[OpenIndiana-discuss] recompiling a program for openindiana

Till Wegmüller toasterson at gmail.com
Mon Nov 20 08:36:15 UTC 2017 

You can use Lofi dev to encrypt the device below the filesystem Layer.
[1] [2] [3]

You can use a container Solution I.e A ZFS Volume that is encrypted with
lofidev and then has an UFS Partition inside. Somewhat like [2] but with
UFS rather than ZFS inside the Volume.

Or you could help review the Encryption code for upstreaming. It is
already written but in Process of upstreaming. I think it's [4] but you
will have to search from there further.

[1] https://blogs.oracle.com/darren/encrypting-zfs-pools-using-lofi-crypto
[2]
https://constantin.glez.de/2012/02/27/introducing-sparse-encrypted-zfs-pools/
[3] https://napp-it.org/extensions/encryption.html
[4] https://github.com/openzfs/openzfs/pull/124

---
Greetings
Till


On 20.11.2017 10:51, Marc Lobelle wrote:
> On 20/11/17 09:06, Peter Tribble wrote:
>> On Mon, Nov 20, 2017 at 9:02 AM, Marc Lobelle<marc.lobelle at uclouvain.be>
>> wrote:
>>
>>> Hello,
>>>
>>> I am trying to recompile a program called srm (available on
>>> sourceforge )
>>> for openindiana. It works as rm but makes sure that there is no trace of
>>> the destroyed file in the blocks of the free list.
>>> This program uses #if defined (__linux__) and  #if defined (__OpenBSD__)
>>> and I should replace this code with something appropriate for
>>> openindiana.
>>> __linux__ etc are predifines preprocessor macros, presented in
>>>
>>> https://sourceforge.net/p/predef/wiki/OperatingSystems/
>>>
>>> However, I do not see openindiana in there, so what should I use ?
>>>
>> Note that if you're using ZFS (which is the default file system on
>> OpenIndiana) then
>> the overwriting which srm does will have no effect - the copy-on-write
>> mechanism
>> that ZFS uses for data integrity ensures that the "overwrite" will go
>> to a
>> different,
>> unused, part of the device. Therefore, srm won't do any good.
> Hum, this means that bcrypt will not erase the original file after
> encrypying it either and the file must be decrypted to be used. How can
> I make sure that its contents cannot be recovered on zfs then ? (apart
> from writing the zfs encryption code that is missing in illumos zfs ; it
> will have to be done eventually but I'm looking for an interim solution).
> 
> Thanks
> 
> Marc
>>
> 
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list