diff options
author | des <des@FreeBSD.org> | 2004-02-03 11:26:08 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-02-03 11:26:08 +0000 |
commit | b48c64494255c2a975b3cfa00369aaf6bd6f28e7 (patch) | |
tree | cb66d62f409201d26f2df2bd5a436a1b77cfbe52 /etc | |
parent | 69ab9ceec06f8c8729d512c71d4112ba47ebe594 (diff) | |
download | FreeBSD-src-b48c64494255c2a975b3cfa00369aaf6bd6f28e7.zip FreeBSD-src-b48c64494255c2a975b3cfa00369aaf6bd6f28e7.tar.gz |
Add support for initializing swap devices with random one-shot keys. Note
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 2 | ||||
-rwxr-xr-x | etc/rc.d/Makefile | 2 | ||||
-rw-r--r-- | etc/rc.d/encswap | 54 | ||||
-rw-r--r-- | etc/rc.d/gbde_swap | 54 |
4 files changed, 111 insertions, 1 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 9f5019a..e627fce 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -45,6 +45,8 @@ rc_conf_files="/etc/rc.conf /etc/rc.conf.local" # Experimental - test before enabling gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab gbde_devices="NO" # Devices to automatically attach (list, or AUTO) +gbde_swap_enable="NO" # Set to YES to automatically initialize gbde swap + # devices listed in fstab with a random one-shot key fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. background_fsck="YES" # Attempt to run fsck in the background where possible. diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index c9c57ad..a3c83e5 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -12,7 +12,7 @@ FILES= DAEMON LOGIN NETWORKING SERVERS \ dmesg dumpon \ early.sh \ fsck \ - gbde \ + gbde gbde_swap \ hostname \ inetd initdiskless initrandom \ ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \ diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap new file mode 100644 index 0000000..1c81d0b --- /dev/null +++ b/etc/rc.d/encswap @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: random +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="gbde_swap" +start_cmd="gbde_swap_attach" +stop_cmd="gbde_swap_detach" + +gbde_swap_attach() +{ + cat /etc/fstab | + while read device mountpoint type options rest ; do + case "${device}:${type}:${options}" in + *.bde:swap:sw) + ;; + *) + continue + ;; + esac + passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` + device="${device%.bde}" + lockfile="/var/run/${device##*/}.lock" + gbde init "${device}" -L "${lockfile}" -P "${passphrase}" || + return 1 + gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" || + return 1 + done +} + +gbde_swap_detach() +{ + cat /etc/fstab | + while read device mountpoint type options rest ; do + case "${device}:${type}:${options}" in + *.bde:swap:sw) + ;; + *) + continue + ;; + esac + device="${device%.bde}" + gbde detach "${device}" + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gbde_swap b/etc/rc.d/gbde_swap new file mode 100644 index 0000000..1c81d0b --- /dev/null +++ b/etc/rc.d/gbde_swap @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: random +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="gbde_swap" +start_cmd="gbde_swap_attach" +stop_cmd="gbde_swap_detach" + +gbde_swap_attach() +{ + cat /etc/fstab | + while read device mountpoint type options rest ; do + case "${device}:${type}:${options}" in + *.bde:swap:sw) + ;; + *) + continue + ;; + esac + passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` + device="${device%.bde}" + lockfile="/var/run/${device##*/}.lock" + gbde init "${device}" -L "${lockfile}" -P "${passphrase}" || + return 1 + gbde attach "${device}" -l "${lockfile}" -p "${passphrase}" || + return 1 + done +} + +gbde_swap_detach() +{ + cat /etc/fstab | + while read device mountpoint type options rest ; do + case "${device}:${type}:${options}" in + *.bde:swap:sw) + ;; + *) + continue + ;; + esac + device="${device%.bde}" + gbde detach "${device}" + done +} + +load_rc_config $name +run_rc_command "$1" |