From owner-freebsd-current  Sat Jan 11 20:43:38 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 56D8E37B401
	for <current@FreeBSD.org>; Sat, 11 Jan 2003 20:43:35 -0800 (PST)
Received: from 12-234-22-23.client.attbi.com (12-234-22-23.client.attbi.com [12.234.22.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A09DC43E4A
	for <current@FreeBSD.org>; Sat, 11 Jan 2003 20:43:34 -0800 (PST)
	(envelope-from DougB@FreeBSD.org)
Received: from 12-234-22-23.client.attbi.com (d4ytcri2croip8nm@localhost [127.0.0.1])
	by 12-234-22-23.client.attbi.com (8.12.6/8.12.6) with ESMTP id h0C4hVjC048879;
	Sat, 11 Jan 2003 20:43:32 -0800 (PST)
	(envelope-from DougB@FreeBSD.org)
Received: from localhost (doug@localhost)
	by 12-234-22-23.client.attbi.com (8.12.6/8.12.6/Submit) with ESMTP id h0C4hUUO048876;
	Sat, 11 Jan 2003 20:43:31 -0800 (PST)
	(envelope-from DougB@FreeBSD.org)
Date: Sat, 11 Jan 2003 20:43:30 -0800 (PST)
From: Doug Barton <DougB@FreeBSD.org>
To: "Geoffrey T. Falk" <gtf@cirp.org>
Cc: current@FreeBSD.org, "" <freebsd-rc@yahoogroups.com>
Subject: Re: 5.0 without swap
In-Reply-To: <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net>
Message-ID: <20030111203903.U48804@2-234-22-23.pyvrag.nggov.pbz>
References: <200301120404.h0C44pnt002150@h68-144-29-132.cg.shawcable.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

This is good stuff Geoffrey....  we may just "borrow" it. :) I know
you'ved saved me some work personally, as playing with gdbe is high on my
list of things to do.

Doug


On Sat, 11 Jan 2003, Geoffrey T. Falk wrote:

> For encrypting swap, try this:
>
>
> --- etc/rc.d/Makefile   22 Dec 2002 22:25:53 -0000      1.10
> +++ etc/rc.d/Makefile   12 Jan 2003 03:54:40 -0000
> @@ -4,7 +4,7 @@
>  .include <bsd.own.mk>
>
>  FILES= DAEMON LOGIN NETWORKING SERVERS abi accounting addswap adjkerntz amd \
> -       apm apmd atm1 atm2.sh atm3.sh archdep bgfsck bootparams ccd cleanvar \
> +       apm apmd atm1 atm2.sh atm3.sh archdep bdeswap bgfsck bootparams ccd cleanvar \
>         cleartmp cron devd devdb devfs diskless dmesg dumpon fsck inetd \
>         initdiskless initrandom ip6fw ipfilter ipfw ipmon ipnat ipsec \
>         ipxrouted isdnd kadmind kerberos keyserv ldconfig local \
>
>
>
>
>
>
> ######## etc/rc.d/bdeswap (new file):
>
> #!/bin/sh
> #
> # /usr/src/etc/rc.d/bdeswap
> #
> # Copyright (c) 2003 by Geoffrey T. Falk <gtf@cirp.org>.
> # All rights reserved.
> #
> # Prepare encrypted swap devices using GBDE
> #
> # Swap devices must be specified in /etc/fstab
> # as the bde device. This script detects all such
> # devices and configures them before they are
> # activated. Device should be specified with "noauto"
> # so that it is not picked up by swap1.
> # fstab Example:
> #/dev/ad0s1b.bde none swap sw,noauto 0 0
>
> # PROVIDE: bdeswap
> # REQUIRE: mountcritlocal
> # BEFORE: sysctl
> # KEYWORD: FreeBSD
>
> . /etc/rc.subr
>
> name="bdeswap"
> start_cmd="bdeswap_start"
> stop_cmd=":"
>
> # Generate a random password
> #
> randpass() {
>   dd if=/dev/random bs=128 count=1 | cat -v
> }
>
> bde_attach()
> {
>   DEV="$1"
>   echo "Attaching encrypted swap device ${DEV}.bde"
>
>   DEVBASE="`basename $DEV`"
>   LOCK="/tmp/.gbde_lock.$DEVBASE"
>   PASSWORD=`randpass`
>   gbde init "$DEV" -P "$PASSWORD" -L "$LOCK"
>   gbde attach "$DEV" -l "$LOCK" -p "$PASSWORD"
> }
>
> bdeswap_start()
> {
>         case ${bde_swap} in
>         [Yy][Ee][Ss])
>                 # Gather raw device name for each BDE swap device
>                 grep '^/dev/\w*\.bde\W*none\W*swap' /etc/fstab | \
>                 awk -F. '{print $1}' | \
>                 while read DEV; do
>                         bde_attach "$DEV"
>                         swapon "$DEV".bde
>                 done
>                 ;;
>         esac
> }
>
> load_rc_config $name
> run_rc_command "$1"
>
>
>
> ###########
>
> Geoffrey
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
>
>

-- 
   "We have known freedom's price. We have shown freedom's power.
      And in this great conflict, ...  we will see freedom's victory."
	- George W. Bush, President of the United States
          State of the Union, January 28, 2002

         Do YOU Yahoo!?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message