zfs crypto discuss - Apr 2008 - [Bug 1195] New: ''zfs set keysource'' should fail with encryption=off

http://defect.opensolaris.org/bz/show_bug.cgi?id=1195

           Summary: ''zfs set keysource'' should fail with
encryption=off
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: minor
          Priority: P4
         Component: other
        AssignedTo: darrenm at opensolaris.org
        ReportedBy: hua.tang at sun.com
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


# zpool create tank /export/home/testfile
# zfs create -o encryption=off -o keyscope=dataset -o keysource=hex,prompt
tank/fs
# zfs set keysource=hex,file:///hex_key_file tank/fs
# echo $?
0
#

I think in this case keysource should be set to ''-'' during
creation and can''t
be set by ''zfs set''.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=1195


ajscarp at yahoo.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|darrenm at opensolaris.org     |ajscarp at yahoo.com
             Status|NEW                         |CLOSED
         Resolution|                            |INVALID




--- Comment #1 from ajscarp at yahoo.com  2008-04-14 21:25:58 ---
This is not a bug..

The keysource and keyscope can be set for the purposes of inheritance for
dataset''s below tank/fs.  tank/fs will not use these properties unless
encryption is turned on.

If you were to type  "zfs create -o encryption=on tank/fs/enc".  It
would
succeed, because tank/fs/enc will inherit the keysource and keyscope from
tank/fs.  If tank/fs/enc were given a keysource or keyscope, it would override
the inheritance from tank/fs


"zfs set" is allowed to change the keysource''s locator, but
not the format.
Changing it to ''raw'' or ''passphrase'' would
have been a failure..

Changing the locator allows the user to change the filename or method (prompt
<-> file), but it''s up to the user to make sure they are using
the same key, as
it''s not a formal key change, just a change in location of the same key

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.