d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
127,131 Commits 4 Branches 49 Tags 2 GiB
eb7bc007cc
Commit Graph

171 Commits

Author SHA1 Message Date
ru
731fda35ce Markup fixes. 2006-09-18 11:55:10 +00:00
brueffer
87e4e476d6 Remove a contraction and add a missing article. 2006-09-17 11:30:44 +00:00
pjd
1328564157 Fix copy&paste mistake. 
Submitted by:	Matthias Lederhofer <matled@gmx.net>
 2006-09-16 10:47:30 +00:00
pjd
2e387b9b85 Add 'configure' subcommand which for now only allows setting and removing 
of the BOOT flag. It can be performed on both attached and detached
providers.

Requested by:	Matthias Lederhofer <matled@gmx.net>
MFC after:	1 week
 2006-09-16 10:43:17 +00:00
pjd
43d315f0a2 Note that we don't destroy keys on read-only attached providers. 
MFC after:	1 week
 2006-09-16 09:27:54 +00:00
pjd
034bd1e695 First kill detached providers, because of two reasons: 
- after killing all attached providers, all providers are then detached
  and operation is repeated for those who were attached,
- we don't want to remove keys for read-only attached providers, we only
  want to detach them.

MFC after:	1 week
 2006-09-16 09:26:57 +00:00
pjd
40cda51553 - Split failure probability configuration into read failure probability and 
write failure probability.
- Allow to specify an error number to return of failure.

MFC after:	3 days
 2006-09-08 09:21:21 +00:00
maxim
73fe45cc82 o Spell. 
Submitted by:	ru
 2006-08-10 01:13:38 +00:00
maxim
e14db770e3 o Strip eol whitespaces. 2006-08-09 19:41:34 +00:00
maxim
a1d59e56fe o New sentence, new line. 
o Touch Dd for -r.
 2006-08-09 18:35:31 +00:00
pjd
b2ae936be5 Allow geli to operate on read-only providers. 
Initial patch from:	vd
MFC after:		2 weeks
 2006-08-09 18:11:14 +00:00
pjd
1022710a43 Add missing #. 2006-08-07 20:09:09 +00:00
pjd
ec70ef58cb Allow to use the old -a option to specify an encryption algorithm to use 
(for backward compatibility), but print a warning to inform about the
change.
 2006-06-06 22:06:24 +00:00
brueffer
b3ea269400 Clarify and merge two sentences. 
Discussed with:		pjd
 2006-06-06 19:03:51 +00:00
brueffer
f3473b2245 Mdoc cleanup and some wording improvements. 2006-06-06 14:02:13 +00:00
pjd
5025e88863 Remove section committed by mistake. It is not yet ready. 2006-06-06 07:10:42 +00:00
pjd
a79e05219d Document geli(8) data authentication. 
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
 2006-06-05 21:43:51 +00:00
pjd
f75bb255dc Userland bits of geli(8) data authentication. 
Now, encryption algorithm is given using '-e' option, not '-a'.
The '-a' option is now used to specify authentication algorithm.

Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
 2006-06-05 21:40:54 +00:00
pjd
f2ed81d3aa Correct error messages. 
MFC after:	2 weeks
 2006-05-01 12:05:45 +00:00
pjd
aa5c1066ff Allocate memory for NUL-termination as well. 
MFC after:	2 days
 2006-04-07 15:33:04 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see: 
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
 2006-03-17 18:54:44 +00:00
pjd
65255e20ba Add some notes how to properly dump kernel onto gmirror provider. 
Reviewed and corrected by:	brueffer
MFC after:	3 days
 2006-03-08 08:50:52 +00:00
wkoszek
d8eb71788e Print "clear" and "dump" only once. 
Reviewed by:	pjd
Approved by:	cognet (mentor)
MFC after:	3 days
 2006-03-03 21:35:57 +00:00
pjd
ab17cb5277 Add an example how to use keyfiles for encrypted providers which should be 
attached before the root file system is mounted.

MFC after:	3 days
 2006-02-11 13:18:47 +00:00
pjd
8f76601c25 - Allow to use -b without passphrase or with keyfiles as it will be 
supported for a moment.
- Don't allow to use -i when no passphrase is given. Now if iterations is
  equal to -1 (not set), we know that we should not ask for the passphrase
  on boot.
  It still doesn't handle situation when one key is protected with
  passphrase and the other is not. There is no quick fix for this.
  The complete solution will be to make number of iterations a per-key
  value. Because this need metadata format change and is only needed for
  devices attached on boot, I'll leave it as it is for now.

MFC after:	3 days
 2006-02-11 13:04:10 +00:00
pjd
85ddd3fd4b Deny init/attach/setkey subcommands when no key components are given. 
MFC after:	3 days
Tested with:	prove /usr/src/tools/regression/geom_eli
 2006-02-01 15:01:55 +00:00
joel
87dcb0582d Expand contractions. 2006-02-01 14:33:14 +00:00
pjd
f31d2a3b5c Remove trailing spaces. 2006-02-01 12:11:37 +00:00
pjd
2c22d1672b Remove unused argument. 
MFC after:	3 days
 2006-01-31 15:55:52 +00:00
pjd
74978a10e1 Allow to specify only one disk. This is helpful when we want to extend 
our concatenated device later.

MFC after:	1 week
 2006-01-30 22:47:07 +00:00
pjd
bb27db910a Add a reference to geli(8). 
MFC after:	3 days
 2006-01-29 00:32:40 +00:00
pjd
7ea810fefd Teach NOP GEOM class how to gather the following statistics: 
- number of read I/O requests,
- number of write I/O requests,
- number of read bytes,
- number of written bytes.
Add 'reset' subcommand for resetting statistics.
 2005-12-08 23:00:31 +00:00
pjd
03a6ffac1f - The geom(8) utility only uses three types of arguments: string (char *), 
value (intmax_t) and boolean (int).
  Based on that provide three functions:
        - gctl_get_ascii()
        - gctl_get_int()
        - gctl_get_intmax()
- Hide gctl_get_param() function, as it is only used internally in
  subr.c.
- Allow to provide argument name as (fmt, ...).
- Assert geom(8) bugs (missing argument is a geom(8) bug).

- Clean-up and simplify the code by using new functions and assumtions
  (no more checking for missing argument).

Tested by:	regression tests
 2005-12-07 01:38:27 +00:00
joel
7eed0b9958 s/5.5/6.0/ in HISTORY section. 
Discussed with:	ru
 2005-11-24 09:25:10 +00:00
ceri
a4edf83a8d gmirror.8: 
Note the default balancing algorithm and stripe size.

geom_mirror.c:
  Slightly friendlier error message.

Reviewed by:	pjd
 2005-10-25 13:45:07 +00:00
pjd
2c9137ee39 Add a note in example as well, that last sector is used for metadata, 
so it don't provoke confusions.

Noticed by:	Victor Sudakov <sudakov@sibptus.tomsk.ru>
MFC after:	2 days
 2005-09-29 08:56:15 +00:00
pjd
e74d0361d3 Even if there are no valid keys in metadata, but provider is attached 
we can still use setkey subcommand.

MFC after:	3 days
Found by:	regression tests
 2005-09-10 07:43:03 +00:00
marius
a128a96ae0 As with NO_CRYPT, don't try to compile geli(8) when NO_OPENSSL is defined 
either.

MFC after:	1 week
 2005-08-27 20:51:12 +00:00
takawata
393fbc1df4 Update Document. 2005-08-26 11:39:38 +00:00
pjd
aee0040df6 By default, when doing crypto work in software, start as many threads 
as we have active CPUs and bind each thread to its own CPU.

MFC after:	3 days
 2005-08-21 18:12:51 +00:00
pjd
0c33c951a5 Allow to change number of iterations for PKCS#5v2. It can only be used 
when there is only one key set.

MFC after:	3 days
 2005-08-19 22:19:25 +00:00
pjd
94bc690fb5 Move function for calculating number of bits into more central place. 
I want to use it so more.

MFC after:	3 days
 2005-08-19 22:13:09 +00:00
pjd
e00e4fe291 Update manual page (now dedicated kernel thread is always started). 
MFC after:	3 days
 2005-08-17 15:27:23 +00:00
pjd
3c2828d3f4 Unfortunately dlerror(3) returns string, so there is no clean way to 
ignore "no such file" errors only, which I wanted to do.
Because of this I ignored all other errors on dlopen(3) failure as well,
which isn't good.
Fix this situation by calling access(2) on library file first and ignore
only ENOENT error. This allows to report all the rest of dlopen(3) errors.

MFC after:	3 days
 2005-08-14 21:55:18 +00:00
pjd
f8b8e82885 When keys were configured without passphrase, number of iterations in 
metadata is equal to -1. if we then wanted to attach provider (or change
keys) and forget about '-p' flag it failed on assertion (quite ok, without
assertion it could call PKCS#5v2 with 4294967295 iterations).

Instead of failing on assertion, remind about '-p' flag.

MFC after:	3 days
 2005-08-14 14:13:07 +00:00
pjd
beb7869726 GELI doesn't need cryptodev. 
MFC after:	2 days
 2005-08-12 07:44:42 +00:00
pjd
b9935076f6 Add code for Ext2FS and ReiserFS labels recognition. 
Submitted by:	Stanislav Sedov <stas@310.ru>
PR:		kern/84638
MFC after:	1 week
 2005-08-12 00:27:45 +00:00
ru
4cb266fe14 Add missing check for the NO_CRYPT build option. 
Reported by:	Alexander Polakov
 2005-08-02 20:12:30 +00:00
brueffer
9ac3a9fcb9 Misc cleanup (spelling, grammar, mdoc, style, cut >80 char lines). 2005-07-30 13:27:15 +00:00
pjd
7079ab35b4 I actually do need libmd. 2005-07-29 10:06:57 +00:00