From owner-freebsd-current Sat Jan 11 20: 5: 5 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5ACB337B401 for ; Sat, 11 Jan 2003 20:05:02 -0800 (PST) Received: from h68-144-29-132.cg.shawcable.net (h68-144-29-132.cg.shawcable.net [68.144.29.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7927D43F6D for ; Sat, 11 Jan 2003 20:05:01 -0800 (PST) (envelope-from gtf@cirp.org) Received: from cirp.org (localhost [127.0.0.1]) by h68-144-29-132.cg.shawcable.net (8.12.6/8.11.3) with ESMTP id h0C44pnt002150 for ; Sat, 11 Jan 2003 21:04:53 -0700 (MST) (envelope-from gtf@cirp.org) Message-Id: <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net> Date: Sat, 11 Jan 2003 21:04:51 -0700 (MST) From: "Geoffrey T. Falk" Subject: Re: 5.0 without swap To: current@freebsd.org In-Reply-To: <20030111210652.GA459@HAL9000.homeunix.com> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG For encrypting swap, try this: --- etc/rc.d/Makefile 22 Dec 2002 22:25:53 -0000 1.10 +++ etc/rc.d/Makefile 12 Jan 2003 03:54:40 -0000 @@ -4,7 +4,7 @@ .include FILES= DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \ - apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \ + apm apmd atm1 atm2.sh atm3.sh archdep bdeswap bgfsck bootparams ccd cleanvar \ cleartmp cron devd devdb devfs diskless dmesg dumpon fsck inetd \ initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat ipsec \ ipxrouted isdnd kadmind kerberos keyserv ldconfig local \ ######## etc/rc.d/bdeswap (new file): #!/bin/sh # # /usr/src/etc/rc.d/bdeswap # # Copyright (c) 2003 by Geoffrey T. Falk . # All rights reserved. # # Prepare encrypted swap devices using GBDE # # Swap devices must be specified in /etc/fstab # as the bde device. This script detects all such # devices and configures them before they are # activated. Device should be specified with "noauto" # so that it is not picked up by swap1. # fstab Example: #/dev/ad0s1b.bde none swap sw,noauto 0 0 # PROVIDE: bdeswap # REQUIRE: mountcritlocal # BEFORE: sysctl # KEYWORD: FreeBSD . /etc/rc.subr name="bdeswap" start_cmd="bdeswap_start" stop_cmd=":" # Generate a random password # randpass() { dd if=/dev/random bs=128 count=1 | cat -v } bde_attach() { DEV="$1" echo "Attaching encrypted swap device ${DEV}.bde" DEVBASE="`basename $DEV`" LOCK="/tmp/.gbde_lock.$DEVBASE" PASSWORD=`randpass` gbde init "$DEV" -P "$PASSWORD" -L "$LOCK" gbde attach "$DEV" -l "$LOCK" -p "$PASSWORD" } bdeswap_start() { case ${bde_swap} in [Yy][Ee][Ss]) # Gather raw device name for each BDE swap device grep '^/dev/\w*\.bde\W*none\W*swap' /etc/fstab | \ awk -F. '{print $1}' | \ while read DEV; do bde_attach "$DEV" swapon "$DEV".bde done ;; esac } load_rc_config $name run_rc_command "$1" ########### Geoffrey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message