Date: Wed, 19 Oct 2011 08:30:39 -0700 From: Garrett Cooper <yanegomi@gmail.com> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: Xin LI <delphij@gmail.com>, freebsd-geom@freebsd.org Subject: Re: GELI devices produced with 9.0+ fail when mounted on 8.2, etc? Message-ID: <CAGH67wSbF7xazeX7GbHsghDCH2qiLd1ciyOBr_j=hfBW8kPxcw@mail.gmail.com> In-Reply-To: <CAGH67wRSVtsophbJ4cF5Y2x=5a9HHB5_SE6HqvwwyjyVtUd9oA@mail.gmail.com> References: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com> <CAGMYy3tX=Xr1k%2B=7FqV5=Ddooopodtmv1hG=zy5G2Ye5KCuO_Q@mail.gmail.com> <7EC93C28-6405-443F-92C6-0291F8D88995@gmail.com> <CAGMYy3veJQ-pBg1BuAZyH3rvMxEaFQOYPTJYgWPteohw-HE%2BuA@mail.gmail.com> <EDE63E3A-A2BF-4422-B0F5-8DB4AFE5B573@gmail.com> <20111017132945.GG1679@garage.freebsd.pl> <CAGH67wRSVtsophbJ4cF5Y2x=5a9HHB5_SE6HqvwwyjyVtUd9oA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 17, 2011 at 11:29 AM, Garrett Cooper <yanegomi@gmail.com> wrote= : > On Mon, Oct 17, 2011 at 6:29 AM, Pawel Jakub Dawidek <pjd@freebsd.org> wr= ote: >> On Sun, Oct 16, 2011 at 11:36:29PM -0700, Garrett Cooper wrote: >>> On Oct 16, 2011, at 7:51 PM, Xin LI wrote: >>> > Backward compatibility is that you can expect what's working in an >>> > older version of FreeBSD would just work on a newer version of >>> > FreeBSD, not the contrary. >>> >>> =A0 =A0 =A0 Perhaps, but the fact that this behavior / set of expectati= ons isn't clearly called out in the geli manpage -- and the fact that there= isn't official versioning (or at the very least this isn't made a requirem= ent based on the output above) associated with each metadata format is a fa= ult that should be corrected. Otherwise, how can GELI be considered a viabl= e mechanism for encrypting data across multiple versions of FreeBSD? It see= ms very shortsighted that there isn't at least a mechanism for reading -- o= r at least rejecting -- later versions of metadata in an intuitive manner. >>> =A0 =A0 =A0 FWIW if you use geli from an earlier version of FreeBSD (hi= nt: chroot, jail), it does the right thing.. which means that I have a mean= s for producing encrypted images on later versions of FreeBSD now. Neverthe= less, having to do so in such a roundabout manner is annoying and I'm sure = I won't be the only one that will be affected by this. >> >> Thanks Garrett for your comments. >> >> As Xin pointed out, GELI is not forward compatible, but is backwards >> compatible (GELI device initialized on FreeBSD 8.x will work on 9.x, but >> this may not be true the other way around). >> >> I fully agree that the error should be clear on what exactly is wrong >> and this should be easy to fix. >> >> As for creating forward compatible GELI devices I think the right thing >> to do here is to: >> 1. Add '-V version' option for 'geli init' subcommand that will allow to >> =A0 specify metadata version number to use for device initialization. >> 2. Add 'geli upgrade [-V <version>] [prov ...]' subcommand that will >> =A0 allow to upgrade the given device to the given metadata version (onl= y >> =A0 to version greater than the current version). If only providers are >> =A0 given, but -V is not given, metadata of the given providers would be >> =A0 upgraded to the latest version support by the system. >> =A0 Would be nice if backup file could be also upgraded. >> =A0 If 'geli upgrade' is executed with no arguments a list of supported >> =A0 metadata versions with some short description and ideally FreeBSD >> =A0 versions that can run the given GELI version will be printed. >> 3. Print metadata version in 'geli list' output. > > =A0 =A0That suggestion's brilliant. All that we need now is a short blurb > in the manpage describing when which metadata was implemented when and > I think this will be on the right track. Patch added for the first suggestion here: http://www.freebsd.org/cgi/query-pr.cgi?pr=3D161807 . I'll see if I can get around to the other two sometime before the end of the week. Thanks, -Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGH67wSbF7xazeX7GbHsghDCH2qiLd1ciyOBr_j=hfBW8kPxcw>