RE: Geli and crunchgen (/rescue)

2013-08-04 Thread Dewayne Geraghty 
Hi Devin,

Thankyou.  I'll look further into the openssl reference (off-list) in a few 
minutes.

The geom stuff is a little bit tricky to get going, because only glabel and 
gpart have the necessary parts in them. Pawel left
enough clues to enable the other geom classes (good engineering)

The flags RELEASE_CRUNCH or RESCUE is tested in the geom/Makefile and defines 
STATIC_GEOM_CLASSES which is tested in the source; so:

I've added this and similar to geom eli (mirror, shsec raid...)
===
--- class/eli/geom_eli.c(revision 253832)
+++ class/eli/geom_eli.c(working copy)
@@ -54,9 +54,14 @@
 #include core/geom.h
 #include misc/subr.h

+#ifdef STATIC_GEOM_CLASSES
+#define PUBSYM(x)   geli_##x
+#else
+#define PUBSYM(x)   x
+#endif

-uint32_t lib_version = G_LIB_VERSION;
-uint32_t version = G_ELI_VERSION;
+uint32_t PUBSYM(lib_version) = G_LIB_VERSION;
+uint32_t PUBSYM(version) = G_ELI_VERSION;

 #defineGELI_BACKUP_DIR /var/backups/
 #defineGELI_ENC_ALGO   aes
@@ -99,7 +104,8 @@
  * clear [-v] prov ...
  * dump [-v] prov ...
  */
-struct g_command class_commands[] = {
+
+struct g_command PUBSYM(class_commands)[] = {
{ init, G_FLAG_VERBOSE, eli_main,
{
{ 'a', aalgo, , G_TYPE_STRING },


Then I needed to add relevant parts (I'm really only interested in eli, mirror, 
shsec) in the /usr/src/sbin/geom/Makefile, but I
tested clean compilation of the other common classes.

--- Makefile(revision 253832)
+++ Makefile(working copy)
@@ -4,18 +4,40 @@

 .PATH: ${.CURDIR}/class/part \
${.CURDIR}/class/label \
+   ${.CURDIR}/class/eli \
+   ${.CURDIR}/class/mirror \
+   ${.CURDIR}/class/shsec \
${.CURDIR}/core \
-   ${.CURDIR}/misc
+${.CURDIR}/../../sys/geom/eli ${.CURDIR}/../../sys/crypto/sha2 \
+   ${.CURDIR}/misc
+# For geom friends, move these up
+#   ${.CURDIR}/class/raid \
+#   ${.CURDIR}/class/sched \
+#   ${.CURDIR}/class/stripe \
+#   ${.CURDIR}/class/journal \

 PROG=  geom
 SRCS=  geom.c geom_label.c geom_part.c subr.c
+SRCS+=  geom_eli.c
+SRCS+=  g_eli_crypto.c
+SRCS+=  g_eli_key.c
+SRCS+=  pkcs5v2.c
+SRCS+=  sha2.c
+SRCS+=  geom_mirror.c geom_shsec.c
+#SRCS+=  geom_raid.c geom_sched.c geom_stripe.c
+#SRCS+=  geom_journal.c geom_journal_ufs.c
 NO_MAN=

 WARNS?=2
 CFLAGS+=-I${.CURDIR} -I${.CURDIR}/core -DSTATIC_GEOM_CLASSES
+# For eli  friends
+CFLAGS+= -I${.CURDIR}/../../sys

-DPADD= ${LIBGEOM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
-LDADD= -lgeom -lsbuf -lbsdxml -lutil
+DPADD= ${LIBGEOM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL} ${LIBMD} ${LIBCRYPTO}
+LDADD= -lgeom -lsbuf -lbsdxml -lutil -lmd -lcrypto

Then adding to boot_crunch.conf:

progs geom
special geom objs geom.o geom_label.o geom_part.o geom_mirror.o geom_shsec.o 
geom_eli.o sha2.o pkcs5v2.o g_eli_key.o g_eli_crypto.o
subr.o
ln geom geli
ln geom gmirror
ln geom gshsec

And 
libs -lgeom -lkiconv -lm -lwrap
libs -lssl -lcrypto -lmd
# Note: I added a few other things so kiconv and wrap may not be needed for geom

Resulted in release/i386/boot_crunch and /rescue performing satisfactorily :)

Thanks for your help, and clues.

Kind regards, Dewayne.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Geli and crunchgen (/rescue)

2013-08-03 Thread Dewayne 
Unfortunately I have had the need on several occasions to recover systems that 
use geli encrypted disks.  Unfortunately geli is not
included in the crunchgen /rescue directory.  Has anyone been successful in 
crunchgen'ing geli into /rescue?

I've spent a few hours on this and think herding cats might be easier.

Regards, Dewayne.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Geli and crunchgen (/rescue)

2013-08-03 Thread Teske, Devin 

On Aug 3, 2013, at 12:35 AM, Dewayne wrote:

 Unfortunately I have had the need on several occasions to recover systems 
 that use geli encrypted disks.  Unfortunately geli is not
 included in the crunchgen /rescue directory.  Has anyone been successful in 
 crunchgen'ing geli into /rescue?
 
 I've spent a few hours on this and think herding cats might be easier.
 

I'll give it a go. I've got a fair amount of experience with crunchgen...

Oh, wait... I already did it... (see below link):

http://druidbsd.cvs.sf.net/viewvc/druidbsd/druidbsd/druid/dep/freebsd/patches/local_patches/release%3A%3Ai386%3A%3Aboot_crunch.conf.patch?revision=1.2view=markup

There you go ;D (smiles)
-- 
Devin

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org