="3yNHWXBV/QO9xKNm"
Content-Disposition: inline
In-Reply-To: <dsdp4d$gf7$2@nermal.rz1.convenimus.net>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng/devel-r535 (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL,
	RCVD_IN_SORBS_DUL autolearn=no version=3.0.4
Cc: freebsd-geom@freebsd.org
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2006 22:47:11 -0000


--3yNHWXBV/QO9xKNm
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 08, 2006 at 10:51:09PM +0100, Christian Baer wrote:
+> On Wed, 8 Feb 2006 21:18:53 +0100 Pawel Jakub Dawidek wrote:
+> > What you want to use is '-k' option.
+> > If you really know what you're doing you can do something like this:
+>=20
+> Hmm, I thought the keyfile and the passphrase were treated differently.
+> Does that mean they are exchangeable, i.e. if I init the provider with a
+> passphrase I can attach it with a keyfile of the same content as the
+> passphrase?

No, but you may pass 'keyfile' through standard input, so it can be
anything.
You must know, that for keyfiles PKCS#5v2 won't be used nor additional
salt.

+> > I suggest not to use the same passphrase for all providers.
+> > You can always do something like:
+> >
+> > pass_da0=3D3D`echo "0${passphrase}0" | sha256`
+> > pass_da1=3D3D`echo "1${passphrase}1" | sha256`
+> > pass_da2=3D3D`echo "2${passphrase}2" | sha256`
+>=20
+> For that to be of any real good[1], the script would have to be on an
+> encrypted provider - preferably with a *completely* different passphrase
+> (and as a result a completely different key) itself. But if the attacker
+> can analyse this script, then a brute forcing the ${passphrase} will gra=
nt
+> access to all providers.
+>=20
+> Or am I missing the point here completely?

This is not to prevent brute force attack, it's just better no to use
the same key. Actually here it is not so important as it is only used
for Master-Key encryption which is random.

Anyway, in my opnion this is the list from the safest to the most unsafe
configuration list:
1. Different passphrase for every provider.
2. Different key for every provider derived from the same passphrase.
3. One passphrase for every provider.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--3yNHWXBV/QO9xKNm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD6nTVForvXbEpPzQRAmZ/AKCXqcPhQV5hFgwSiRanlZT+BrWh/QCfQk33
eg9VydgnJ+S3OBuQCr/Aw/0=
=bBz2
-----END PGP SIGNATURE-----

--3yNHWXBV/QO9xKNm--

From owner-freebsd-geom@FreeBSD.ORG  Thu Feb  9 00:41:07 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0B32416A420
	for <freebsd-geom@freebsd.org>; Thu,  9 Feb 2006 00:41:07 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8B6E143D45
	for <freebsd-geom@freebsd.org>; Thu,  9 Feb 2006 00:41:03 +0000 (GMT)
	(envelope-from gcubfg-freebsd-geom@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1F6zrn-0000Rd-Qr
	for freebsd-geom@freebsd.org; Thu, 09 Feb 2006 01:40:59 +0100
Received: from 87.193.38.20 ([87.193.38.20])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Thu, 09 Feb 2006 01:40:59 +0100
Received: from christian.baer by 87.193.38.20 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-geom@freebsd.org>; Thu, 09 Feb 2006 01:40:59 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-geom@freebsd.org
From: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Date: Thu, 9 Feb 2006 01:36:17 +0100 (CET)
Organization: Convenimus Projekt
Lines: 30
Message-ID: <dse2q1$i5h$1@nermal.rz1.convenimus.net>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
	<20060208201852.GA732@garage.freebsd.pl>
	<dsdp4d$gf7$2@nermal.rz1.convenimus.net>
	<20060208224645.GF732@garage.freebsd.pl>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 87.193.38.20
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2006 00:41:07 -0000

On Wed, 8 Feb 2006 23:46:45 +0100 Pawel Jakub Dawidek wrote:

> No, but you may pass 'keyfile' through standard input, so it can be
> anything.
> You must know, that for keyfiles PKCS#5v2 won't be used nor additional
> salt.

So that means, if I init a provider without a keyfile but with a long
passphrase, I get the benifit of PKCS#5v2 and additional salt? That is
the way I initialized all my providers so far. Could I now use -k to
attach the providers as shown in the script?

> This is not to prevent brute force attack, it's just better no to use
> the same key. Actually here it is not so important as it is only used
> for Master-Key encryption which is random.

But as you wrote, part of the key is random and part is derived from the
passphrase. So each key *would* be different.

> Anyway, in my opnion this is the list from the safest to the most unsafe
> configuration list:
> 1. Different passphrase for every provider.
> 2. Different key for every provider derived from the same passphrase.
> 3. One passphrase for every provider.

Where is the difference between 2 and 3? Is 3 "1 passphrase and 1 key
for every provider"? Could that even be achieved?

Regards
Chris


From owner-freebsd-geom@FreeBSD.ORG  Thu Feb  9 23:53:44 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1445B16A422
	for <freebsd-geom@freebsd.org>; Thu,  9 Feb 2006 23:53:44 +0000 (GMT)
	(envelope-from alex@foxybanana.com)
Received: from atlantis.foxybanana.com (foxybanana.com [66.240.239.24])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D5D843D46
	for <freebsd-geom@freebsd.org>; Thu,  9 Feb 2006 23:53:43 +0000 (GMT)
	(envelope-from alex@foxybanana.com)
Received: from localhost (localhost [127.0.0.1])
	by atlantis.foxybanana.com (Postfix) with ESMTP id 5D78F146154
	for <freebsd-geom@freebsd.org>; Thu,  9 Feb 2006 15:53:43 -0800 (PST)
Received: from atlantis.foxybanana.com ([127.0.0.1])
	by localhost (atlantis.foxybanana.com [127.0.0.1]) (amavisd-new,
	port 10024) with LMTP id 20590-02 for <freebsd-geom@freebsd.org>;
	Thu,  9 Feb 2006 15:53:27 -0800 (PST)
Received: by atlantis.foxybanana.com (Postfix, from userid 503)
	id DC97014618B; Thu,  9 Feb 2006 15:53:27 -0800 (PST)
Date: Thu, 9 Feb 2006 15:53:27 -0800
From: Alexander Botero-Lowry <alex@foxybanana.com>
To: freebsd-geom@freebsd.org
Message-ID: <20060209235327.GA23189@atlantis.foxybanana.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
X-Virus-Scanned: amavisd-new at foxybanana.com
X-Spam-Status: No, hits=0 tagged_above=-9999 required=3 tests=[none]
X-Spam-Level: 
Subject: gmirror + ggate
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2006 23:53:44 -0000

I'm interested in setting up a fail over server with one drive that uses ggate to mount the drive from the main server and mirror it to its local drive. Something like:

server a: ad0 ad1 (mirrored)
server b: ad0 ggate0 (a ggate of the drives from server a)

ad0 and ggate0 would have a "uni-directional" mirror. So that changes on the ggate would be written to ad0 but changes to ad0 either wouldn't happen (monut ro) or would be ignored.

Is this possible?

Alex

From owner-freebsd-geom@FreeBSD.ORG  Fri Feb 10 07:04:39 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C80216A420
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 07:04:39 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: from mail.garage.freebsd.pl (arm132.internetdsl.tpnet.pl
	[83.17.198.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E63B443D48
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 07:04:37 +0000 (GMT)
	(envelope-from pjd@garage.freebsd.pl)
Received: by mail.garage.freebsd.pl (Postfix, from userid 65534)
	id 5E6A750B87; Fri, 10 Feb 2006 08:04:35 +0100 (CET)
Received: from localhost (dlt178.neoplus.adsl.tpnet.pl [83.24.49.178])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.garage.freebsd.pl (Postfix) with ESMTP id 3BC3A509F1;
	Fri, 10 Feb 2006 08:04:29 +0100 (CET)
Date: Fri, 10 Feb 2006 08:04:10 +0100
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
To: Christian Baer <christian.baer@informatik.uni-dortmund.de>
Message-ID: <20060210070410.GD3590@garage.freebsd.pl>
References: <dsdidb$gf7$1@nermal.rz1.convenimus.net>
	<20060208201852.GA732@garage.freebsd.pl>
	<dsdp4d$gf7$2@nermal.rz1.convenimus.net>
	<20060208224645.GF732@garage.freebsd.pl>
	<dse2q1$i5h$1@nermal.rz1.convenimus.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="32u276st3Jlj2kUU"
Content-Disposition: inline
In-Reply-To: <dse2q1$i5h$1@nermal.rz1.convenimus.net>
X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc
X-OS: FreeBSD 7.0-CURRENT i386
User-Agent: mutt-ng/devel-r535 (FreeBSD)
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
	mail.garage.freebsd.pl
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_00,RCVD_IN_NJABL_DUL,
	RCVD_IN_SORBS_DUL autolearn=no version=3.0.4
Cc: freebsd-geom@freebsd.org
Subject: Re: -p with GELI
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2006 07:04:39 -0000


--32u276st3Jlj2kUU
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 09, 2006 at 01:36:17AM +0100, Christian Baer wrote:
+> On Wed, 8 Feb 2006 23:46:45 +0100 Pawel Jakub Dawidek wrote:
+>=20
+> > No, but you may pass 'keyfile' through standard input, so it can be
+> > anything.
+> > You must know, that for keyfiles PKCS#5v2 won't be used nor additional
+> > salt.
+>=20
+> So that means, if I init a provider without a keyfile but with a long
+> passphrase, I get the benifit of PKCS#5v2 and additional salt? That is
+> the way I initialized all my providers so far. Could I now use -k to
+> attach the providers as shown in the script?

No. If it is already initialized you can't do it.
So still can change the key or just use expect.

+> > This is not to prevent brute force attack, it's just better no to use
+> > the same key. Actually here it is not so important as it is only used
+> > for Master-Key encryption which is random.
+>=20
+> But as you wrote, part of the key is random and part is derived from the
+> passphrase. So each key *would* be different.
+>=20
+> > Anyway, in my opnion this is the list from the safest to the most unsa=
fe
+> > configuration list:
+> > 1. Different passphrase for every provider.
+> > 2. Different key for every provider derived from the same passphrase.
+> > 3. One passphrase for every provider.
+>=20
+> Where is the difference between 2 and 3?

When one of your keys leaked (eg. by ps(1) output or any other way), an
attacker can decrypt only one disk, not three.

+> [...] Is 3 "1 passphrase and 1 key
+> for every provider"? Could that even be achieved?

Maybe I wasn't clear there. 3rd point is what you proposed: One
passphrase (the same passphrase) for all providers.

--=20
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd@FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!

--32u276st3Jlj2kUU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD7DrqForvXbEpPzQRApuSAJwKyJxQMGF5mRnq3AIviB0LoH19CACcDQJx
XDGgezF7Ik+1vBiPLwdI8Bo=
=NlcV
-----END PGP SIGNATURE-----

--32u276st3Jlj2kUU--

From owner-freebsd-geom@FreeBSD.ORG  Fri Feb 10 14:15:20 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B23BF16A420
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 14:15:20 +0000 (GMT)
	(envelope-from ivoras@fer.hr)
Received: from pinus.cc.fer.hr (pinus.cc.fer.hr [161.53.73.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC4443D46
	for <freebsd-geom@freebsd.org>; Fri, 10 Feb 2006 14:15:19 +0000 (GMT)
	(envelope-from ivoras@fer.hr)
Received: from [161.53.72.99] (abyss.cc.fer.hr [161.53.72.99])
	by pinus.cc.fer.hr (8.12.2/8.12.2) with ESMTP id k1AEF5Fx024260;
	Fri, 10 Feb 2006 15:15:06 +0100 (MET)
Message-ID: <43EC9FEE.1080804@fer.hr>
Date: Fri, 10 Feb 2006 15:15:10 +0100
From: Ivan Voras <ivoras@fer.hr>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Alexander Botero-Lowry <alex@foxybanana.com>
References: <20060209235327.GA23189@atlantis.foxybanana.com>
In-Reply-To: <20060209235327.GA23189@atlantis.foxybanana.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-geom@freebsd.org
Subject: Re: gmirror + ggate
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2006 14:15:20 -0000

Alexander Botero-Lowry wrote:
> I'm interested in setting up a fail over server with one drive that uses ggate to mount the drive from the main server and mirror it to its local drive. Something like:
> 
> server a: ad0 ad1 (mirrored)
> server b: ad0 ggate0 (a ggate of the drives from server a)
> 
> ad0 and ggate0 would have a "uni-directional" mirror. So that changes on the ggate would be written to ad0 but changes to ad0 either wouldn't happen (monut ro) or would be ignored.
> 
> Is this possible?

It depends on do you want to mount the copy/mirror or not, and of 
reliability of your network. Read this entire thread: 
http://docs.freebsd.org/cgi/mid.cgi?43D97268.2030700

From owner-freebsd-geom@FreeBSD.ORG  Sat Feb 11 15:05:51 2006
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
X-Original-To: freebsd-geom@freebsd.org
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9584016A420
	for <freebsd-geom@freebsd.org>; Sat, 11 Feb 2006 15:05:51 +0000 (GMT)
	(envelope-from elessar@bsdforen.de)
Received: from postfix.bsdforen.de (bsdforen.de [212.204.60.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AA1D943D45
	for <freebsd-geom@freebsd.org>; Sat, 11 Feb 2006 15:05:50 +0000 (GMT)
	(envelope-from elessar@bsdforen.de)
Received: by postfix.bsdforen.de (Postfix, from userid 20000)
	id E4E17684A27; Sat, 11 Feb 2006 16:05:48 +0100 (CET)
Received: from localhost (postfix [127.0.0.3])
	by postfix.bsdforen.de (Postfix) with ESMTP id 2C0CE684A25
	for <freebsd-geom@freebsd.org>; Sat, 11 Feb 2006 16:05:48 +0100 (CET)
Received: from postfix.bsdforen.de ([127.0.0.3])
	by localhost (postfix.bsdforen.de [127.0.0.3]) (amavisd-new, port 10024)
	with LMTP id 20423-13 for <freebsd-geom@freebsd.org>;
	Sat, 11 Feb 2006 16:05:47 +0100 (CET)
Received: from loki (p549CD420.dip.t-dialin.net [84.156.212.32])
	by postfix.bsdforen.de (Postfix) with ESMTP id 20954684A24
	for <freebsd-geom@freebsd.org>; Sat, 11 Feb 2006 16:05:43 +0100 (CET)
Date: Sat, 11 Feb 2006 16:04:38 +0100
From: Joerg Pernfuss <elessar@bsdforen.de>
To: freebsd-geom@freebsd.org
Message-ID: <20060211160438.44085869@loki>
X-Mailer: Sylpheed-Claws 1.9.100 (GTK+ 2.8.9; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=Sig_1Dp9GXe__WD6qZOPmxWUbXt;
	protocol="application/pgp-signature"; micalg=PGP-SHA1
X-Virus-Scanned: amavisd-new at bsdforen.de
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 0.9997
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 43edfd4c317975344110888
X-DSPAM-User: global
Subject: geom_label and devd interaction
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2006 15:05:51 -0000

--Sig_1Dp9GXe__WD6qZOPmxWUbXt
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable


Hi,

I use geom_label for my various usb sticks, cf cards etc and try
to create some sort of automount functionality using the filesystem
labels.

For example:
	umass0: USBest Technology USB Mass Storage Device, rev 2.00/1.00, addr 2
	da0 at umass-sim0 bus 0 target 0 lun 0
	da0: <256MB USB2.0FlashDrive A4> Removable Direct Access SCSI-2 device=20
	da0: 1.000MB/s transfers
	da0: 250MB (512000 512 byte sectors: 64H 32S/T 250C)
	GEOM_LABEL: Label for provider da0s1 is msdosfs/USBSTICK01.
	GEOM_LABEL: Label for provider da0s2 is ufs/usbstick01.

This then gets mangled by devfs.rules:
	add path ufs/usbstick01 mode 0600 user elessar group operator
	add path msdosfs/USBSTICK01 mode 0600 user elessar group operator

So far, so good. At this point I'd like devd to honour this rules:
	attach 150 {
        	device-name "ufs/usbstick01";
		# device-name "usbstick01";
        	action "su elessar -c 'mount /dev/ufs/usbstick01 \
			/home/elessar/mnt/usbstick01/ufs/'";
	};
	attach 150 {
        	device-name "msdosfs/USBSTICK01";
		# device-name "USBSTICK01";
        	action "su elessar -c 'mount_msdosfs /dev/msdosfs/USBSTICK01 \
			/home/elessar/mnt/usbstick01/msdosfs/'";
	};

But, so far, I can't coerce devd into honouring this part of his
configuration.

Am I missing something or doesn't geom_label create events that are
monitored by devd?

Thanks for any help.
	Joerg


--=20
| /"\   ASCII ribbon   |  GnuPG Key ID | e86d b753 3deb e749 6c3a |
| \ / campaign against |    0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
|  X    HTML in email  |  Now featuring a brand new GPG-Key!      |
| / \     and news     |  Please update your keyring.             |

--Sig_1Dp9GXe__WD6qZOPmxWUbXt
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD7f0QH31s/bvKrSQRAtsgAJ96+3CZmdtfFqCKntS75dlkncP3BQCeJHwf
O2UGh9l2B0SFKzcvE25V5QY=
=XJ6j
-----END PGP SIGNATURE-----

--Sig_1Dp9GXe__WD6qZOPmxWUbXt--