On Oct 16, 2011, at 7:51 PM, Xin LI wrote:
> On Sun, Oct 16, 2011 at 7:43 PM, Garrett Cooper <[email protected]> wrote:
>> On Oct 16, 2011, at 5:32 PM, Xin LI wrote:
>>
>>> On Sun, Oct 16, 2011 at 5:01 PM, Garrett Cooper <[email protected]> wrote:
>>> [...]
>>>> The attach will fail with the following message:
>>>>
>>>> geli: MD5 hash mismatch for /dev/md0.
>>>
>>> I'm pretty sure that this is from userland, and because FreeBSD 9.x
>>> have support of GELI metadata version 6, while 8.2 have support up to
>>> metadata version 5. It's not a regression IMHO.
>>
>> In other words this is a design flaw, because geli metadata is only forwards
>> compatible. One of FreeBSD's claims to fame is its backwards compatibility
>> -- why aren't geom developers adhering to this?
>
> Backward compatibility is that you can expect what's working in an
> older version of FreeBSD would just work on a newer version of
> FreeBSD, not the contrary.
Perhaps, but the fact that this behavior / set of expectations isn't
clearly called out in the geli manpage -- and the fact that there isn't
official versioning (or at the very least this isn't made a requirement based
on the output above) associated with each metadata format is a fault that
should be corrected. Otherwise, how can GELI be considered a viable mechanism
for encrypting data across multiple versions of FreeBSD? It seems very
shortsighted that there isn't at least a mechanism for reading -- or at least
rejecting -- later versions of metadata in an intuitive manner.
FWIW if you use geli from an earlier version of FreeBSD (hint: chroot,
jail), it does the right thing.. which means that I have a means for producing
encrypted images on later versions of FreeBSD now. Nevertheless, having to do
so in such a roundabout manner is annoying and I'm sure I won't be the only one
that will be affected by this.
Thanks,
-Garrett_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-geom
To unsubscribe, send any mail to "[email protected]"
