From owner-svn-src-all@freebsd.org Tue Jul 21 13:56:05 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57C0D35D38B for ; Tue, 21 Jul 2020 13:56:05 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.29.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BB0Vr2ByCz4fkQ; Tue, 21 Jul 2020 13:56:04 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from [84.168.159.83] (helo=fabiankeil.de) by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1jxskT-0002qr-Mt; Tue, 21 Jul 2020 15:56:01 +0200 Date: Tue, 21 Jul 2020 15:54:19 +0200 From: Fabian Keil To: Gordon Bergling Cc: svn-src-all@freebsd.org Subject: Re: svn commit: r363363 - head/lib/geom/eli Message-ID: <20200721155419.4b127dac@fabiankeil.de> In-Reply-To: <202007201324.06KDOoti077929@repo.freebsd.org> References: <202007201324.06KDOoti077929@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/uufDM63fUR4rYn8w78y2gF4"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 X-Rspamd-Queue-Id: 4BB0Vr2ByCz4fkQ X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of freebsd-listen@fabiankeil.de has no SPF policy when checking 80.67.29.24) smtp.mailfrom=freebsd-listen@fabiankeil.de X-Spamd-Result: default: False [1.06 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.06)[0.059]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[fabiankeil.de]; AUTH_NA(1.00)[]; RWL_MAILSPIKE_GOOD(0.00)[80.67.29.24:from]; RECEIVED_SPAMHAUS_PBL(0.00)[84.168.159.83:received]; NEURAL_HAM_MEDIUM(-0.06)[-0.059]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.36)[0.358]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:8972, ipnet:80.67.16.0/20, country:DE]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[80.67.29.24:from] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jul 2020 13:56:05 -0000 --Sig_/uufDM63fUR4rYn8w78y2gF4 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Gordon Bergling wrote: > Author: gbe (doc committer) > Date: Mon Jul 20 13:24:50 2020 > New Revision: 363363 > URL: https://svnweb.freebsd.org/changeset/base/363363 >=20 > Log: > geli(8): Add an example on how to use geli(8) with a file as encrypted = storage > =20 > Reviewed by: bcr (mentor) > Approved by: bcr (mentor) > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D25741 >=20 > Modified: > head/lib/geom/eli/geli.8 >=20 > Modified: head/lib/geom/eli/geli.8 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/lib/geom/eli/geli.8 Mon Jul 20 13:01:19 2020 (r363362) > +++ head/lib/geom/eli/geli.8 Mon Jul 20 13:24:50 2020 (r363363) [...] > +This key should be protected by a passphrase, which > +is requested when geli init is called. > +.Bd -literal -offset indent > +# dd if=3D/dev/random of=3D/root/private0.key bs=3D64 count=3D1 > +# geli init -K /root/private0.key -s 4096 /dev/md0 > +Enter new passphrase: > +Reenter new passphrase: > +# dd if=3D/dev/random of=3D/dev/md0.eli bs=3D1m There seems to be a "geli attach ..." missing after the "geli init ...". > +The call of geli attach will ask for the passphrase. > +It is recommended to do this procedure after the boot, because otherwise > +the boot process would be waiting for the passphrase input. > +.Bd -literal -offset indent > +# geli attach -k /root/private0.key /dev/md0 > +Enter new passphrase: The expected prompt is just "Enter passphrase:". Fabian --Sig_/uufDM63fUR4rYn8w78y2gF4 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTKUNd6H/m3+ByGULIFiohV/3dUnQUCXxbziwAKCRAFiohV/3dU nX21AKCtcqIlDd+eoKykOE48V4aWcSh2XgCfW2D1KZwA5o0goGZelVuysOlcTtI= =ybAY -----END PGP SIGNATURE----- --Sig_/uufDM63fUR4rYn8w78y2gF4--