From owner-freebsd-geom@FreeBSD.ORG  Wed Oct 19 15:30:41 2011
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DA5A2106566B;
	Wed, 19 Oct 2011 15:30:41 +0000 (UTC)
	(envelope-from yanegomi@gmail.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 7AC918FC12;
	Wed, 19 Oct 2011 15:30:41 +0000 (UTC)
Received: by vcbfo13 with SMTP id fo13so2477085vcb.13
	for <multiple recipients>; Wed, 19 Oct 2011 08:30:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=Foi9ybrZbFzJtW+NaHRqyoo0QniO2Nj022bw2y1o/PM=;
	b=ppEetFK+nVdkaFq5HaI7fmOwszWuDOBWVEVxcQbOz1ScOkt88qRGHxI7WUEuNCveDQ
	AevpZRl5Nbztw91Nv1wqngRGE4qIBiPxdGa/6Hqcg4DoFUmmT+RCGQsuLn5zQGvaAqi3
	a07So0bd1Pfk+usDmXWACA0OIxkU9Sj4drj9I=
MIME-Version: 1.0
Received: by 10.182.7.10 with SMTP id f10mr1072108oba.56.1319038240689; Wed,
	19 Oct 2011 08:30:40 -0700 (PDT)
Received: by 10.182.122.33 with HTTP; Wed, 19 Oct 2011 08:30:39 -0700 (PDT)
In-Reply-To: <CAGH67wRSVtsophbJ4cF5Y2x=5a9HHB5_SE6HqvwwyjyVtUd9oA@mail.gmail.com>
References: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com>
	<CAGMYy3tX=Xr1k+=7FqV5=Ddooopodtmv1hG=zy5G2Ye5KCuO_Q@mail.gmail.com>
	<7EC93C28-6405-443F-92C6-0291F8D88995@gmail.com>
	<CAGMYy3veJQ-pBg1BuAZyH3rvMxEaFQOYPTJYgWPteohw-HE+uA@mail.gmail.com>
	<EDE63E3A-A2BF-4422-B0F5-8DB4AFE5B573@gmail.com>
	<20111017132945.GG1679@garage.freebsd.pl>
	<CAGH67wRSVtsophbJ4cF5Y2x=5a9HHB5_SE6HqvwwyjyVtUd9oA@mail.gmail.com>
Date: Wed, 19 Oct 2011 08:30:39 -0700
Message-ID: <CAGH67wSbF7xazeX7GbHsghDCH2qiLd1ciyOBr_j=hfBW8kPxcw@mail.gmail.com>
From: Garrett Cooper <yanegomi@gmail.com>
To: Pawel Jakub Dawidek <pjd@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Xin LI <delphij@gmail.com>, freebsd-geom@freebsd.org
Subject: Re: GELI devices produced with 9.0+ fail when mounted on 8.2, etc?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2011 15:30:42 -0000

On Mon, Oct 17, 2011 at 11:29 AM, Garrett Cooper <yanegomi@gmail.com> wrote=
:
> On Mon, Oct 17, 2011 at 6:29 AM, Pawel Jakub Dawidek <pjd@freebsd.org> wr=
ote:
>> On Sun, Oct 16, 2011 at 11:36:29PM -0700, Garrett Cooper wrote:
>>> On Oct 16, 2011, at 7:51 PM, Xin LI wrote:
>>> > Backward compatibility is that you can expect what's working in an
>>> > older version of FreeBSD would just work on a newer version of
>>> > FreeBSD, not the contrary.
>>>
>>> =A0 =A0 =A0 Perhaps, but the fact that this behavior / set of expectati=
ons isn't clearly called out in the geli manpage -- and the fact that there=
 isn't official versioning (or at the very least this isn't made a requirem=
ent based on the output above) associated with each metadata format is a fa=
ult that should be corrected. Otherwise, how can GELI be considered a viabl=
e mechanism for encrypting data across multiple versions of FreeBSD? It see=
ms very shortsighted that there isn't at least a mechanism for reading -- o=
r at least rejecting -- later versions of metadata in an intuitive manner.
>>> =A0 =A0 =A0 FWIW if you use geli from an earlier version of FreeBSD (hi=
nt: chroot, jail), it does the right thing.. which means that I have a mean=
s for producing encrypted images on later versions of FreeBSD now. Neverthe=
less, having to do so in such a roundabout manner is annoying and I'm sure =
I won't be the only one that will be affected by this.
>>
>> Thanks Garrett for your comments.
>>
>> As Xin pointed out, GELI is not forward compatible, but is backwards
>> compatible (GELI device initialized on FreeBSD 8.x will work on 9.x, but
>> this may not be true the other way around).
>>
>> I fully agree that the error should be clear on what exactly is wrong
>> and this should be easy to fix.
>>
>> As for creating forward compatible GELI devices I think the right thing
>> to do here is to:
>> 1. Add '-V version' option for 'geli init' subcommand that will allow to
>> =A0 specify metadata version number to use for device initialization.
>> 2. Add 'geli upgrade [-V <version>] [prov ...]' subcommand that will
>> =A0 allow to upgrade the given device to the given metadata version (onl=
y
>> =A0 to version greater than the current version). If only providers are
>> =A0 given, but -V is not given, metadata of the given providers would be
>> =A0 upgraded to the latest version support by the system.
>> =A0 Would be nice if backup file could be also upgraded.
>> =A0 If 'geli upgrade' is executed with no arguments a list of supported
>> =A0 metadata versions with some short description and ideally FreeBSD
>> =A0 versions that can run the given GELI version will be printed.
>> 3. Print metadata version in 'geli list' output.
>
> =A0 =A0That suggestion's brilliant. All that we need now is a short blurb
> in the manpage describing when which metadata was implemented when and
> I think this will be on the right track.

Patch added for the first suggestion here:
http://www.freebsd.org/cgi/query-pr.cgi?pr=3D161807 . I'll see if I can
get around to the other two sometime before the end of the week.
Thanks,
-Garrett