Date: Mon, 17 Oct 2011 15:29:45 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Garrett Cooper <yanegomi@gmail.com> Cc: Xin LI <delphij@gmail.com>, freebsd-geom@freebsd.org Subject: Re: GELI devices produced with 9.0+ fail when mounted on 8.2, etc? Message-ID: <20111017132945.GG1679@garage.freebsd.pl> In-Reply-To: <EDE63E3A-A2BF-4422-B0F5-8DB4AFE5B573@gmail.com> References: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com> <CAGMYy3tX=Xr1k%2B=7FqV5=Ddooopodtmv1hG=zy5G2Ye5KCuO_Q@mail.gmail.com> <7EC93C28-6405-443F-92C6-0291F8D88995@gmail.com> <CAGMYy3veJQ-pBg1BuAZyH3rvMxEaFQOYPTJYgWPteohw-HE%2BuA@mail.gmail.com> <EDE63E3A-A2BF-4422-B0F5-8DB4AFE5B573@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--rWhLK7VZz0iBluhq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 16, 2011 at 11:36:29PM -0700, Garrett Cooper wrote: > On Oct 16, 2011, at 7:51 PM, Xin LI wrote: > > Backward compatibility is that you can expect what's working in an > > older version of FreeBSD would just work on a newer version of > > FreeBSD, not the contrary. >=20 > Perhaps, but the fact that this behavior / set of expectations isn't cle= arly called out in the geli manpage -- and the fact that there isn't offici= al versioning (or at the very least this isn't made a requirement based on = the output above) associated with each metadata format is a fault that shou= ld be corrected. Otherwise, how can GELI be considered a viable mechanism f= or encrypting data across multiple versions of FreeBSD? It seems very short= sighted that there isn't at least a mechanism for reading -- or at least re= jecting -- later versions of metadata in an intuitive manner. > FWIW if you use geli from an earlier version of FreeBSD (hint: chroot, j= ail), it does the right thing.. which means that I have a means for produci= ng encrypted images on later versions of FreeBSD now. Nevertheless, having = to do so in such a roundabout manner is annoying and I'm sure I won't be th= e only one that will be affected by this. Thanks Garrett for your comments. As Xin pointed out, GELI is not forward compatible, but is backwards compatible (GELI device initialized on FreeBSD 8.x will work on 9.x, but this may not be true the other way around). I fully agree that the error should be clear on what exactly is wrong and this should be easy to fix. As for creating forward compatible GELI devices I think the right thing to do here is to: 1. Add '-V version' option for 'geli init' subcommand that will allow to specify metadata version number to use for device initialization. 2. Add 'geli upgrade [-V <version>] [prov ...]' subcommand that will allow to upgrade the given device to the given metadata version (only to version greater than the current version). If only providers are given, but -V is not given, metadata of the given providers would be upgraded to the latest version support by the system. Would be nice if backup file could be also upgraded. If 'geli upgrade' is executed with no arguments a list of supported metadata versions with some short description and ideally FreeBSD versions that can run the given GELI version will be printed. 3. Print metadata version in 'geli list' output. Would that work for you? --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --rWhLK7VZz0iBluhq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk6cLckACgkQForvXbEpPzTQpACdEZTLcEsWBFEcm32jT61HcjYx ZpcAoKCHN594pe6KTPEWzS7AXtBfc+2L =VzHS -----END PGP SIGNATURE----- --rWhLK7VZz0iBluhq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111017132945.GG1679>