When implementing a NAS system, it is typical for a ZFS pool to be created from a set of disks where all of the disks in that pool have a common passphrase/keyfile. When it comes time to replace disks or add disks to the pool, the use case is to get the passphrase/keyfile from the user, verify it is correct, then set it on the new disks. Currently, there is no way to verify a passphrase/keyfile without modifying the system, i.e. without calling 'attach' or 'setkey'. This report is for adding a 'verify' command so this use case can be implemented. A git pull request will be submitted to implement this.
Git pull request: https://github.com/freebsd/freebsd/pull/110
We have right now a 'dry-run' option in the attach method.
For reference, the dry run option was committed to head in the following commits: r332361 added the geli attach dry-run option in 12-CURRENT as "-n" flag. https://svnweb.freebsd.org/base?view=revision&revision=332361 r333438 changed the geli attach dry-run option in 12-CURRENT to "-C" flag. https://svnweb.freebsd.org/base?view=revision&revision=333438 r332522 merged the geli attach dry-run option to 11-STABLE as the "-n" flag. Note however that this MFH did NOT merge the corresponding changes to g_eli_ctl.c and geli.8. The end result of this is that the end user is not aware that the "-n" flag exists, and it does not work if you try to use it. On 11.2-RELEASE: # geli attach -n md0 geli: illegal option -- n https://svnweb.freebsd.org/base?view=revision&revision=332522 The 12-CURRENT change to the "-C" flag (r333438) has not been merged to 11-STABLE. None of the work to add the new geli attach dry-run flag has been merged to 10-STABLE, as there is not anticipated to be a 10.5-RELEASE. I have re-opened this bug to ask the question: will the new dry-run flag be merged to 11-STABLE in a working form as the "-C" flag?