On Mon, Oct 17, 2011 at 11:29 AM, Garrett Cooper <[email protected]> wrote: > On Mon, Oct 17, 2011 at 6:29 AM, Pawel Jakub Dawidek <[email protected]> wrote: >> On Sun, Oct 16, 2011 at 11:36:29PM -0700, Garrett Cooper wrote: >>> On Oct 16, 2011, at 7:51 PM, Xin LI wrote: >>> > Backward compatibility is that you can expect what's working in an >>> > older version of FreeBSD would just work on a newer version of >>> > FreeBSD, not the contrary. >>> >>> Perhaps, but the fact that this behavior / set of expectations isn't >>> clearly called out in the geli manpage -- and the fact that there isn't >>> official versioning (or at the very least this isn't made a requirement >>> based on the output above) associated with each metadata format is a fault >>> that should be corrected. Otherwise, how can GELI be considered a viable >>> mechanism for encrypting data across multiple versions of FreeBSD? It seems >>> very shortsighted that there isn't at least a mechanism for reading -- or >>> at least rejecting -- later versions of metadata in an intuitive manner. >>> FWIW if you use geli from an earlier version of FreeBSD (hint: >>> chroot, jail), it does the right thing.. which means that I have a means >>> for producing encrypted images on later versions of FreeBSD now. >>> Nevertheless, having to do so in such a roundabout manner is annoying and >>> I'm sure I won't be the only one that will be affected by this. >> >> Thanks Garrett for your comments. >> >> As Xin pointed out, GELI is not forward compatible, but is backwards >> compatible (GELI device initialized on FreeBSD 8.x will work on 9.x, but >> this may not be true the other way around). >> >> I fully agree that the error should be clear on what exactly is wrong >> and this should be easy to fix. >> >> As for creating forward compatible GELI devices I think the right thing >> to do here is to: >> 1. Add '-V version' option for 'geli init' subcommand that will allow to >> specify metadata version number to use for device initialization. >> 2. Add 'geli upgrade [-V <version>] [prov ...]' subcommand that will >> allow to upgrade the given device to the given metadata version (only >> to version greater than the current version). If only providers are >> given, but -V is not given, metadata of the given providers would be >> upgraded to the latest version support by the system. >> Would be nice if backup file could be also upgraded. >> If 'geli upgrade' is executed with no arguments a list of supported >> metadata versions with some short description and ideally FreeBSD >> versions that can run the given GELI version will be printed. >> 3. Print metadata version in 'geli list' output. > > That suggestion's brilliant. All that we need now is a short blurb > in the manpage describing when which metadata was implemented when and > I think this will be on the right track.
Patch added for the first suggestion here: http://www.freebsd.org/cgi/query-pr.cgi?pr=161807 . I'll see if I can get around to the other two sometime before the end of the week. Thanks, -Garrett _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "[email protected]"
