Date: Sat, 11 Jan 2003 20:43:30 -0800 (PST) From: Doug Barton <DougB@FreeBSD.org> To: "Geoffrey T. Falk" <gtf@cirp.org> Cc: current@FreeBSD.org, "" <freebsd-rc@yahoogroups.com> Subject: Re: 5.0 without swap Message-ID: <20030111203903.U48804@2-234-22-23.pyvrag.nggov.pbz> In-Reply-To: <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net> References: <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is good stuff Geoffrey.... we may just "borrow" it. :) I know
you'ved saved me some work personally, as playing with gdbe is high on my
list of things to do.
Doug
On Sat, 11 Jan 2003, Geoffrey T. Falk wrote:
> For encrypting swap, try this:
>
>
> --- etc/rc.d/Makefile 22 Dec 2002 22:25:53 -0000 1.10
> +++ etc/rc.d/Makefile 12 Jan 2003 03:54:40 -0000
> @@ -4,7 +4,7 @@
> .include <bsd.own.mk>
>
> FILES= DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \
> - apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \
> + apm apmd atm1 atm2.sh atm3.sh archdep bdeswap bgfsck bootparams ccd cleanvar \
> cleartmp cron devd devdb devfs diskless dmesg dumpon fsck inetd \
> initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat ipsec \
> ipxrouted isdnd kadmind kerberos keyserv ldconfig local \
>
>
>
>
>
>
> ######## etc/rc.d/bdeswap (new file):
>
> #!/bin/sh
> #
> # /usr/src/etc/rc.d/bdeswap
> #
> # Copyright (c) 2003 by Geoffrey T. Falk <gtf@cirp.org>.
> # All rights reserved.
> #
> # Prepare encrypted swap devices using GBDE
> #
> # Swap devices must be specified in /etc/fstab
> # as the bde device. This script detects all such
> # devices and configures them before they are
> # activated. Device should be specified with "noauto"
> # so that it is not picked up by swap1.
> # fstab Example:
> #/dev/ad0s1b.bde none swap sw,noauto 0 0
>
> # PROVIDE: bdeswap
> # REQUIRE: mountcritlocal
> # BEFORE: sysctl
> # KEYWORD: FreeBSD
>
> . /etc/rc.subr
>
> name="bdeswap"
> start_cmd="bdeswap_start"
> stop_cmd=":"
>
> # Generate a random password
> #
> randpass() {
> dd if=/dev/random bs=128 count=1 | cat -v
> }
>
> bde_attach()
> {
> DEV="$1"
> echo "Attaching encrypted swap device ${DEV}.bde"
>
> DEVBASE="`basename $DEV`"
> LOCK="/tmp/.gbde_lock.$DEVBASE"
> PASSWORD=`randpass`
> gbde init "$DEV" -P "$PASSWORD" -L "$LOCK"
> gbde attach "$DEV" -l "$LOCK" -p "$PASSWORD"
> }
>
> bdeswap_start()
> {
> case ${bde_swap} in
> [Yy][Ee][Ss])
> # Gather raw device name for each BDE swap device
> grep '^/dev/\w*\.bde\W*none\W*swap' /etc/fstab | \
> awk -F. '{print $1}' | \
> while read DEV; do
> bde_attach "$DEV"
> swapon "$DEV".bde
> done
> ;;
> esac
> }
>
> load_rc_config $name
> run_rc_command "$1"
>
>
>
> ###########
>
> Geoffrey
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>
>
--
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030111203903.U48804>