Date: Wed, 20 Oct 2021 11:51:18 +0100 From: =?iso-8859-1?Q?Lu=EDs?= Henriques <henrix@camandro.org> To: freebsd-questions@freebsd.org Subject: zfs: backup unencrypted datasets into encrypted datasets Message-ID: <YW/0pmIK/KfSnNjT@camandro.org>
next in thread | raw e-mail | index | archive | help
Hi! I'm sending this question to this mailing-list after not getting any feedback on the freebsd forums. Hopefully I'll have more lucky here. This is probably a trivial question, but I'm failing to figure it out myself after reading a lot of documentation. I've my laptop running an up-to-date 13.0-RELEASE, with zfs on top of geli. So, datasets are *not* encrypted, but encryption is done on the lower level. I've a single snapshot in my home dataset: # zfs list -t snapshot zroot/usr/home NAME USED AVAIL REFER MOUNTPOINT zroot/usr/home@2021-10-19_13h50 2.87M - 13.3G which I'd like to backup into my external USB drive, which is zfs as well, but not using geli (as I'd like to share it with other non-freebsd computer). Thus, I've create the following in my external drive: # zfs create -o encryption=on -o keyformat=passphrase backups/root # zfs create -o encryption=on backups/root/orpheus-home When I try to send my snapshot, here's what I see: # zfs send -v -R zroot/usr/home@2021-10-19_13h50 | zfs recv -x encryption backups/root/orpheus-home full send of zroot/usr/home@2021-10-19_13h50 estimated size is XXXG total estimated size is XXXG cannot receive new filesystem stream: destination 'backups/root/orpheus-home' exists must specify -F to overwrite it warning: cannot send 'zroot/usr/home@2021-10-19_13h50': signal received Ok, let me try to use the suggested option: # zfs send -v -R zroot/usr/home@2021-10-19_13h50 | zfs recv -F -x encryption backups/root/orpheus-home full send of zroot/usr/home@2021-10-19_13h50 estimated size is XXXG total estimated size is XXXG cannot receive new filesystem stream: zfs receive -F cannot be used to destroy an encrypted filesystem or overwrite an unencrypted one with an encrypted one warning: cannot send 'zroot/usr/home@2021-10-19_13h50': signal received I've tried to use "-o keyformat=raw -o keylocation=file://..." instead of "-x encryption" on the received size (after changing the key format, of course), but the result is exactly the same. And I'm puzzled, with no idea where to go from here. Is this a limitation of zfs, or is this zfs just telling me I'm doing something really stupid? Thanks for any hint that would help me sorting this out. Cheers, -- Luís
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YW/0pmIK/KfSnNjT>