Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Jan 2003 21:04:51 -0700 (MST)
From:      "Geoffrey T. Falk" <gtf@cirp.org>
To:        current@freebsd.org
Subject:   Re: 5.0 without swap
Message-ID:  <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net>
In-Reply-To: <20030111210652.GA459@HAL9000.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
For encrypting swap, try this: 


--- etc/rc.d/Makefile   22 Dec 2002 22:25:53 -0000      1.10
+++ etc/rc.d/Makefile   12 Jan 2003 03:54:40 -0000
@@ -4,7 +4,7 @@
 .include <bsd.own.mk>
 
 FILES= DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \
-       apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \
+       apm apmd atm1 atm2.sh atm3.sh archdep bdeswap bgfsck bootparams ccd cleanvar \
        cleartmp cron devd devdb devfs diskless dmesg dumpon fsck inetd \
        initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat ipsec \
        ipxrouted isdnd kadmind kerberos keyserv ldconfig local \






######## etc/rc.d/bdeswap (new file):

#!/bin/sh
#
# /usr/src/etc/rc.d/bdeswap
#
# Copyright (c) 2003 by Geoffrey T. Falk <gtf@cirp.org>.
# All rights reserved.
#
# Prepare encrypted swap devices using GBDE
#
# Swap devices must be specified in /etc/fstab
# as the bde device. This script detects all such
# devices and configures them before they are
# activated. Device should be specified with "noauto"
# so that it is not picked up by swap1.
# fstab Example:
#/dev/ad0s1b.bde none swap sw,noauto 0 0

# PROVIDE: bdeswap
# REQUIRE: mountcritlocal
# BEFORE: sysctl
# KEYWORD: FreeBSD

. /etc/rc.subr

name="bdeswap"
start_cmd="bdeswap_start"
stop_cmd=":"

# Generate a random password
#
randpass() {
  dd if=/dev/random bs=128 count=1 | cat -v
}

bde_attach()
{
  DEV="$1"
  echo "Attaching encrypted swap device ${DEV}.bde"

  DEVBASE="`basename $DEV`"
  LOCK="/tmp/.gbde_lock.$DEVBASE"
  PASSWORD=`randpass`
  gbde init "$DEV" -P "$PASSWORD" -L "$LOCK"
  gbde attach "$DEV" -l "$LOCK" -p "$PASSWORD"
}

bdeswap_start()
{
        case ${bde_swap} in
        [Yy][Ee][Ss])
                # Gather raw device name for each BDE swap device
                grep '^/dev/\w*\.bde\W*none\W*swap' /etc/fstab | \
                awk -F. '{print $1}' | \
                while read DEV; do
                        bde_attach "$DEV"
                        swapon "$DEV".bde
                done
                ;;
        esac
}

load_rc_config $name
run_rc_command "$1"



###########

Geoffrey



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301120404.h0C44pnt002150>