From owner-freebsd-bugs@FreeBSD.ORG Thu Sep 4 03:07:14 2014 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D239F392 for ; Thu, 4 Sep 2014 03:07:14 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F3341F40 for ; Thu, 4 Sep 2014 03:07:14 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id s8437Egg073026 for ; Thu, 4 Sep 2014 03:07:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 193302] New: modifiy /etc/rc.d/geli to handle multiple providers with the same password/keyfile Date: Thu, 04 Sep 2014 03:07:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: karl@denninger.net X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2014 03:07:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193302 Bug ID: 193302 Summary: modifiy /etc/rc.d/geli to handle multiple providers with the same password/keyfile Product: Base System Version: 10.0-STABLE Hardware: Any OS: Any Status: Needs Triage Severity: Affects Some People Priority: --- Component: conf Assignee: freebsd-bugs@FreeBSD.org Reporter: karl@denninger.net Created attachment 146761 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=146761&action=edit addition to /usr/local/etc/rc.d A common configuration with ZFS filesystems (in particular) contains many volumes that are then aggregated into a pool, with ZFS filesystems associated. This leads to a requirement to type a password (if one is used) many times (potentially a dozen or more!) on a boot, as the geli script makes no attempt to get the password itself, but relies on the /sbin/geli code itself. If the providers all have the same password and keyfile (or just a password) then it would be much nicer to have to enter the password only once during system boot time, or at most twice (if root is also encrypted.) This modification of the "geli" script, named "encrypt" and placed in /usr/local/etc/rc.d, replaces the "geli" script and permits this -- it accepts the same options (for the most part) as geli does, except for the detach parameter which is not supported, asks for the password itself and then iterates over all the providers given and attempts to attach them sequentially. I modified and renamed the existing script rather than simply proposing a patch for the instance where you may want to support both the previous (one prompt per provider) and this (one prompt for a group of providers) paradigm on the same system. -- You are receiving this mail because: You are the assignee for the bug.