Add support for initializing swap devices with random one-shot keys. Note

that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.

Sponsored by:	Teleplan AS

1 files changed, 54 insertions, 0 deletions

diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap
new file mode 100644
index 0000000..1c81d0b
--- /dev/null
+++ b/etc/rc.d/encswap
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: random
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde_swap"
+start_cmd="gbde_swap_attach"
+stop_cmd="gbde_swap_detach"
+
+gbde_swap_attach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+		device="${device%.bde}"
+		lockfile="/var/run/${device##*/}.lock"
+		gbde init "${device}" -L "${lockfile}" -P "${passphrase}" ||
+			return 1
+		gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" ||
+			return 1
+	done
+}
+
+gbde_swap_detach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		device="${device%.bde}"
+		gbde detach "${device}"
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"