From owner-cvs-src@FreeBSD.ORG Fri Aug 29 18:16:13 2008 Return-Path: Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B25C2106567B; Fri, 29 Aug 2008 18:16:13 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 982B88FC18; Fri, 29 Aug 2008 18:16:13 +0000 (UTC) (envelope-from pjd@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7TIGDTf067107; Fri, 29 Aug 2008 18:16:13 GMT (envelope-from pjd@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7TIGDex067106; Fri, 29 Aug 2008 18:16:13 GMT (envelope-from pjd@repoman.freebsd.org) Message-Id: <200808291816.m7TIGDex067106@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to pjd@repoman.freebsd.org using -f From: Pawel Jakub Dawidek Date: Fri, 29 Aug 2008 18:10:18 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/sbin/geom/class/eli geli.8 geom_eli.c src/tools/regression/geom_eli attach-d.t configure-b-B.t delkey.t detach-l.t init-B.t init-a.t init-i-P.t init.t integrity-copy.t integrity-data.t integrity-hmac.t kill.t nokey.t readonly.t ... X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Aug 2008 18:16:13 -0000 pjd 2008-08-29 18:10:18 UTC FreeBSD src repository Modified files: sbin/geom/class/eli geli.8 geom_eli.c tools/regression/geom_eli attach-d.t configure-b-B.t delkey.t detach-l.t init-a.t init-i-P.t init.t integrity-copy.t integrity-data.t integrity-hmac.t kill.t nokey.t readonly.t setkey.t Added files: tools/regression/geom_eli init-B.t Log: SVN rev 182452 on 2008-08-29 18:10:18Z by pjd By default backup geli metadata to a file. It is quite critical 512 bytes, once it is lost, all data is gone. Option '-B none' can by used to prevent backup. Option '-B path' can be used to backup metadata to a different file than the default, which is /var/backups/.eli. The 'geli init' command also prints backup file location and gives short procedure how to restore metadata. The 'geli setkey' command now warns that even after passphrase change or keys update there could be version of the master key encrypted with old keys/passphrase in the backup file. Add regression tests to verify that new functionality works as expected. Update other regression tests so they don't create backup files. Reviewed by: keramida, rink Dedicated to: a friend who lost 400GB of his live by accidentally overwritting geli metadata MFC after: 2 weeks Revision Changes Path 1.25 +42 -2 src/sbin/geom/class/eli/geli.8 1.26 +68 -15 src/sbin/geom/class/eli/geom_eli.c 1.2 +1 -1 src/tools/regression/geom_eli/attach-d.t 1.2 +2 -2 src/tools/regression/geom_eli/configure-b-B.t 1.2 +1 -1 src/tools/regression/geom_eli/delkey.t 1.2 +1 -1 src/tools/regression/geom_eli/detach-l.t 1.1 +106 -0 src/tools/regression/geom_eli/init-B.t (new) 1.4 +1 -1 src/tools/regression/geom_eli/init-a.t 1.2 +1 -1 src/tools/regression/geom_eli/init-i-P.t 1.5 +1 -1 src/tools/regression/geom_eli/init.t 1.4 +1 -1 src/tools/regression/geom_eli/integrity-copy.t 1.4 +1 -1 src/tools/regression/geom_eli/integrity-data.t 1.4 +1 -1 src/tools/regression/geom_eli/integrity-hmac.t 1.2 +2 -2 src/tools/regression/geom_eli/kill.t 1.3 +2 -2 src/tools/regression/geom_eli/nokey.t 1.2 +1 -1 src/tools/regression/geom_eli/readonly.t 1.2 +1 -1 src/tools/regression/geom_eli/setkey.t