diff options
author | pjd <pjd@FreeBSD.org> | 2005-08-14 18:02:22 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2005-08-14 18:02:22 +0000 |
commit | a2b7d697913d661fda3cdf89df1b40035f6c116a (patch) | |
tree | 85e2934f5d33797f65e52eef52a990ff180d2d5d /etc/rc.d/geli | |
parent | 4c42e011b4355b63d51ade3c0d027dde76715566 (diff) | |
download | FreeBSD-src-a2b7d697913d661fda3cdf89df1b40035f6c116a.zip FreeBSD-src-a2b7d697913d661fda3cdf89df1b40035f6c116a.tar.gz |
Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
Diffstat (limited to 'etc/rc.d/geli')
-rw-r--r-- | etc/rc.d/geli | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/etc/rc.d/geli b/etc/rc.d/geli new file mode 100644 index 0000000..913301a --- /dev/null +++ b/etc/rc.d/geli @@ -0,0 +1,98 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: initrandom +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli" +start_cmd="geli_start" +stop_cmd="geli_stop" + +geli_start() +{ + devices=`geli_make_list` + + # If there are no devices return before loading geom_eli.ko. + if [ -z "${devices}" ]; then + return + fi + + geli load >/dev/null 2>&1 + if ! kldstat -v | grep -q g_eli\$; then + err 1 'geom_eli module failed to load.' + fi + + if [ -z "${geli_tries}" ]; then + if [ -n "${geli_attach_attempts}" ]; then + # Compatibility with rc.d/gbde. + geli_tries=${geli_attach_attempts} + else + geli_tries=`${SYSCTL_N} kern.geom.eli.tries` + fi + fi + + for provider in ${devices}; do + provider_=`ltr ${provider} '/' '_'` + + eval "flags=\${geli_${provider_}_flags}" + if [ -z "${flags}" ]; then + flags=${geli_default_flags} + fi + if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then + echo "Configuring Disk Encryption for ${provider}." + count=1 + while [ ${count} -le ${geli_tries} ]; do + geli attach ${flags} ${provider} + if [ -e "/dev/${provider}.eli" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${geli_tries}." + count=$((count+1)) + done + fi + done +} + +geli_stop() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + if [ -e "/dev/${provider}.eli" ]; then + umount "/dev/${provider}.eli" 2>/dev/null + geli detach "${provider}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" |