I've cooked up some enhancements to Matthew Kennedy's crypto-loop start-up script. I've made it easy to set-up encrypted swap-space with just one setting in the config /etc/conf.d/crypto-loop file (also updated). It uses a one-time key pulled from /dev/random to do the setup and then does mkswap to make it viable swap-space. It doesn't automatically turn it on, however, I think that is better left to /etc/fstab and localmount. I also added a stop function to /etc/init.d/crypto-loop that detects if a loopback device is mounted or being used for swapping and attempts to unmount or swapoff before unlinking the loopback. I've tested it as much as I can on my system and it appears to work fine. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 11151 [details] new /etc/conf.d/crypto-loop
Created attachment 11152 [details] new /etc/init.d/crypto-loop
Created attachment 11153 [details] new /etc/conf.d/crypto-loop whoops, I definitely need to comment out my setup
Hi azarah I have sys-apps/baselayout-1.8.6.7 and a quite myterious problem with crypto-loop.. when I do a "check with /etc/init,d/crypto-loop ineed" nothing get's listed (I added it to the boot runlevel) when I take the same file and rename it to cryptoloop (removing first the old crypto-loop and adding cryptoloop) then the same command succeeds and lists the "needs" - when I then remove the file from the runlevel and add crypto-loop again to the runlevel the command fails - it's just a small idea but maybe the dash causes some problems? also, the dependency doesn't work at all - it doesn't get started before localmount - and even if I do "before *" then it get's started after localmount (but at least before alsa and this stuff) any hints are highly appriciated! also note, that crypto-loop get's loaded before keymaps - so non us-keyboard folks should find a warning somewhere that y and z might be changed.... not to mention all the other chars.... regards xor PS: I saw that now quite often - maybe I'm just foolish... but Reproducible: Always
this script will not work under 2.6, or util linux 2.12 or higher, however, there is really only a minor change to make it work with these. In 2.6, or util linux 2.12 or higher, the following command (or very close to it, you will have to pardon my bash :) ) will work (at least it does with everything I have used) hashalot {$passwordHash} | /sbin/loseup -e {$cipher}-cbc-{$keysize} {$loop} {$device}; Assuming we are all using chaning block ciphers. Which I think just about everyone is.
can someone please attach a patch that will work with at least baselayout-1.11.8 and util-linux-2.12i-r1 ?
re-open once someone has ...
