Geom utilities (geli(8), glabel(8), gmirror(8), gpart(8), gmirror(8),
gmountver(8), etc) all use the geom(8) utility as their back end
to process their commands and pass them into the kernel. Creating
a new utility requires no more than filling out a template describing
the commands and arguments that the utility supports. Consider the
specification for the very simple gmountver(8) utility:
struct g_command class_commands[] = {
{ "create", G_FLAG_VERBOSE | G_FLAG_LOADKLD, NULL,
{
G_OPT_SENTINEL
},
"[-v] prov ..."
},
{ "destroy", G_FLAG_VERBOSE, NULL,
{
{ 'f', "force", NULL, G_TYPE_BOOL },
G_OPT_SENTINEL
},
"[-fv] name"
},
G_CMD_SENTINEL
};
It has just two commands of its own: "create" and "destroy" along
with the four standard commands "list", "status", "load", and
"unload" provided by the base geom(8) utility. The base geom(8)
utility allows each command to use the G_FLAG_VERBOSE flag to specify
that a command should accept the -v flag and when the -v flag is
given the utility prints "Done." if the command completes successfully.
In the above example, both of the commands set the G_FLAG_VERBOSE,
so have the -v option available. In addition the "destroy" command
accepts the -f boolean flag to force the destruction.
If the "destroy" command wanted to also print out verbose information,
it would need to explicitly declare its intent by adding a line:
{ 'v', "verbose", NULL, G_TYPE_BOOL },
Before this change, the geom utility would silently ignore the above
line in the configuration file, so it was impossible for the utility
to know that the -v flag had been set on the command. With this
change a geom command can explicitly specify a -v option with a
line as given above and handle it as it would any other option. If
both a -v option and G_FLAG_VERBOSE are specified for a command
then both types of verbose information will be output when that
command is run with -v.
MFC after: 1 week
Sponsored by: Netflix
Allow geom(8) to list geoms with the '/dev/' prefix.
`geom part show` accepts the '/dev/' prefix but `geom part list` does not.
Modify find_geom() in sbin/geom/core/geom.c to be consistent with the behavior
of find_geom() in lib/geom/part/geom_part.c.
PR: 188213
Reported by: Ronald F. Guilmette <rfg@tristatelogic.com>
Reviewed by: imp, kevans
Approved by: kevans (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D27556
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Sample output:
% geom -t
Geom Class Provider
da0 DISK da0
da0 PART da0s1
da0s1 PART da0s1a
ffs.da0s1a VFS
da0s1a DEV
da0s1 DEV
da0 DEV
da1 DISK da1
swap SWAP
da1 DEV
cd0 DISK cd0
cd0 DEV
Reviewed by: oshogbo
Approved by: re (kib)
MFC after: 2 weeks
Relnotes: yes
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D17151
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally. Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.
The relocation of libraries allows libraries to be build for 32-bit
compat. This also reduces the number of non-standard builds in
the system.
This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.
Reviewed by: bdrewery
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15360
Previously gpart's man page listed some command options in prose, and
some in table form, which made it more difficult to use as a reference.
Reviewed by: bcr
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D15135
Alphabetical order, uppercase before lowercase for each letter and with
no regard to whether an option takes an argument.
Sponsored by: The FreeBSD Foundation
If the 'n' flag is provided the provided key number will be used to
decrypt device. This can be used combined with dryrun to verify if the key
is set correctly. This can be also used to determine which key slot we want to
change on already attached device.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D15309
'n' is used in other commands to define the key index.
We should be consistent with that.
'C' option is used by patch(1) to perform dryrun so lets use that.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D15308
This will allow us to verify if passphrase and key is valid without
decrypting whole device.
Reviewed by: cem@, allanjude@
Differential Revision: https://reviews.freebsd.org/D15000
Most consumers of g_metadata_store were passing in partially unallocated
memory, resulting in stack garbage being written to disk labels. Fix them by
zeroing the memory first.
gvirstor repeated the same mistake, but in the kernel.
Also, glabel's label contained a fixed-size string that wasn't
initialized to zero.
PR: 222077
Reported by: Maxim Khitrov <max@mxcrypt.com>
Reviewed by: cem
MFC after: 3 weeks
X-MFC-With: 323314
X-MFC-With: 323338
Differential Revision: https://reviews.freebsd.org/D14164
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
'last' is the sector number of the last usable sector. Sector
numbers start with 0. As such, 'last' is always 1 less than
the count of sectors and aligning 'last' down as-is means that
the number of free sectors is pessimized by 'alignment - 1' if
the number of usable sectors was already a multiple of the
alignment. Consequently, gpart(8) failed to create a partition
when the alignment and size were such that it would extend to
the end of the disk.
partitioning scheme.
Users often get confused and frustrated when trying to delete partition
table and getting ``Device busy'' error because they forgot (or did not
ever know that they have) to delete all its partitions first, and while
the manual page mentions this briefly, it does not stress it out enough.
Approved by: ae, manpages (bjk)
PR (as inspiration): 196102
Differential Revision: https://reviews.freebsd.org/D12336
Any geom class using g_metadata_store, as well as geom_virstor which
duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes
of userspace memory following the metadata block stored. This is most or all
geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath,
graid3, gshsec, gstripe, and geom_virstor).
PR: 222077 (comment #3)
Reported by: Maxim Khitrov <max AT mxcrypt.com>
Reviewed by: des
Security: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12269
Before this change it was impossible to set number of PKCS#5v2 iterations,
required to set passphrase, if it has two keys and never had any passphrase.
Due to present metadata format limitations there are still cases when number
of iterations can not be changed, but now it works in cases when it can.
PR: 218512
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D10338
An unhandled error case would result in passing SIZE_MAX to malloc.
While I'm here, remove an unnecessary NULL check before free
Reported by: Coverity
CID: 1017793
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
gpart(8) has functionality to change the label of an GPT partition.
This functionality works like it should, however, after a label change
the /dev/gpt/ entries remain unchanged. glabel(8) status output remains
unchanged. The change only takes effect after a reboot.
PR: 162690
Submitted by: sub.mesa@gmail, Ben RUBSON <ben.rubson@gmail.com>, ae
Reviewed by: allanjude, bapt, bcr
MFC after: 6 weeks.
Differential Revision: https://reviews.freebsd.org/D9935
It is quite specific mode of operation without storing on-disk metadata.
It can be useful in some cases in combination with some external control
tools handling mirror creation and disks hot-plug.
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
gmultipath.8: Add HISTORY
Adjust sentences with bad phrases picked up by igor
ggatec.8: Add HISTORY
ggated.8: Add HISTORY
ggatel.8: Add HISTORY
Seperate out sentence as advised by igor.
hastctl.8: Add HISTORY
hastd.8: Add HISTORY
Fix sentence highlighted by igor.
iscontrol.8: Add HISTORY
mdmfs.8: Add HISTORY
Address issues raised by igor
mount_nfs.8: Add HISTORY
Not sure where mount_nfs first showed up, but the verison used
in the BSD's originates from 4.4BSD according to CSRG archive.
Though commercial offerings from Sun and others covers older
systems, eg https://groups.google.com/forum/#!topic/net.unix-wizards/lMe7aQikqJI
nandfs.8: Add HISTORY
Adjust sentence in description to address bad phrase highlighted
by igor.
nvmecontrol.8: Add HISTORY
PR: 212491
PR: 212498
PR: 212499
PR: 212500
PR: 212501
PR: 212502
PR: 212505
PR: 212508
PR: 212540
PR: 212543
PR: 212546
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
in one command due to wrong file size limit. Do not use bootcode size
to calculate partsize limit.
Also add report message about successful partcode writing.
Reported by: Trond Endrestøl
MFC after: 2 weeks
This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.
Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process
PR: 208251
Reviewed by: ed, oshogbo, wblock
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D5867
The upcoming GELI support in the loader reuses parts of this code
Some ifdefs are added, and some code is moved outside of existing ifdefs
The HMAC parts of GELI are broken out into their own file, to separate
them from the kernel crypto/openssl dependant parts that are replaced
in the boot code.
Passed the GELI regression suite (tools/regression/geom/eli)
Files=20 Tests=14996
Result: PASS
Reviewed by: pjd, delphij
MFC after: 1 week
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D4699
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij
Approved by: secteam, bapt (mentor)
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3929