Page MenuHomeFreeBSD

geli init multiple providers
ClosedPublic

Authored by woodsb02 on Jul 3 2018, 5:53 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 9:31 AM
Unknown Object (File)
Fri, Nov 8, 1:16 AM
Unknown Object (File)
Tue, Nov 5, 5:03 AM
Unknown Object (File)
Wed, Oct 30, 8:43 PM
Unknown Object (File)
Oct 8 2024, 10:34 PM
Unknown Object (File)
Oct 8 2024, 10:34 PM
Unknown Object (File)
Oct 8 2024, 10:33 PM
Unknown Object (File)
Oct 8 2024, 10:32 PM
Subscribers

Details

Summary

geli init multiple providers

Following on from rS335673 and rS336602 which allowed multiple providers to be attached in a single command.

Allow initialization of multiple geli providers at once if they use same
passphrase and keyfiles.
Unique salt will be randomly generated for each provider to ensure the
Master Key for each is unique.

Test Plan

Tested using md(4) memory disks to confirm multiple providers can be initialized
in a single command using the same passphrase and keyfiles.

mdconfig -s 1m -u 0
mdconfig -s 1m -u 1
geli init md0 md2 md1   # set password to "test"
geli attach -v md0 md1  # enter password "test"
geli status
geli detach md0 md1
mdconfig -d -u 0
mdconfig -d -u 1

Expected output:

Enter new passphrase:
Reenter new passphrase:
Calculating number of iterations...
Done, using 2071395 iterations.
Metadata value stored on md0.

Metadata backup for provider md0 can be found in /var/backups/md0.eli
and can be restored with the following command:

        # geli restore /var/backups/md0.eli md0

geli: Cannot get informations about md2: No such file or directory.
Metadata value stored on md1.

Metadata backup for provider md1 can be found in /var/backups/md1.eli
and can be restored with the following command:

        # geli restore /var/backups/md1.eli md1

geli: There was an error with at least one provider.

Enter passphrase:
Attached to md0.
Attached to md1.
Done.

      Name  Status  Components
   md0.eli  ACTIVE  md0
   md1.eli  ACTIVE  md1

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 18245
Build 17973: arc lint + arc unit

Event Timeline

Minor wording nit in the man page.

lib/geom/eli/geli.8
239

s/Unique/A unique/

Incorporate manpage comment from bcr

Colin specifically asked me about this feature at BSDCan, so has therefore volunteered to help test it.

Update style to match r336602

You really should add some tests for this. geli has a good test suite already; it should be easy to add this feature. If you've never used ATF before, I can help you with that.

lib/geom/eli/geli.8
27

Don't forget to bump the date.

lib/geom/eli/geom_eli.c
710

Better to use <=

845

80 columns per line here and elsewhere.

This revision now requires changes to proceed.Jul 22 2018, 10:58 PM
This revision was not accepted when it landed; it landed in state Needs Revision.Jul 23 2018, 11:04 PM
This revision was automatically updated to reflect the committed changes.

Thanks for your review Alan and Maxim.
Alan: I will try to create some tests for this new geli functionality this weekend, and will submit a phabricator review once it is ready. I am new to Kyua tests, so we will see how it goes.