CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun May 12 18:02:16 UTC 2024 Modified Files: src/sbin/cgdconfig: Makefile cgdconfig.8 cgdconfig.c params.c params.h Log Message: PR/58212: Malte Dehling: Add zfs verification method To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/sbin/cgdconfig/Makefile cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.62 -r1.63 src/sbin/cgdconfig/cgdconfig.c cvs rdiff -u -r1.34 -r1.35 src/sbin/cgdconfig/params.c cvs rdiff -u -r1.14 -r1.15 src/sbin/cgdconfig/params.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.22 src/sbin/cgdconfig/Makefile:1.23 --- src/sbin/cgdconfig/Makefile:1.22 Fri Aug 12 06:49:17 2022 +++ src/sbin/cgdconfig/Makefile Sun May 12 14:02:16 2024 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.22 2022/08/12 10:49:17 riastradh Exp $ +# $NetBSD: Makefile,v 1.23 2024/05/12 18:02:16 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -29,4 +29,19 @@ ARGON2_NO_THREADS=1 .include "${NETBSDSRCDIR}/external/apache2/argon2/lib/libargon2/Makefile.inc" .endif +.if ${MKZFS} != "no" +CPPFLAGS+= -DHAVE_ZFS + +OSNET=${NETBSDSRCDIR}/external/cddl/osnet +CPPFLAGS.cgdconfig.c+= -I${OSNET}/include +CPPFLAGS.cgdconfig.c+= -I${OSNET}/sys +CPPFLAGS.cgdconfig.c+= -I${OSNET}/dist/head +CPPFLAGS.cgdconfig.c+= -I${OSNET}/dist/lib/libzpool/common +CPPFLAGS.cgdconfig.c+= -I${OSNET}/dist/uts/common +CPPFLAGS.cgdconfig.c+= -I${OSNET}/dist/uts/common/fs/zfs + +COPTS.cgdconfig.c+= -Wno-unknown-pragmas +COPTS.cgdconfig.c+= -Wno-strict-prototypes +.endif + .include Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.57 src/sbin/cgdconfig/cgdconfig.8:1.58 --- src/sbin/cgdconfig/cgdconfig.8:1.57 Fri Aug 12 06:49:47 2022 +++ src/sbin/cgdconfig/cgdconfig.8 Sun May 12 14:02:16 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.57 2022/08/12 10:49:47 riastradh Exp $ +.\" $NetBSD: cgdconfig.8,v 1.58 2024/05/12 18:02:16 christos Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 4, 2021 +.Dd May 12, 2024 .Dt CGDCONFIG 8 .Os .Sh NAME @@ -270,6 +270,8 @@ scan for a valid Master Boot Record. scan for a valid GUID partition table. .It ffs scan for a valid FFS file system. +.It zfs +scan for a valid ZFS vdev label (if compiled with MKZFS). .It re-enter prompt for passphrase twice, and ensure entered passphrases are identical. Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.62 src/sbin/cgdconfig/cgdconfig.c:1.63 --- src/sbin/cgdconfig/cgdconfig.c:1.62 Sun Apr 28 20:28:18 2024 +++ src/sbin/cgdconfig/cgdconfig.c Sun May 12 14:02:16 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.62 2024/04/29 00:28:18 riastradh Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.63 2024/05/12 18:02:16 christos Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.62 2024/04/29 00:28:18 riastradh Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.63 2024/05/12 18:02:16 christos Exp $"); #endif #ifdef HAVE_ARGON2 @@ -73,6 +73,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.62 202 #include +#ifdef HAVE_ZFS +#include +#include +#endif + #include "params.h" #include "pkcs5_pbkdf2.h" #include "utils.h" @@ -98,11 +103,11 @@ enum action { /* if nflag is set, do not configure/unconfigure the cgd's */ -int nflag = 0; +static int nflag = 0; /* if Sflag is set, generate shared keys */ -int Sflag = 0; +static int Sflag = 0; /* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */ @@ -110,7 +115,7 @@ int Sflag = 0; #define PFLAG_GETPASS_ECHO 0x02 #define PFLAG_GETPASS_MASK 0x03 #define PFLAG_STDIN 0x04 -int pflag = PFLAG_GETPASS; +static int pflag = PFLAG_GETPASS; /* * When configuring all cgds, save a cache of shared keys for key @@ -127,7 +132,7 @@ struct sharedkey { SLIST_ENTRY(sharedkey) used; int verified; }; -LIST_HEAD(, sharedkey) sharedkeys; +static LIST_HEAD(, sharedkey) sharedkeys; SLIST_HEAD(sharedkeyhits, sharedkey); static int configure(int, char **, struct params *, int); @@ -170,11 +175,14 @@ static int verify_ffs(int); static int verify_reenter(struct params *); static int verify_mbr(int); static int verify_gpt(int); +#ifdef HAVE_ZFS +static int verify_zfs(int); +#endif __dead static void usage(void); /* Verbose Framework */ -unsigned verbose = 0; +static unsigned verbose = 0; #define VERBOSE(x,y) if (verbose >= x) y #define VPRINTF(x,y) if (verbose >= x) (void)printf y @@ -636,12 +644,12 @@ getkey_a
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun May 12 18:02:16 UTC 2024 Modified Files: src/sbin/cgdconfig: Makefile cgdconfig.8 cgdconfig.c params.c params.h Log Message: PR/58212: Malte Dehling: Add zfs verification method To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/sbin/cgdconfig/Makefile cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.62 -r1.63 src/sbin/cgdconfig/cgdconfig.c cvs rdiff -u -r1.34 -r1.35 src/sbin/cgdconfig/params.c cvs rdiff -u -r1.14 -r1.15 src/sbin/cgdconfig/params.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Mon Apr 29 00:28:18 UTC 2024 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): KNF in cgdconfig.c. No functional change intended. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.61 src/sbin/cgdconfig/cgdconfig.c:1.62 --- src/sbin/cgdconfig/cgdconfig.c:1.61 Thu Nov 17 06:40:38 2022 +++ src/sbin/cgdconfig/cgdconfig.c Mon Apr 29 00:28:18 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.61 2022/11/17 06:40:38 chs Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.62 2024/04/29 00:28:18 riastradh Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.61 2022/11/17 06:40:38 chs Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.62 2024/04/29 00:28:18 riastradh Exp $"); #endif #ifdef HAVE_ARGON2 @@ -1507,7 +1507,8 @@ iv_method(int mode) static void -show(const char *dev) { +show(const char *dev) +{ char path[64]; struct cgd_user cgu; int fd; @@ -1532,11 +1533,13 @@ show(const char *dev) { } dev = devname(cgu.cgu_dev, S_IFBLK); - if (dev != NULL) + if (dev != NULL) { printf("%s ", dev); - else - printf("dev %llu,%llu ", (unsigned long long)major(cgu.cgu_dev), + } else { + printf("dev %llu,%llu ", + (unsigned long long)major(cgu.cgu_dev), (unsigned long long)minor(cgu.cgu_dev)); + } if (verbose) printf("%s ", cgu.cgu_alg);
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Mon Apr 29 00:28:18 UTC 2024 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): KNF in cgdconfig.c. No functional change intended. To generate a diff of this commit: cvs rdiff -u -r1.61 -r1.62 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Tue Sep 13 10:14:32 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Restore loop for password re-entry for non-shared keys. Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.59 src/sbin/cgdconfig/cgdconfig.c:1.60 --- src/sbin/cgdconfig/cgdconfig.c:1.59 Tue Aug 30 08:48:41 2022 +++ src/sbin/cgdconfig/cgdconfig.c Tue Sep 13 10:14:32 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.59 2022/08/30 08:48:41 riastradh Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.60 2022/09/13 10:14:32 riastradh Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.59 2022/08/30 08:48:41 riastradh Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.60 2022/09/13 10:14:32 riastradh Exp $"); #endif #ifdef HAVE_ARGON2 @@ -858,22 +858,24 @@ configure(int argc, char **argv, struct (void)prog_close(fd); /* - * If the shared keys were all verified already, assume - * something is wrong with the disk and give up. If - * not, flush the cache of the ones that have not been - * verified in case we can try again with passphrase - * re-entry. + * For shared keys: If the shared keys were all + * verified already, assume something is wrong with the + * disk and give up. If not, flush the cache of the + * ones that have not been verified in case we can try + * again with passphrase re-entry. */ - all_verified = 1; - SLIST_FOREACH_SAFE(sk, &skh, used, sk1) { - all_verified &= sk->verified; - if (!sk->verified) { -LIST_REMOVE(sk, list); -free(sk); + if (!SLIST_EMPTY(&skh)) { + all_verified = 1; + SLIST_FOREACH_SAFE(sk, &skh, used, sk1) { +all_verified &= sk->verified; +if (!sk->verified) { + LIST_REMOVE(sk, list); + free(sk); +} } + if (all_verified) +loop = 0; } - if (all_verified) - loop = 0; if (!loop) { warnx("verification failed permanently");
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Tue Sep 13 10:14:32 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Restore loop for password re-entry for non-shared keys. Fixes mistake in previous which changed the semantics in the case where _no_ keys are shared. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Tue Aug 30 08:48:42 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Gracefully handle failed verification with shared keys. The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry. But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.58 src/sbin/cgdconfig/cgdconfig.c:1.59 --- src/sbin/cgdconfig/cgdconfig.c:1.58 Fri Aug 12 10:49:47 2022 +++ src/sbin/cgdconfig/cgdconfig.c Tue Aug 30 08:48:41 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.59 2022/08/30 08:48:41 riastradh Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.59 2022/08/30 08:48:41 riastradh Exp $"); #endif #ifdef HAVE_ARGON2 @@ -114,7 +114,9 @@ int pflag = PFLAG_GETPASS; /* * When configuring all cgds, save a cache of shared keys for key - * derivation. + * derivation. If the _first_ verification with a shared key fails, we + * chuck it and start over; if _subsequent_ verifications fail, we + * assume the disk is wrong and give up on it immediately. */ struct sharedkey { @@ -122,8 +124,11 @@ struct sharedkey { string_t *id; bits_t *key; LIST_ENTRY(sharedkey) list; + SLIST_ENTRY(sharedkey) used; + int verified; }; LIST_HEAD(, sharedkey) sharedkeys; +SLIST_HEAD(sharedkeyhits, sharedkey); static int configure(int, char **, struct params *, int); static int configure_stdin(struct params *, int argc, char **); @@ -146,7 +151,8 @@ static int do_printkey(int, char **); static int configure_params(int, const char *, const char *, struct params *); static void eliminate_cores(void); -static bits_t *getkey(const char *, struct keygen *, size_t); +static bits_t *getkey(const char *, struct keygen *, size_t, + struct sharedkeyhits *); static bits_t *getkey_storedkey(const char *, struct keygen *, size_t); static bits_t *getkey_randomkey(const char *, struct keygen *, size_t, int); #ifdef HAVE_ARGON2 @@ -429,7 +435,8 @@ getsubkey(int alg, bits_t *key, bits_t * } static bits_t * -getkey(const char *dev, struct keygen *kg, size_t len0) +getkey(const char *dev, struct keygen *kg, size_t len0, +struct sharedkeyhits *skh) { bits_t *ret = NULL; bits_t *tmp; @@ -502,9 +509,11 @@ getkey(const char *dev, struct keygen *k sk->id = string_dup(kg->kg_sharedid); sk->key = tmp; LIST_INSERT_HEAD(&sharedkeys, sk, list); + sk->verified = 0; } derive: if (kg->kg_sharedid) { + assert(sk != NULL); /* * tmp holds the master key, owned by the * struct sharedkey record; replace it by the @@ -517,6 +526,8 @@ derive: if (kg->kg_sharedid) { bits_free(ret); return NULL; } + if (skh) +SLIST_INSERT_HEAD(skh, sk, used); } if (ret) ret = bits_xor_d(tmp, ret); @@ -811,6 +822,12 @@ configure(int argc, char **argv, struct } for (;;) { + struct sharedkeyhits skh; + struct sharedkey *sk, *sk1; + int all_verified; + + SLIST_INIT(&skh); + fd = opendisk_werror(argv[0], cgdname, sizeof(cgdname)); if (fd == -1) return -1; @@ -818,7 +835,7 @@ configure(int argc, char **argv, struct if (p->key) bits_free(p->key); - p->key = getkey(argv[1], p->keygen, p->keylen); + p->key = getkey(argv[1], p->keygen, p->keylen, &skh); if (!p->key) goto bail_err; @@ -831,12 +848,33 @@ configure(int argc, char **argv, struct (void)unconfigure_fd(fd); goto bail_err; } - if (ret == 0) /* success */ + if (ret == 0) { /* success */ + SLIST_FOREACH(sk, &skh, used) +sk->verified = 1; break; + } (void)unconfigure_fd(fd); (void)prog_close(fd); + /* + * If the shared keys were all verified already, assume + * something is wrong with the disk and give up. If + * not, flush the cache of the ones that have not been + * verified in case we can try again with passphrase + * re-entry. + */ + all_verified = 1; + SLIST_FOREACH_SAFE(sk, &skh, used, sk1) { + all_verified &= sk->verified; + if (!sk->verified) { +LIST_REMOVE(sk, list); +free(sk); + } + } + if (all_verified) + loop = 0; + if (!loop) { warnx("verification failed permanently"); goto bail_err; @@ -1331,7 +1369,7 @@ generate_convert(struct params *p, int a
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Tue Aug 30 08:48:42 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.c Log Message: cgdconfig(8): Gracefully handle failed verification with shared keys. The first time each key is verified, if verification fails, we chuck the failed key and try again with passphrase re-entry. But if a key has already been verified, and verification fails, assume something is wrong with the disk and fail. To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:47 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c Log Message: cgdconfig(8): Handle -P/-S for shared keys with -G too. This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key. cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1 This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.56 src/sbin/cgdconfig/cgdconfig.8:1.57 --- src/sbin/cgdconfig/cgdconfig.8:1.56 Fri Aug 12 10:49:35 2022 +++ src/sbin/cgdconfig/cgdconfig.8 Fri Aug 12 10:49:47 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.56 2022/08/12 10:49:35 riastradh Exp $ +.\" $NetBSD: cgdconfig.8,v 1.57 2022/08/12 10:49:47 riastradh Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -144,7 +144,9 @@ With the .Fl S option for the .Fl g -action, specify a parameters file with a shared key to reuse for +or +.Fl G +actions, specify a parameters file with a shared key to reuse for deriving this one as a subkey. .It Fl p Read all passphrases from stdin rather than @@ -157,7 +159,9 @@ in question to be unconfigured rather th again. .It Fl S When generating a parameters file with -.Fl g , +.Fl g +or +.Fl G , arrange to use a subkey of a shared key. If .Fl P Ar paramsfile Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.57 src/sbin/cgdconfig/cgdconfig.c:1.58 --- src/sbin/cgdconfig/cgdconfig.c:1.57 Fri Aug 12 10:49:35 2022 +++ src/sbin/cgdconfig/cgdconfig.c Fri Aug 12 10:49:47 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.58 2022/08/12 10:49:47 riastradh Exp $"); #endif #ifdef HAVE_ARGON2 @@ -129,7 +129,8 @@ static int configure(int, char **, struc static int configure_stdin(struct params *, int argc, char **); static int generate(struct params *, int, char **, const char *, const char *); -static int generate_convert(struct params *, int, char **, const char *); +static int generate_convert(struct params *, int, char **, const char *, + const char *); static int unconfigure(int, char **, struct params *, int); static int do_all(const char *, int, char **, int (*)(int, char **, struct params *, int)); @@ -180,8 +181,8 @@ usage(void) "[paramsfile]\n", getprogname()); (void)fprintf(stderr, " %s -C [-enpv] [-f configfile]\n", getprogname()); - (void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] " - "[-o outfile] paramsfile\n", getprogname()); + (void)fprintf(stderr, " %s -G [-enpSv] [-i ivmeth] [-k kgmeth] " + "[-P paramsfile] [-o outfile] paramsfile\n", getprogname()); (void)fprintf(stderr, " %s -g [-Sv] [-i ivmeth] [-k kgmeth] " "[-P paramsfile] [-o outfile] alg [keylen]\n", getprogname()); (void)fprintf(stderr, " %s -l [-v[v]] [cgd]\n", getprogname()); @@ -350,15 +351,19 @@ main(int argc, char **argv) err(1, "init failed"); /* validate the consistency of the arguments */ - if (Pfile != NULL && action != ACTION_GENERATE) { - warnx("-P is only for use with -g action"); + if (Pfile != NULL && + action != ACTION_GENERATE && + action != ACTION_GENERATE_CONVERT) { + warnx("-P is only for use with -g/-G action"); usage(); } if (Pfile != NULL && !Sflag) { warnx("-P only makes sense with -S flag"); } - if (Sflag && action != ACTION_GENERATE) { - warnx("-S is only for use with -g action"); + if (Sflag && + action != ACTION_GENERATE && + action != ACTION_GENERATE_CONVERT) { + warnx("-S is only for use with -g/-G action"); usage(); } @@ -371,7 +376,7 @@ main(int argc, char **argv) case ACTION_GENERATE: return generate(p, argc, argv, outfile, Pfile); case ACTION_GENERATE_CONVERT: - return generate_convert(p, argc, argv, outfile); + return generate_convert(p, argc, argv, outfile, Pfile); case ACTION_CONFIGALL: return do_
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:47 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c Log Message: cgdconfig(8): Handle -P/-S for shared keys with -G too. This way you can convert an existing parameters file to one that is derived from a shared key, and derive other subkeys for other disks from the same shared key. cgdconfig -G -S -o /etc/cgd/wd0.shared /etc/cgd/wd0 cgdconfig -G -S -o /etc/cgd/wd1.shared \ -P /etc/cgd/wd0.shared /etc/cgd/wd1 This way, if you enter the same new password both times, wd0.shared and wd1.shared generate the same keys as wd0 and wd1, but only need one password entry with `cgdconfig -C'. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:35 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h Log Message: cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a parameters file that supports sharing its main key: cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum - Make another parameters file that uses the same shared main key but derives an independent subkey from it: cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256 To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.56 -r1.57 src/sbin/cgdconfig/cgdconfig.c cvs rdiff -u -r1.33 -r1.34 src/sbin/cgdconfig/params.c cvs rdiff -u -r1.13 -r1.14 src/sbin/cgdconfig/params.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.55 src/sbin/cgdconfig/cgdconfig.8:1.56 --- src/sbin/cgdconfig/cgdconfig.8:1.55 Fri Aug 12 10:49:17 2022 +++ src/sbin/cgdconfig/cgdconfig.8 Fri Aug 12 10:49:35 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.55 2022/08/12 10:49:17 riastradh Exp $ +.\" $NetBSD: cgdconfig.8,v 1.56 2022/08/12 10:49:35 riastradh Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -52,11 +52,12 @@ .Ar paramsfile .Nm .Fl g -.Op Fl v +.Op Fl Sv .Op Fl V Ar vmeth .Op Fl i Ar ivmeth .Op Fl k Ar kgmeth .Op Fl o Ar outfile +.Op Fl P Ar paramsfile .Ar alg .Op Ar keylen .Nm @@ -138,6 +139,13 @@ store it in If .Fl o is not given, any paramsfile content is written to standard output. +.It Fl P Ar paramsfile +With the +.Fl S +option for the +.Fl g +action, specify a parameters file with a shared key to reuse for +deriving this one as a subkey. .It Fl p Read all passphrases from stdin rather than .Pa /dev/tty . @@ -147,6 +155,15 @@ are prompted. If this flag is specified then verification errors will cause the device in question to be unconfigured rather than prompting for the passphrase again. +.It Fl S +When generating a parameters file with +.Fl g , +arrange to use a subkey of a shared key. +If +.Fl P Ar paramsfile +is also specified, reuse the shared key of +.Ar paramsfile ; +otherwise a new one will be generated. .It Fl s Read the key (nb: not the passphrase) from stdin. .It Fl T @@ -485,6 +502,19 @@ parameters file: new file's passphrase: .Ed .Pp +To create parameters files for three disks with subkeys derived from a +shared password-based key: +.Bd -literal + # cgdconfig -g -S -k argon2id -o /etc/cgd/wd0 -V gpt adiantum + # cgdconfig -g -S -P /etc/cgd/wd0 -o /etc/cgd/ld1 \e + -V disklabel aes-cbc 256 +.Ed +.Pp +Listing these in the same +.Pa /etc/cgd/cgd.conf +will allow you to enter a password once to decrypt both disks with +.Cm cgdconfig -C . +.Pp To configure a cgd that uses aes-cbc with a 192 bit key that it reads from stdin: .Bd -literal Index: src/sbin/cgdconfig/cgdconfig.c diff -u src/sbin/cgdconfig/cgdconfig.c:1.56 src/sbin/cgdconfig/cgdconfig.c:1.57 --- src/sbin/cgdconfig/cgdconfig.c:1.56 Fri Aug 12 10:49:17 2022 +++ src/sbin/cgdconfig/cgdconfig.c Fri Aug 12 10:49:35 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: cgdconfig.c,v 1.56 2022/08/12 10:49:17 riastradh Exp $ */ +/* $NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #ifndef lint __COPYRIGHT("@(#) Copyright (c) 2002, 2003\ The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: cgdconfig.c,v 1.56 2022/08/12 10:49:17 riastradh Exp $"); +__RCSID("$NetBSD: cgdconfig.c,v 1.57 2022/08/12 10:49:35 riastradh Exp $"); #endif #ifdef HAVE_ARGON2 @@ -100,6 +100,10 @@ enum action { int nflag = 0; +/* if Sflag is set, generate shared keys */ + +int Sflag = 0; + /* if pflag is set to PFLAG_STDIN read from stdin rather than getpass(3) */ #define PFLAG_GETPASS 0x01 @@ -123,7 +127,8 @@ LIST_HEAD(, sharedkey) sharedkeys; static int configure(int, char **, struct params *, int); static int configure_stdin(struct params *, int argc, char **); -static int generate(struct params *, int, char **, const char *); +static int generate(struct params *, int, char **, const char *, + const char *); static int generate_convert(struct params *, int, char **, const char *); static int unconfigure(int, char **, struct params *, int); static int do_all(const char *, int, char **, @@ -177,8 +182,8 @@ usage(void) getprogname()); (void)fprintf(stderr, " %s -G [-enpv] [-i ivmeth] [-k kgmeth] " "[-o outfile] paramsfile\n", getprogname()); - (void)fprintf(stderr, " %s -g [-v] [-i ivmeth] [-k kgmeth] " - "[-o outfile] alg [keylen]\n", getprogname()); + (void)fprintf(stderr, " %s -g [-Sv] [-i ivmeth] [-k
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: riastradh Date: Fri Aug 12 10:49:35 UTC 2022 Modified Files: src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c params.c params.h Log Message: cgdconfig(8): Add support for generating shared-key parameters files. Usage model: - Generate a parameters file that supports sharing its main key: cgdconfig -g -S -o /etc/cgd/wd0e -V gpt adiantum - Make another parameters file that uses the same shared main key but derives an independent subkey from it: cgdconfig -g -S -P /etc/cgd/wd0e -o /etc/cgd/ld1e \ -V disklabel aes-cbc 256 To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/sbin/cgdconfig/cgdconfig.8 cvs rdiff -u -r1.56 -r1.57 src/sbin/cgdconfig/cgdconfig.c cvs rdiff -u -r1.33 -r1.34 src/sbin/cgdconfig/params.c cvs rdiff -u -r1.13 -r1.14 src/sbin/cgdconfig/params.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Tue May 17 18:56:30 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Use the Makefile.inc from libargon2 (fixes the vax build that requires a compiler hack). To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.20 src/sbin/cgdconfig/Makefile:1.21 --- src/sbin/cgdconfig/Makefile:1.20 Mon May 16 10:57:44 2022 +++ src/sbin/cgdconfig/Makefile Tue May 17 14:56:29 2022 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.20 2022/05/16 14:57:44 christos Exp $ +# $NetBSD: Makefile,v 1.21 2022/05/17 18:56:29 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -20,18 +20,12 @@ DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBY} $ LDADD= -lutil -lcrypt -ly -ll .if ${MKARGON2} != "no" -ARGON2DIR= ${NETBSDSRCDIR}/external/apache2/argon2/dist/phc-winner-argon2 -CPPFLAGS+= -I${ARGON2DIR}/include -I${ARGON2DIR}/src/blake2 +SRCS+= argon2_utils.c CPPFLAGS+= -DHAVE_ARGON2 -.PATH.c: ${ARGON2DIR}/src ${ARGON2DIR}/src/blake2 -SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c -. if defined(CRUNCHEDPROG) -CPPFLAGS+= -DARGON2_NO_THREADS -. else -SRCS+= thread.c -DPADD+= ${LIBPTHREAD} -LDADD+= -lpthread -. endif +.if defined(CRUNCHEDPROG) +ARGON2_NO_THREADS=1 +.endif +.include "${NETBSDSRCDIR}/external/apache2/argon2/lib/libargon2/Makefile.inc" .endif .include
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Tue May 17 18:56:30 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Use the Makefile.inc from libargon2 (fixes the vax build that requires a compiler hack). To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sbin/cgdconfig
Please test it. In HEAD today, and last week, and for probably a long time back into the past, /sbin/cgdconfig has threads, and /rescue/cgdconfig does not. I don"t know when argon2 support was added, or how to use it, but if you do, it should be simple to create an cgd in vnd using one, and then attempt to access it using the other. Let us know the results. kre
Re: CVS commit: src/sbin/cgdconfig
On Mon, May 16, 2022 at 09:10:40AM +, Taylor R Campbell wrote: > Surely `disabling threads' just means cgdconfig can't take advantage > of parallelism to compute the same function in less time, not that > cgdconfig computes a different function or fails to compute the same > function, no? > My understanding is that argon2 gives different results for different values of P: $ echo test | argon2 testtest -i -p 18 Hash: 07d31bd489c4264bde42d32a2cb1cd6020964d9c5789ae96025c0111478e07b $ echo test | argon2 testtest -i -p 19 Hash: b02710381cfc4c943ce4bafc5ac28684a4878dedd01c5e25617e9424c87619a2 If the differences between P are preserved when compiled without pthreads, then please ignore my comment :/
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Mon May 16 14:57:44 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: make things behave just like before the libcrypt symbol renaming: The normal cgdconfig binary is built with threads and the crunched one in rescue without. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.19 src/sbin/cgdconfig/Makefile:1.20 --- src/sbin/cgdconfig/Makefile:1.19 Mon May 16 06:44:06 2022 +++ src/sbin/cgdconfig/Makefile Mon May 16 10:57:44 2022 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.19 2022/05/16 10:44:06 christos Exp $ +# $NetBSD: Makefile,v 1.20 2022/05/16 14:57:44 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -24,9 +24,14 @@ ARGON2DIR= ${NETBSDSRCDIR}/external/apac CPPFLAGS+= -I${ARGON2DIR}/include -I${ARGON2DIR}/src/blake2 CPPFLAGS+= -DHAVE_ARGON2 .PATH.c: ${ARGON2DIR}/src ${ARGON2DIR}/src/blake2 -SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c thread.c -DPADD+= ${LIBPTHREAD} -LDADD+= -lpthread +SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c +. if defined(CRUNCHEDPROG) +CPPFLAGS+= -DARGON2_NO_THREADS +. else +SRCS+= thread.c +DPADD+= ${LIBPTHREAD} +LDADD+= -lpthread +. endif .endif .include
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Mon May 16 14:57:44 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: make things behave just like before the libcrypt symbol renaming: The normal cgdconfig binary is built with threads and the crunched one in rescue without. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sbin/cgdconfig
Date:Mon, 16 May 2022 09:10:40 + From:Taylor R Campbell Message-ID: <20220516090946.a3c4660...@jupiter.mumble.net> | > Please re-enable threads. They influence the output hash | > so by disabling threads you stop people from being able | > to decrypt their disks. | | Surely `disabling threads' just means cgdconfig can't take advantage | of parallelism to compute the same function in less time, not that | cgdconfig computes a different function or fails to compute the same | function, no? I agree, the issue, whatever it was that nia saw, is far more likely caused by the namespace changes influencing just what functions are getting called, in an unintended way, than by anything related to threading. Can we have threads back the way they were last week? That is not race around adding -lpthread to every static link that exists, most likely breaking some size limits along the way. Then, once things build again, if there is a problem, we can debug it, rather than just guessing. kre
Re: CVS commit: src/sbin/cgdconfig
> On May 16, 2022, at 5:10 AM, Taylor R Campbell wrote: > >> Date: Mon, 16 May 2022 04:49:22 + >> From: nia >> >> On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: >>> Log Message: >>> Build argon2 inline so that crunched programs work. I also disabled threads >>> for now; we can put them back if needed. >> >> Please re-enable threads. They influence the output hash >> so by disabling threads you stop people from being able >> to decrypt their disks. > > Surely `disabling threads' just means cgdconfig can't take advantage > of parallelism to compute the same function in less time, not that > cgdconfig computes a different function or fails to compute the same > function, no? > > I agree threads should be re-enabled, but maybe it would be reasonable > to find a way to conditionalize this on crunchgen/rescue/whatever if > that gets in the way. > > Christos, can you write down the problems that led to making this > commit? The commit message doesn't explain any of what went wrong so > I don't even know what to look for when putting threads back. It is simple. You just take out the cpp define to disable and add thread.c to the list of files to be built and -lpthread. The reason I changed the build in cgdconfig from reaching out to libargon2 and using the pre-built library to explicitly building the necessary objects locally was that I did not want to teach rescue about libargon2. I just disabled threads in the process because it was the same way done in libcrypt. I didn't expect that this would produce different results. Rescue was not threaded before but now I had to add -lpthread for it to link. The whole thing is very weird. It all started with me protecting all the extra symbols that libargon2 exposed to libcrypt. This in turn made cgdconfig not link in rescue because it was missing argon2_hash which before it was resolving from libcrypt. Which means that the cgdconfig in rescue was built without threads before... What a mess. christos signature.asc Description: Message signed with OpenPGP
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Mon May 16 10:44:06 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Re-enable threads; apparently we get different results depending if we are threaded or not... This tastes like a bug. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.18 src/sbin/cgdconfig/Makefile:1.19 --- src/sbin/cgdconfig/Makefile:1.18 Sun May 15 15:53:27 2022 +++ src/sbin/cgdconfig/Makefile Mon May 16 06:44:06 2022 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.18 2022/05/15 19:53:27 christos Exp $ +# $NetBSD: Makefile,v 1.19 2022/05/16 10:44:06 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -22,9 +22,11 @@ LDADD= -lutil -lcrypt -ly -ll .if ${MKARGON2} != "no" ARGON2DIR= ${NETBSDSRCDIR}/external/apache2/argon2/dist/phc-winner-argon2 CPPFLAGS+= -I${ARGON2DIR}/include -I${ARGON2DIR}/src/blake2 -CPPFLAGS+= -DHAVE_ARGON2 -DARGON2_NO_THREADS +CPPFLAGS+= -DHAVE_ARGON2 .PATH.c: ${ARGON2DIR}/src ${ARGON2DIR}/src/blake2 -SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c +SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c thread.c +DPADD+= ${LIBPTHREAD} +LDADD+= -lpthread .endif .include
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Mon May 16 10:44:06 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Re-enable threads; apparently we get different results depending if we are threaded or not... This tastes like a bug. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sbin/cgdconfig
> Date: Mon, 16 May 2022 04:49:22 + > From: nia > > On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: > > Log Message: > > Build argon2 inline so that crunched programs work. I also disabled threads > > for now; we can put them back if needed. > > Please re-enable threads. They influence the output hash > so by disabling threads you stop people from being able > to decrypt their disks. Surely `disabling threads' just means cgdconfig can't take advantage of parallelism to compute the same function in less time, not that cgdconfig computes a different function or fails to compute the same function, no? I agree threads should be re-enabled, but maybe it would be reasonable to find a way to conditionalize this on crunchgen/rescue/whatever if that gets in the way. Christos, can you write down the problems that led to making this commit? The commit message doesn't explain any of what went wrong so I don't even know what to look for when putting threads back.
Re: CVS commit: src/sbin/cgdconfig
On Sun, May 15, 2022 at 03:53:27PM -0400, Christos Zoulas wrote: > Log Message: > Build argon2 inline so that crunched programs work. I also disabled threads > for now; we can put them back if needed. Please re-enable threads. They influence the output hash so by disabling threads you stop people from being able to decrypt their disks.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun May 15 19:53:27 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Build argon2 inline so that crunched programs work. I also disabled threads for now; we can put them back if needed. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.17 src/sbin/cgdconfig/Makefile:1.18 --- src/sbin/cgdconfig/Makefile:1.17 Sat Nov 27 21:01:30 2021 +++ src/sbin/cgdconfig/Makefile Sun May 15 15:53:27 2022 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.17 2021/11/28 02:01:30 christos Exp $ +# $NetBSD: Makefile,v 1.18 2022/05/15 19:53:27 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -12,10 +12,6 @@ SRCS+= cgdconfig.c \ params.c \ utils.c -.if ${MKARGON2} != "no" -SRCS+= argon2_utils.c -.endif - CPPFLAGS+= -I${.CURDIR} -I. -DYY_NO_INPUT YHEADER=1 @@ -24,15 +20,11 @@ DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBY} $ LDADD= -lutil -lcrypt -ly -ll .if ${MKARGON2} != "no" -ARGON2DIR= ${NETBSDSRCDIR}/external/apache2/argon2 -ARGON2OBJDIR!= cd ${ARGON2DIR}/lib/libargon2 && ${PRINTOBJDIR} -CPPFLAGS+= -I${NETBSDSRCDIR}/external/apache2/argon2/dist/phc-winner-argon2/include -CPPFLAGS+= -DHAVE_ARGON2 - -PROGDPLIBS+= argon2 ${ARGON2DIR}/lib/libargon2 - -LDADD+= -lpthread -DPADD+= ${LIBPTHREAD} +ARGON2DIR= ${NETBSDSRCDIR}/external/apache2/argon2/dist/phc-winner-argon2 +CPPFLAGS+= -I${ARGON2DIR}/include -I${ARGON2DIR}/src/blake2 +CPPFLAGS+= -DHAVE_ARGON2 -DARGON2_NO_THREADS +.PATH.c: ${ARGON2DIR}/src ${ARGON2DIR}/src/blake2 +SRCS+= argon2_utils.c argon2.c core.c encoding.c ref.c blake2b.c .endif .include
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun May 15 19:53:27 UTC 2022 Modified Files: src/sbin/cgdconfig: Makefile Log Message: Build argon2 inline so that crunched programs work. I also disabled threads for now; we can put them back if needed. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Sat Dec 4 15:03:58 UTC 2021 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: Use argon2id in examples To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/cgdconfig.8 diff -u src/sbin/cgdconfig/cgdconfig.8:1.51 src/sbin/cgdconfig/cgdconfig.8:1.52 --- src/sbin/cgdconfig/cgdconfig.8:1.51 Mon Nov 22 14:34:35 2021 +++ src/sbin/cgdconfig/cgdconfig.8 Sat Dec 4 15:03:58 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgdconfig.8,v 1.51 2021/11/22 14:34:35 nia Exp $ +.\" $NetBSD: cgdconfig.8,v 1.52 2021/12/04 15:03:58 nia Exp $ .\" .\" Copyright (c) 2002, The NetBSD Foundation, Inc. .\" All rights reserved. @@ -394,7 +394,7 @@ cgd configuration file. To set up and configure a cgd that uses adiantum, which takes a 256-bit key: .Bd -literal - # cgdconfig -g -o /etc/cgd/wd0e adiantum 256 + # cgdconfig -g -k argon2id -o /etc/cgd/wd0e adiantum 256 # cgdconfig cgd0 /dev/wd0e /dev/wd0e's passphrase: .Ed @@ -407,7 +407,7 @@ when we configure the first time to set Here is the sequence of commands that is recommended: .Bd -literal - # cgdconfig -g -o /etc/cgd/dk3 -V gpt adiantum + # cgdconfig -g -k argon2id -o /etc/cgd/dk3 -V gpt adiantum # cgdconfig -V re-enter cgd0 /dev/dk3 /dev/dk3's passphrase: re-enter device's passphrase:
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Sat Dec 4 15:03:58 UTC 2021 Modified Files: src/sbin/cgdconfig: cgdconfig.8 Log Message: cgdconfig.8: Use argon2id in examples To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/sbin/cgdconfig/cgdconfig.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sbin/cgdconfig
On Sun, Nov 28, 2021 at 07:42:55AM -0800, Jason Thorpe wrote: > > > > On Nov 27, 2021, at 6:01 PM, Christos Zoulas wrote: > > > > Module Name:src > > Committed By: christos > > Date: Sun Nov 28 02:01:30 UTC 2021 > > > > Modified Files: > > src/sbin/cgdconfig: Makefile > > > > Log Message: > > -lpthread to LDADD (fixes lint build) > > This change is wrong. The -pthread option to the compiler does more than > just add -lpthread to the link phase. Yeah, but the other changes are pretty much useless. Joerg
Re: CVS commit: src/sbin/cgdconfig
> On Nov 28, 2021, at 11:57 AM, Roland Illig wrote: > > Am 28.11.2021 um 17:37 schrieb Jason Thorpe: >>> On Nov 28, 2021, at 8:05 AM, Christos Zoulas >>> wrote: >>> >>> 1. which compilation flag should we add -pthread to? CFLAGS or >>> COPTS? What about c++? >> >> GCC defines some preprocessor macros in response to -pthread, so … >> CPPFLAGS? Perhaps a better choice is to have a USE_PTHREADS that >> individual program / library Makefiles can set to YES to cause the >> right magic to happen in bsd.sys.mk? > > I like the idea of USE_PTHREADS. > > The option -pthread is not specified by POSIX and the GCC manual doesn't > define which exact macros -pthread defines. Sure, Clang is compatible > with GCC, but PCC doesn't need to. I don't want to add support for 3 > different compilers to lint. Having all the magic hidden behind a simple > flag sounds easiest to me. > I agree! christos signature.asc Description: Message signed with OpenPGP
Re: CVS commit: src/sbin/cgdconfig
Am 28.11.2021 um 17:37 schrieb Jason Thorpe: On Nov 28, 2021, at 8:05 AM, Christos Zoulas wrote: 1. which compilation flag should we add -pthread to? CFLAGS or COPTS? What about c++? GCC defines some preprocessor macros in response to -pthread, so … CPPFLAGS? Perhaps a better choice is to have a USE_PTHREADS that individual program / library Makefiles can set to YES to cause the right magic to happen in bsd.sys.mk? I like the idea of USE_PTHREADS. The option -pthread is not specified by POSIX and the GCC manual doesn't define which exact macros -pthread defines. Sure, Clang is compatible with GCC, but PCC doesn't need to. I don't want to add support for 3 different compilers to lint. Having all the magic hidden behind a simple flag sounds easiest to me. Roland
Re: CVS commit: src/sbin/cgdconfig
> On Nov 28, 2021, at 8:05 AM, Christos Zoulas wrote: > > The change is correct; this is how it is done everywhere else in the tree. > You are right about -pthread doing more than adding -lpthread, but > in that case, the -pthread should be added to CFLAGS/COPTS etc, > not LDADD so that it is effective during the compilation phase too, > not just the link phase. When I made the change, I considered going > through the tree and adding -pthread to the CFLAGS/COPTS in the > Makefiles where -pthread is in LDADD, but I did not want to do a > half-assed job without thinking about it more: > > 1. which compilation flag should we add -pthread to? CFLAGS or > COPTS? What about c++? GCC defines some preprocessor macros in response to -pthread, so … CPPFLAGS? Perhaps a better choice is to have a USE_PTHREADS that individual program / library Makefiles can set to YES to cause the right magic to happen in bsd.sys.mk? > 2. do we remove the LDADD/DPADD pthread settings? I am thinking >perhaps not, it does not hurt, plus the DPADD will cause a rebuild >when libpthread changes. That could be hidden away by the above suggestion. -- thorpej
Re: CVS commit: src/sbin/cgdconfig
The change is correct; this is how it is done everywhere else in the tree. You are right about -pthread doing more than adding -lpthread, but in that case, the -pthread should be added to CFLAGS/COPTS etc, not LDADD so that it is effective during the compilation phase too, not just the link phase. When I made the change, I considered going through the tree and adding -pthread to the CFLAGS/COPTS in the Makefiles where -pthread is in LDADD, but I did not want to do a half-assed job without thinking about it more: 1. which compilation flag should we add -pthread to? CFLAGS or COPTS? What about c++? 2. do we remove the LDADD/DPADD pthread settings? I am thinking perhaps not, it does not hurt, plus the DPADD will cause a rebuild when libpthread changes. The libargon addition to cgdconfig broke lint building because lint h as not been taught about -pthread yet, and fixing it the way I fixed it, makes the lint build work again and is consistent with the rest of the tree. Best, christos > On Nov 28, 2021, at 10:42 AM, Jason Thorpe wrote: > > > >> On Nov 27, 2021, at 6:01 PM, Christos Zoulas wrote: >> >> Module Name: src >> Committed By:christos >> Date:Sun Nov 28 02:01:30 UTC 2021 >> >> Modified Files: >> src/sbin/cgdconfig: Makefile >> >> Log Message: >> -lpthread to LDADD (fixes lint build) > > This change is wrong. The -pthread option to the compiler does more than > just add -lpthread to the link phase. > > -- thorpej
Re: CVS commit: src/sbin/cgdconfig
> On Nov 27, 2021, at 6:01 PM, Christos Zoulas wrote: > > Module Name: src > Committed By: christos > Date: Sun Nov 28 02:01:30 UTC 2021 > > Modified Files: > src/sbin/cgdconfig: Makefile > > Log Message: > -lpthread to LDADD (fixes lint build) This change is wrong. The -pthread option to the compiler does more than just add -lpthread to the link phase. -- thorpej
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun Nov 28 02:01:30 UTC 2021 Modified Files: src/sbin/cgdconfig: Makefile Log Message: -lpthread to LDADD (fixes lint build) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/Makefile diff -u src/sbin/cgdconfig/Makefile:1.16 src/sbin/cgdconfig/Makefile:1.17 --- src/sbin/cgdconfig/Makefile:1.16 Mon Nov 22 09:34:35 2021 +++ src/sbin/cgdconfig/Makefile Sat Nov 27 21:01:30 2021 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.16 2021/11/22 14:34:35 nia Exp $ +# $NetBSD: Makefile,v 1.17 2021/11/28 02:01:30 christos Exp $ RUMPPRG=cgdconfig MAN= cgdconfig.8 @@ -31,7 +31,7 @@ CPPFLAGS+= -DHAVE_ARGON2 PROGDPLIBS+= argon2 ${ARGON2DIR}/lib/libargon2 -LDADD+= -pthread +LDADD+= -lpthread DPADD+= ${LIBPTHREAD} .endif
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: christos Date: Sun Nov 28 02:01:30 UTC 2021 Modified Files: src/sbin/cgdconfig: Makefile Log Message: -lpthread to LDADD (fixes lint build) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Mon Nov 22 16:04:03 UTC 2021 Modified Files: src/sbin/cgdconfig: pkcs5_pbkdf2.c Log Message: cgdconfig(8): add some console feedback when calculating the number of pkcs5_pbkdf2 iterations To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/pkcs5_pbkdf2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sbin/cgdconfig/pkcs5_pbkdf2.c diff -u src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.16 src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.17 --- src/sbin/cgdconfig/pkcs5_pbkdf2.c:1.16 Fri Jul 1 22:50:09 2016 +++ src/sbin/cgdconfig/pkcs5_pbkdf2.c Mon Nov 22 16:04:03 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: pkcs5_pbkdf2.c,v 1.16 2016/07/01 22:50:09 christos Exp $ */ +/* $NetBSD: pkcs5_pbkdf2.c,v 1.17 2021/11/22 16:04:03 nia Exp $ */ /*- * Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. @@ -46,13 +46,14 @@ #include #ifndef lint -__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.16 2016/07/01 22:50:09 christos Exp $"); +__RCSID("$NetBSD: pkcs5_pbkdf2.c,v 1.17 2021/11/22 16:04:03 nia Exp $"); #endif #include #include #include +#include #include #include #include @@ -189,6 +190,8 @@ pkcs5_pbkdf2_calibrate(size_t dkLen, int int t = 0; size_t ret, i; + fprintf(stderr, "pkcs5_pbkdf2: calibrating iterations..."); + for (i = 0; i < 5; i++) { /* * First we get a meaningfully long time by doubling the @@ -197,6 +200,7 @@ pkcs5_pbkdf2_calibrate(size_t dkLen, int */ for (c = 1;; c *= 2) { t = pkcs5_pbkdf2_time(dkLen, c); + fprintf(stderr, "."); if (t > CAL_TIME) break; } @@ -214,7 +218,9 @@ pkcs5_pbkdf2_calibrate(size_t dkLen, int /* if we are over 5% off, return an error */ if (abs(microseconds - t) > (microseconds / 20)) continue; + fprintf(stderr, " done\n"); return ret; } + fprintf(stderr, " failed\n"); return -1; }
CVS commit: src/sbin/cgdconfig
Module Name:src Committed By: nia Date: Mon Nov 22 16:04:03 UTC 2021 Modified Files: src/sbin/cgdconfig: pkcs5_pbkdf2.c Log Message: cgdconfig(8): add some console feedback when calculating the number of pkcs5_pbkdf2 iterations To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/sbin/cgdconfig/pkcs5_pbkdf2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/sbin/cgdconfig
On Sat, Dec 29, 2018 at 01:33:23PM +, Alexander Nasonov wrote: > Christoph Badura wrote: > > On Thu, Dec 27, 2018 at 10:41:55PM +, Alexander Nasonov wrote: > > > Perhaps the simplest change would be to pass an unresolved (original) > > > name when composing a paramsfile. E.g. > > > > > > /etc/cgd/NAME=mylabel > > > /etc/cgd/ROOT.e > > > > Alas, this will break existing installations that e.g. use /etc/cgd/dkNN > > when > > using NAME=label in fstab. > > You can't use the same dkNN in fstab and in cgd.conf because mount will > refuse to mount an encrypted partition. Hmm. Right. > I think it will only break setups that use NAME=label in _cgd.conf_ and > don't specify a paramsfile. These setups are rare because NAME=label > syntax was documented only a couple of days ago ;-) Though, some people > may have figured it out before me. I think you are right. If it requires an explicit configuration change in cgd.conf we're good. --chris
Re: CVS commit: src/sbin/cgdconfig
Christoph Badura wrote: > On Thu, Dec 27, 2018 at 10:41:55PM +, Alexander Nasonov wrote: > > Perhaps the simplest change would be to pass an unresolved (original) > > name when composing a paramsfile. E.g. > > > > /etc/cgd/NAME=mylabel > > /etc/cgd/ROOT.e > > Alas, this will break existing installations that e.g. use /etc/cgd/dkNN when > using NAME=label in fstab. You can't use the same dkNN in fstab and in cgd.conf because mount will refuse to mount an encrypted partition. I think it will only break setups that use NAME=label in _cgd.conf_ and don't specify a paramsfile. These setups are rare because NAME=label syntax was documented only a couple of days ago ;-) Though, some people may have figured it out before me. > For compatibility it may be necessary to try the resolved named when the > unresolved form does not exist. > > I would prefer /etc/cgd/mylabel, btw. Yeah, I don't like /etc/cgd/NAME=mylabel either ;-) There are other considerations like handling weird labels like this one: NAME=../../../../etc/passwd Ok, lets keep the default as it is. Those who want a different name can always specify a paramsfile explicitly and choose their favourite naming convention. -- Alex
Re: CVS commit: src/sbin/cgdconfig
On Thu, Dec 27, 2018 at 10:41:55PM +, Alexander Nasonov wrote: > Perhaps the simplest change would be to pass an unresolved (original) > name when composing a paramsfile. E.g. > > /etc/cgd/NAME=mylabel > /etc/cgd/ROOT.e Alas, this will break existing installations that e.g. use /etc/cgd/dkNN when using NAME=label in fstab. For compatibility it may be necessary to try the resolved named when the unresolved form does not exist. I would prefer /etc/cgd/mylabel, btw. --chris
Re: CVS commit: src/sbin/cgdconfig
Christoph Badura wrote: > Using /etc/cgd/ROOT. has the advantage that the cgd will configure > if the root device changes name, thus upholding POLA. > > E.g. moving disks from a controller that attaches sd(4)s to one that > attaches ld(4)s. I believe you can see that when dd'ing an image from > SDcard to MMC on Pinebook. > > It seems to me that similar behaviour for NAME=label would be more useful > too. dk(4) attachments move around in practice. Yeah, I discovered it the hard way ;-) Perhaps the simplest change would be to pass an unresolved (original) name when composing a paramsfile. E.g. /etc/cgd/NAME=mylabel /etc/cgd/ROOT.e -- Alex
Re: CVS commit: src/sbin/cgdconfig
On Thu, Dec 27, 2018 at 09:53:44PM +, Alexander Nasonov wrote: > Alexander Nasonov wrote: > > XXX Default paramsfile for NAME=label is /etc/cgd/dkNN (resolved wedge > > partition) and /etc/cgd/ROOT. for ROOT.. This isn't yet > > documented. IMO, it should be the other way around: /etc/cgd/label > > for the former and /et/cgd/[root-device] for the latter. > > This is true for NetBSD-8 which doesn't support ROOT. prefix. > Both prefixes are resolved to real device names before composing > a default paramsfile in NetBSD-current. Using /etc/cgd/ROOT. has the advantage that the cgd will configure if the root device changes name, thus upholding POLA. E.g. moving disks from a controller that attaches sd(4)s to one that attaches ld(4)s. I believe you can see that when dd'ing an image from SDcard to MMC on Pinebook. It seems to me that similar behaviour for NAME=label would be more useful too. dk(4) attachments move around in practice. --chris
Re: CVS commit: src/sbin/cgdconfig
Alexander Nasonov wrote: > XXX Default paramsfile for NAME=label is /etc/cgd/dkNN (resolved wedge > partition) and /etc/cgd/ROOT. for ROOT.. This isn't yet > documented. IMO, it should be the other way around: /etc/cgd/label > for the former and /et/cgd/[root-device] for the latter. This is true for NetBSD-8 which doesn't support ROOT. prefix. Both prefixes are resolved to real device names before composing a default paramsfile in NetBSD-current. -- Alex
Re: CVS commit: src/sbin/cgdconfig
Robert Elz wrote: > Module Name: src > Committed By: kre > Date: Sat May 5 11:28:44 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.c > > Log Message: > Check whether the cgd device selected is available to be > configured,that is, not already in use, before requesting > passwords from the user (or elsewhere). Is now a good time to request pullup-8 for this change (with a follow-up fix) and a couple of other small changes? -- Alex
Re: CVS commit: src/sbin/cgdconfig
matthew green wrote: > "Alexander Nasonov" writes: > > XXX Using memset for wiping isn't a good idea because memset is likely > > optimised away by gcc. This should be revisited. > > use explicit_memset(3)? Yes, we should change memsets of sensitive buffers to explicit_memset but we also should inspect code for any missing memsets. -- Alex
re: CVS commit: src/sbin/cgdconfig
"Alexander Nasonov" writes: > Module Name: src > Committed By: alnsn > Date: Wed May 9 18:11:56 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.8 cgdconfig.c > > Log Message: > Add '-e' option (echo the passphrase) and wipe the passphrase after use. > > XXX Using memset for wiping isn't a good idea because memset is likely > optimised away by gcc. This should be revisited. use explicit_memset(3)? .mrg.
Re: CVS commit: src/sbin/cgdconfig
Date:Wed, 9 May 2018 08:59:55 +0100 From:Alexander Nasonov Message-ID: <20180509075955.GA7743@neva> | Adding (argc > 0) check before calling opendisk1 fixes the crash. Thanks - and I see what is wrong now, but (for whatever reason) that did not fail for me, I guess Xen DomU allows *0 to work (though it is strange that it would allow the opendisk(() to succeed. Never mind, that is clearly broken, thanks. I will fix it, but not quite that way I think. kre
Re: CVS commit: src/sbin/cgdconfig
Alexander Nasonov wrote: > (gdb) b opendisk1 > (gdb) run -p > Starting program: > /home/alnsn/netbsd-current/clean/src/sbin/cgdconfig/obj/cgdconfig -p > > Breakpoint 1, 0x7f7ff78111f6 in opendisk1 () from /lib/libutil.so.7 > (gdb) x/s $rdi > 0x0: # path=NULL Adding (argc > 0) check before calling opendisk1 fixes the crash. -- Alex
Re: CVS commit: src/sbin/cgdconfig
Robert Elz wrote: > Date:Tue, 8 May 2018 19:15:28 +0100 > From:Alexander Nasonov > Message-ID: <20180508180815.GA5990@neva> > > | I think it broke the tool. If you run > | > | cgdconfig -p > | > | it will crash. > > Sorry, I cannot reproduce this, it looks to work OK to me. > > Can you tell me exactly what command you gave and what > "it will crash" means (core dump? other failure? ??) (gdb) b opendisk1 (gdb) run -p Starting program: /home/alnsn/netbsd-current/clean/src/sbin/cgdconfig/obj/cgdconfig -p Breakpoint 1, 0x7f7ff78111f6 in opendisk1 () from /lib/libutil.so.7 (gdb) x/s $rdi 0x0: # path=NULL (gdb) c Program received signal SIGSEGV, Segmentation fault. 0x7f7ff7116880 in strchr () from /lib/libc.so.12 (gdb) bt #0 0x7f7ff7116880 in strchr () from /lib/libc.so.12 #1 0x7f7ff78110a8 in ?? () from /lib/libutil.so.7 #2 0x00202bc3 in configure () #3 0x002074d8 in main () (gdb) disassemble Dump of assembler code for function strchr: 0x7f7ff7116860 <+0>: movabs $0x101010101010101,%r8 0x7f7ff711686a <+10>:movzbq %sil,%rdx 0x7f7ff711686e <+14>:imul $0x80,%r8,%r9 0x7f7ff7116875 <+21>:imul %r8,%rdx 0x7f7ff7116879 <+25>:test $0x7,%dil 0x7f7ff711687d <+29>:jne0x7f7ff71168d5 0x7f7ff711687f <+31>:nop => 0x7f7ff7116880 <+32>:mov(%rdi),%rax (gdb) x $rdi 0x0:Cannot access memory at address 0x0 # presumably the path argument If I comment out the if block with opendisk1 inside: (gdb) run -p Starting program: /home/alnsn/netbsd-current/clean/src/sbin/cgdconfig/obj/cgdconfig -p cgdconfig: wrong number of args usage: cgdconfig [-nv] [-V vmeth] cgd dev [paramsfile] cgdconfig -C [-nv] [-f configfile] cgdconfig -G [-nv] [-i ivmeth] [-k kgmeth] [-o outfile] paramsfile cgdconfig -g [-nv] [-i ivmeth] [-k kgmeth] [-o outfile] alg [keylen] cgdconfig -l cgdconfig -s [-nv] [-i ivmeth] cgd dev alg [keylen] cgdconfig -U [-nv] [-f configfile] cgdconfig -u [-nv] cgd [Inferior 1 (process 26827) exited with code 01] -- Alex
Re: CVS commit: src/sbin/cgdconfig
Date:Tue, 8 May 2018 19:15:28 +0100 From:Alexander Nasonov Message-ID: <20180508180815.GA5990@neva> | I think it broke the tool. If you run | | cgdconfig -p | | it will crash. Sorry, I cannot reproduce this, it looks to work OK to me. Can you tell me exactly what command you gave and what "it will crash" means (core dump? other failure? ??) kre ps: I also cannot see any way that the (really quote tiny, if you ignore the rump related botch I made) change could have almost any effect at all - it just adds a quick test that the cgd is not already in use before it begins (attempting to) configure.
Re: CVS commit: src/sbin/cgdconfig
Date:Tue, 8 May 2018 19:15:28 +0100 From:Alexander Nasonov Message-ID: <20180508180815.GA5990@neva> | I think it broke the tool. If you run | cgdconfig -p | it will crash. I shall take a look. kre
Re: CVS commit: src/sbin/cgdconfig
Robert Elz wrote: > Module Name: src > Committed By: kre > Date: Sat May 5 11:28:44 UTC 2018 > > Modified Files: > src/sbin/cgdconfig: cgdconfig.c > > Log Message: > Check whether the cgd device selected is available to be > configured,that is, not already in use, before requesting > passwords from the user (or elsewhere). I think it broke the tool. If you run cgdconfig -p it will crash. Alex