diff options
| author | pjd <pjd@FreeBSD.org> | 2008-08-29 18:10:18 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2008-08-29 18:10:18 +0000 |
| commit | eb18064487ed6a8c0ca47f06cec5edffb701eaf4 (patch) | |
| tree | ae13fdadfbbe981bbb8657afa529a68844db7293 /tools/regression/geom_eli | |
| parent | fb302986669162fa39b6310d7852659f6df20b2e (diff) | |
| download | FreeBSD-src-eb18064487ed6a8c0ca47f06cec5edffb701eaf4.zip FreeBSD-src-eb18064487ed6a8c0ca47f06cec5edffb701eaf4.tar.gz | |
By default backup geli metadata to a file. It is quite critical 512 bytes,
once it is lost, all data is gone.
Option '-B none' can by used to prevent backup. Option '-B path' can be
used to backup metadata to a different file than the default, which is
/var/backups/<prov>.eli.
The 'geli init' command also prints backup file location and gives short
procedure how to restore metadata.
The 'geli setkey' command now warns that even after passphrase change or keys
update there could be version of the master key encrypted with old
keys/passphrase in the backup file.
Add regression tests to verify that new functionality works as expected.
Update other regression tests so they don't create backup files.
Reviewed by: keramida, rink
Dedicated to: a friend who lost 400GB of his live by accidentally overwritting geli metadata
MFC after: 2 weeks
Diffstat (limited to 'tools/regression/geom_eli')
| -rw-r--r-- | tools/regression/geom_eli/attach-d.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/configure-b-B.t | 4 | ||||
| -rw-r--r-- | tools/regression/geom_eli/delkey.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/detach-l.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/init-B.t | 106 | ||||
| -rw-r--r-- | tools/regression/geom_eli/init-a.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/init-i-P.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/init.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-copy.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-data.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/integrity-hmac.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/kill.t | 4 | ||||
| -rw-r--r-- | tools/regression/geom_eli/nokey.t | 4 | ||||
| -rw-r--r-- | tools/regression/geom_eli/readonly.t | 2 | ||||
| -rw-r--r-- | tools/regression/geom_eli/setkey.t | 2 |
15 files changed, 123 insertions, 17 deletions
diff --git a/tools/regression/geom_eli/attach-d.t b/tools/regression/geom_eli/attach-d.t index de4602f..4c4789e 100644 --- a/tools/regression/geom_eli/attach-d.t +++ b/tools/regression/geom_eli/attach-d.t @@ -11,7 +11,7 @@ echo "1..3" dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile md${no} +geli init -B none -P -K $keyfile md${no} geli attach -d -p -k $keyfile md${no} if [ -c /dev/md${no}.eli ]; then echo "ok 1" diff --git a/tools/regression/geom_eli/configure-b-B.t b/tools/regression/geom_eli/configure-b-B.t index b58138b..23aa412 100644 --- a/tools/regression/geom_eli/configure-b-B.t +++ b/tools/regression/geom_eli/configure-b-B.t @@ -8,7 +8,7 @@ mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 echo "1..17" -geli init -P -K /dev/null md${no} +geli init -B none -P -K /dev/null md${no} if [ $? -eq 0 ]; then echo "ok 1" else @@ -22,7 +22,7 @@ else echo "not ok 2" fi -geli init -b -P -K /dev/null md${no} +geli init -B none -b -P -K /dev/null md${no} if [ $? -eq 0 ]; then echo "ok 3" else diff --git a/tools/regression/geom_eli/delkey.t b/tools/regression/geom_eli/delkey.t index 2a9ae40..a828622 100644 --- a/tools/regression/geom_eli/delkey.t +++ b/tools/regression/geom_eli/delkey.t @@ -17,7 +17,7 @@ dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile1 md${no} +geli init -B none -P -K $keyfile1 md${no} geli attach -p -k $keyfile1 md${no} geli setkey -n 1 -P -K $keyfile2 md${no} diff --git a/tools/regression/geom_eli/detach-l.t b/tools/regression/geom_eli/detach-l.t index ae6c3b2..dfa3269 100644 --- a/tools/regression/geom_eli/detach-l.t +++ b/tools/regression/geom_eli/detach-l.t @@ -11,7 +11,7 @@ echo "1..4" dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile md${no} +geli init -B none -P -K $keyfile md${no} geli attach -p -k $keyfile md${no} if [ -c /dev/md${no}.eli ]; then echo "ok 1" diff --git a/tools/regression/geom_eli/init-B.t b/tools/regression/geom_eli/init-B.t new file mode 100644 index 0000000..36ab873 --- /dev/null +++ b/tools/regression/geom_eli/init-B.t @@ -0,0 +1,106 @@ +#!/bin/sh +# $FreeBSD$ + +base=`basename $0` +no=45 +sectors=100 +keyfile=`mktemp /tmp/$base.XXXXXX` || exit 1 +backupfile=`mktemp /tmp/$base.XXXXXX` || exit 1 + +echo "1..13" + +dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 + +mdconfig -a -t malloc -s $sectors -u $no || exit 1 + +# -B none +rm -f /var/backups/md${no}.eli +geli init -B none -P -K $keyfile md${no} 2>/dev/null +if [ ! -f /var/backups/md${no}.eli ]; then + echo "ok 1 - -B none" +else + echo "not ok 1 - -B none" +fi + +# no -B +rm -f /var/backups/md${no}.eli +geli init -P -K $keyfile md${no} >/dev/null 2>&1 +if [ -f /var/backups/md${no}.eli ]; then + echo "ok 2 - no -B" +else + echo "not ok 2 - no -B" +fi +geli clear md${no} +geli attach -p -k $keyfile md${no} 2>/dev/null +if [ $? -ne 0 ]; then + echo "ok 3 - no -B" +else + echo "not ok 3 - no -B" +fi +if [ ! -c /dev/md${no}.eli ]; then + echo "ok 4 - no -B" +else + echo "not ok 4 - no -B" +fi +geli restore /var/backups/md${no}.eli md${no} +if [ $? -eq 0 ]; then + echo "ok 5 - no -B" +else + echo "not ok 5 - no -B" +fi +geli attach -p -k $keyfile md${no} 2>/dev/null +if [ $? -eq 0 ]; then + echo "ok 6 - no -B" +else + echo "not ok 6 - no -B" +fi +if [ -c /dev/md${no}.eli ]; then + echo "ok 7 - no -B" +else + echo "not ok 7 - no -B" +fi +geli detach md${no} +rm -f /var/backups/md${no}.eli + +# -B file +rm -f $backupfile +geli init -B $backupfile -P -K $keyfile md${no} >/dev/null 2>&1 +if [ -f $backupfile ]; then + echo "ok 8 - -B file" +else + echo "not ok 8 - -B file" +fi +geli clear md${no} +geli attach -p -k $keyfile md${no} 2>/dev/null +if [ $? -ne 0 ]; then + echo "ok 9 - -B file" +else + echo "not ok 9 - -B file" +fi +if [ ! -c /dev/md${no}.eli ]; then + echo "ok 10 - -B file" +else + echo "not ok 10 - -B file" +fi +geli restore $backupfile md${no} +if [ $? -eq 0 ]; then + echo "ok 11 - -B file" +else + echo "not ok 11 - -B file" +fi +geli attach -p -k $keyfile md${no} 2>/dev/null +if [ $? -eq 0 ]; then + echo "ok 12 - -B file" +else + echo "not ok 12 - -B file" +fi +if [ -c /dev/md${no}.eli ]; then + echo "ok 13 - -B file" +else + echo "not ok 13 - -B file" +fi +geli detach md${no} +rm -f $backupfile + +mdconfig -d -u $no +rm -f $keyfile diff --git a/tools/regression/geom_eli/init-a.t b/tools/regression/geom_eli/init-a.t index b8024a7..ace195f 100644 --- a/tools/regression/geom_eli/init-a.t +++ b/tools/regression/geom_eli/init-a.t @@ -24,7 +24,7 @@ for cipher in aes:0 aes:128 aes:192 aes:256 \ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null geli attach -p -k $keyfile md${no} secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` diff --git a/tools/regression/geom_eli/init-i-P.t b/tools/regression/geom_eli/init-i-P.t index a77c1c6..a06f9f8 100644 --- a/tools/regression/geom_eli/init-i-P.t +++ b/tools/regression/geom_eli/init-i-P.t @@ -11,7 +11,7 @@ echo "1..1" dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -geli init -i 64 -P -K ${keyfile} md${no} 2>/dev/null +geli init -B none -i 64 -P -K ${keyfile} md${no} 2>/dev/null if [ $? -ne 0 ]; then echo "ok 1" else diff --git a/tools/regression/geom_eli/init.t b/tools/regression/geom_eli/init.t index 518108c..9e796c3 100644 --- a/tools/regression/geom_eli/init.t +++ b/tools/regression/geom_eli/init.t @@ -23,7 +23,7 @@ for cipher in aes:0 aes:128 aes:192 aes:256 \ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - geli init -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null + geli init -B none -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null geli attach -p -k $keyfile md${no} secs=`diskinfo /dev/md${no}.eli | awk '{print $4}'` diff --git a/tools/regression/geom_eli/integrity-copy.t b/tools/regression/geom_eli/integrity-copy.t index f641bda..a52325c 100644 --- a/tools/regression/geom_eli/integrity-copy.t +++ b/tools/regression/geom_eli/integrity-copy.t @@ -25,7 +25,7 @@ for cipher in aes:0 aes:128 aes:192 aes:256 \ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null geli attach -p -k $keyfile md${no} dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 diff --git a/tools/regression/geom_eli/integrity-data.t b/tools/regression/geom_eli/integrity-data.t index 9774c7c..712f029 100644 --- a/tools/regression/geom_eli/integrity-data.t +++ b/tools/regression/geom_eli/integrity-data.t @@ -24,7 +24,7 @@ for cipher in aes:0 aes:128 aes:192 aes:256 \ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null geli attach -p -k $keyfile md${no} dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 diff --git a/tools/regression/geom_eli/integrity-hmac.t b/tools/regression/geom_eli/integrity-hmac.t index b58c37f..46900f3 100644 --- a/tools/regression/geom_eli/integrity-hmac.t +++ b/tools/regression/geom_eli/integrity-hmac.t @@ -24,7 +24,7 @@ for cipher in aes:0 aes:128 aes:192 aes:256 \ dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 - geli init -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null + geli init -B none -a $aalgo -e $ealgo -l $keylen -P -K $keyfile -s $secsize md${no} 2>/dev/null geli attach -p -k $keyfile md${no} dd if=/dev/random of=/dev/md${no}.eli bs=${secsize} count=1 >/dev/null 2>&1 diff --git a/tools/regression/geom_eli/kill.t b/tools/regression/geom_eli/kill.t index ecd910a..5c315f3 100644 --- a/tools/regression/geom_eli/kill.t +++ b/tools/regression/geom_eli/kill.t @@ -13,7 +13,7 @@ echo "1..9" dd if=/dev/random of=${keyfile1} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${keyfile2} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile1 md${no} +geli init -B none -P -K $keyfile1 md${no} geli attach -p -k $keyfile1 md${no} geli setkey -n 1 -P -K $keyfile2 md${no} @@ -48,7 +48,7 @@ else echo "not ok 4" fi -geli init -P -K $keyfile1 md${no} +geli init -B none -P -K $keyfile1 md${no} geli setkey -n 1 -p -k $keyfile1 -P -K $keyfile2 md${no} # Should be possible to attach with keyfile1. diff --git a/tools/regression/geom_eli/nokey.t b/tools/regression/geom_eli/nokey.t index c2cbecd..19ef680 100644 --- a/tools/regression/geom_eli/nokey.t +++ b/tools/regression/geom_eli/nokey.t @@ -9,7 +9,7 @@ mdconfig -a -t malloc -s `expr $sectors + 1` -u $no || exit 1 echo "1..8" -geli init -P md${no} 2>/dev/null +geli init -B none -P md${no} 2>/dev/null if [ $? -ne 0 ]; then echo "ok 1" else @@ -18,7 +18,7 @@ fi dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K ${keyfile} md${no} 2>/dev/null +geli init -B none -P -K ${keyfile} md${no} 2>/dev/null if [ $? -eq 0 ]; then echo "ok 2" else diff --git a/tools/regression/geom_eli/readonly.t b/tools/regression/geom_eli/readonly.t index f92e934..210a364 100644 --- a/tools/regression/geom_eli/readonly.t +++ b/tools/regression/geom_eli/readonly.t @@ -11,7 +11,7 @@ echo "1..11" dd if=/dev/random of=${keyfile} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile md${no} +geli init -B none -P -K $keyfile md${no} if [ $? -eq 0 ]; then echo "ok 1" else diff --git a/tools/regression/geom_eli/setkey.t b/tools/regression/geom_eli/setkey.t index a219188..611471a 100644 --- a/tools/regression/geom_eli/setkey.t +++ b/tools/regression/geom_eli/setkey.t @@ -22,7 +22,7 @@ dd if=/dev/random of=${keyfile3} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${keyfile4} bs=512 count=16 >/dev/null 2>&1 dd if=/dev/random of=${keyfile5} bs=512 count=16 >/dev/null 2>&1 -geli init -P -K $keyfile1 md${no} +geli init -B none -P -K $keyfile1 md${no} geli attach -p -k $keyfile1 md${no} dd if=${rnd} of=/dev/md${no}.eli bs=512 count=${sectors} 2>/dev/null |
