Add support for initializing swap devices with random one-shot keys. Note

that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.

Sponsored by:	Teleplan AS

4 files changed, 111 insertions, 1 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 9f5019a..e627fce 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -45,6 +45,8 @@ rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
 # Experimental - test before enabling
 gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
 gbde_devices="NO" 	# Devices to automatically attach (list, or AUTO)
+gbde_swap_enable="NO"	# Set to YES to automatically initialize gbde swap
+			# devices listed in fstab with a random one-shot key
 
 fsck_y_enable="NO"	# Set to YES to do fsck -y if the initial preen fails.
 background_fsck="YES"	# Attempt to run fsck in the background where possible.
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
index c9c57ad..a3c83e5 100755
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@@ -12,7 +12,7 @@ FILES=	DAEMON LOGIN NETWORKING SERVERS \
 	dmesg dumpon \
 	early.sh \
 	fsck \
-	gbde \
+	gbde gbde_swap \
 	hostname \
 	inetd initdiskless initrandom \
 	ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \
diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap
new file mode 100644
index 0000000..1c81d0b
--- /dev/null
+++ b/etc/rc.d/encswap
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: random
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde_swap"
+start_cmd="gbde_swap_attach"
+stop_cmd="gbde_swap_detach"
+
+gbde_swap_attach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+		device="${device%.bde}"
+		lockfile="/var/run/${device##*/}.lock"
+		gbde init "${device}" -L "${lockfile}" -P "${passphrase}" ||
+			return 1
+		gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" ||
+			return 1
+	done
+}
+
+gbde_swap_detach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		device="${device%.bde}"
+		gbde detach "${device}"
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/gbde_swap b/etc/rc.d/gbde_swap
new file mode 100644
index 0000000..1c81d0b
--- /dev/null
+++ b/etc/rc.d/gbde_swap
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: random
+# KEYWORD: FreeBSD
+
+. /etc/rc.subr
+
+name="gbde_swap"
+start_cmd="gbde_swap_attach"
+stop_cmd="gbde_swap_detach"
+
+gbde_swap_attach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+		device="${device%.bde}"
+		lockfile="/var/run/${device##*/}.lock"
+		gbde init "${device}" -L "${lockfile}" -P "${passphrase}" ||
+			return 1
+		gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" ||
+			return 1
+	done
+}
+
+gbde_swap_detach()
+{
+	cat /etc/fstab |
+	while read device mountpoint type options rest ; do
+		case "${device}:${type}:${options}" in
+		*.bde:swap:sw)
+			;;
+		*)
+			continue
+			;;
+		esac
+		device="${device%.bde}"
+		gbde detach "${device}"
+	done
+}
+
+load_rc_config $name
+run_rc_command "$1"