From owner-freebsd-geom@FreeBSD.ORG  Mon Oct 17 18:29:25 2011
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 38C461065670;
	Mon, 17 Oct 2011 18:29:25 +0000 (UTC)
	(envelope-from yanegomi@gmail.com)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com
	[209.85.216.54])
	by mx1.freebsd.org (Postfix) with ESMTP id D48278FC0C;
	Mon, 17 Oct 2011 18:29:24 +0000 (UTC)
Received: by qadz30 with SMTP id z30so2996522qad.13
	for <multiple recipients>; Mon, 17 Oct 2011 11:29:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	bh=8KAmkP4hORSbIX+XXKIxJtRwxS4mi8sCc4IR4k9771Q=;
	b=MBOQlbiU12TOLJnLKucP6Kuv4e3MuCMDL009+mQrhAoHC2FkDhZ+Is9M2AgfTL3ynW
	mHGLSy0N3lAQvEJfNbQ8vyFtNspeHwmy53kHZmVHUhMNbOe+C9oZpFqtILYqyWtrcfsf
	h4dIY0uOFk/0h1S69SN/bnXLq/oS0wUrjSXio=
MIME-Version: 1.0
Received: by 10.182.217.33 with SMTP id ov1mr11795751obc.26.1318876163901;
	Mon, 17 Oct 2011 11:29:23 -0700 (PDT)
Received: by 10.182.122.33 with HTTP; Mon, 17 Oct 2011 11:29:23 -0700 (PDT)
In-Reply-To: <20111017132945.GG1679@garage.freebsd.pl>
References: <924643A0-0798-4FAC-8F82-4AFBC56DC8D7@gmail.com>
	<CAGMYy3tX=Xr1k+=7FqV5=Ddooopodtmv1hG=zy5G2Ye5KCuO_Q@mail.gmail.com>
	<7EC93C28-6405-443F-92C6-0291F8D88995@gmail.com>
	<CAGMYy3veJQ-pBg1BuAZyH3rvMxEaFQOYPTJYgWPteohw-HE+uA@mail.gmail.com>
	<EDE63E3A-A2BF-4422-B0F5-8DB4AFE5B573@gmail.com>
	<20111017132945.GG1679@garage.freebsd.pl>
Date: Mon, 17 Oct 2011 11:29:23 -0700
Message-ID: <CAGH67wRSVtsophbJ4cF5Y2x=5a9HHB5_SE6HqvwwyjyVtUd9oA@mail.gmail.com>
From: Garrett Cooper <yanegomi@gmail.com>
To: Pawel Jakub Dawidek <pjd@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Xin LI <delphij@gmail.com>, freebsd-geom@freebsd.org
Subject: Re: GELI devices produced with 9.0+ fail when mounted on 8.2, etc?
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2011 18:29:25 -0000

On Mon, Oct 17, 2011 at 6:29 AM, Pawel Jakub Dawidek <pjd@freebsd.org> wrot=
e:
> On Sun, Oct 16, 2011 at 11:36:29PM -0700, Garrett Cooper wrote:
>> On Oct 16, 2011, at 7:51 PM, Xin LI wrote:
>> > Backward compatibility is that you can expect what's working in an
>> > older version of FreeBSD would just work on a newer version of
>> > FreeBSD, not the contrary.
>>
>> =A0 =A0 =A0 Perhaps, but the fact that this behavior / set of expectatio=
ns isn't clearly called out in the geli manpage -- and the fact that there =
isn't official versioning (or at the very least this isn't made a requireme=
nt based on the output above) associated with each metadata format is a fau=
lt that should be corrected. Otherwise, how can GELI be considered a viable=
 mechanism for encrypting data across multiple versions of FreeBSD? It seem=
s very shortsighted that there isn't at least a mechanism for reading -- or=
 at least rejecting -- later versions of metadata in an intuitive manner.
>> =A0 =A0 =A0 FWIW if you use geli from an earlier version of FreeBSD (hin=
t: chroot, jail), it does the right thing.. which means that I have a means=
 for producing encrypted images on later versions of FreeBSD now. Neverthel=
ess, having to do so in such a roundabout manner is annoying and I'm sure I=
 won't be the only one that will be affected by this.
>
> Thanks Garrett for your comments.
>
> As Xin pointed out, GELI is not forward compatible, but is backwards
> compatible (GELI device initialized on FreeBSD 8.x will work on 9.x, but
> this may not be true the other way around).
>
> I fully agree that the error should be clear on what exactly is wrong
> and this should be easy to fix.
>
> As for creating forward compatible GELI devices I think the right thing
> to do here is to:
> 1. Add '-V version' option for 'geli init' subcommand that will allow to
> =A0 specify metadata version number to use for device initialization.
> 2. Add 'geli upgrade [-V <version>] [prov ...]' subcommand that will
> =A0 allow to upgrade the given device to the given metadata version (only
> =A0 to version greater than the current version). If only providers are
> =A0 given, but -V is not given, metadata of the given providers would be
> =A0 upgraded to the latest version support by the system.
> =A0 Would be nice if backup file could be also upgraded.
> =A0 If 'geli upgrade' is executed with no arguments a list of supported
> =A0 metadata versions with some short description and ideally FreeBSD
> =A0 versions that can run the given GELI version will be printed.
> 3. Print metadata version in 'geli list' output.

    That suggestion's brilliant. All that we need now is a short blurb
in the manpage describing when which metadata was implemented when and
I think this will be on the right track.
Thanks a bunch!
-Garrett