Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 48781 Details for
Bug 78420
Request for inclusion: encrypted swap init script. (dm-crypt)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
The init script
cryptoswap (text/plain), 3.11 KB, created by
Gilles Schintgen
on 2005-01-17 13:52:09 UTC
(
hide
)
Description:
The init script
Filename:
MIME Type:
Creator:
Gilles Schintgen
Created:
2005-01-17 13:52:09 UTC
Size:
3.11 KB
patch
obsolete
>#!/sbin/runscript > ># cryptoswap 0.04 ># ># This initscript uses the Device-Mapper and Crypto API of Linux >=2.6.4 ># to create encrypted swap devices. Configuration is done in ># /etc/conf.d/cryptoswap. > ># USING CRYPTOSWAP ># 1. Make sure your kernel is compiled with device-mapper and ># some cryptographic algorithms. Easiest is to compile them into ># the kernel. You also need sys-libs/device-mapper. ># 2. Turn off swapping for all your swap partitions ># e.g. swapoff /dev/hdb2 ># 3. Remove all swap partitions from your /etc/fstab ># 4. Overwrite all swap partitions with random data from /dev/urandom ># dd if=/dev/urandom of=/dev/hdb2 bs=1M ># 5. Configure cryptoswap (/etc/conf.d/cryptoswap) ># 6. rc-update add cryptoswap boot ># 7. /etc/init.d/cryptoswap start > > >CIPHER=${CIPHER:-aes} >KEYSIZE=${KEYSIZE:-32} >DMSETUP=/sbin/dmsetup >CONF=/etc/conf.d/cryptoswap > >depend() { > after urandom modules >} > ># $1 = block device (e.g. /dev/hda2) >isswap () { > PART=`fdisk -l | grep "^$1 "` > [[ $PART == *Linux\ swap* ]] >} > >cipheravailable() { > modprobe $1 &> /dev/null > # remove "mode" (e.g. plain, cbc, cbc-essiv-sha256) > grep "name *: *${1%%-*}" /proc/crypto >& /dev/null >} > >start() { > if ! [ -r "$CONF" ] ; then > eerror "ERROR: Configuration file $CONF does not exist" > eerror " or cannot be read." > exit 1 > fi > if ! [ -x $DMSETUP ] ; then > eerror "ERROR: The $DMSETUP executable cannot be found." > eerror " Please emerge sys-libs/device-mapper." > exit 2 > fi > einfo "Setting up encrypted swap" > NBR=0 > grep '^swap=' $CONF | while read SWAPLINE > do > swap="" pri="" cipher="" keysize="" > eval $SWAPLINE > ebegin " Setting up $swap as /dev/mapper/cryptoswap$NBR" > cipher=${cipher:-$CIPHER} > keysize=${keysize:-$KEYSIZE} > if ! cipheravailable "$cipher"; then > eerror "ERROR: The specified cipher $cipher is not available." > eend 1 > continue > fi > if ! isswap "$swap"; then > ewarn "WARNING: $swap is not a swap partition. Skipping." > eend 1 > continue > fi > if [[ ! -z "$pri" && $pri -ge 0 ]] > then OPTS="-p $pri"; > else OPTS=""; > fi > # make sure swap is turned off for $swap > swapoff $swap &> /dev/null > BLOCKS=`blockdev --getsize $swap` > HEXDIGITS=$(($keysize * 2)) > KEY=`tr -cd 0-9a-f < /dev/urandom | head -c $HEXDIGITS` > echo 0 $BLOCKS crypt $cipher $KEY 0 $swap 0 \ > | $DMSETUP create cryptoswap$NBR > mkswap /dev/mapper/cryptoswap$NBR > /dev/null > swapon $OPTS /dev/mapper/cryptoswap$NBR > eend $? > let ++NBR > done > if ! swapon -s | grep "/dev/mapper/cryptoswap" > /dev/null > then > eerror "ERROR: No encrypted swap devices were created!" > eerror " Please edit $CONF." > exit 3 > fi >} > >stop() { > einfo "Turning off encrypted swap" > # It's possible that the configuration file has changed. > # Therefore the configuration file is ignored and we simply > # remove all cryptoswap* mappings. > MAPPINGS=`ls /dev/mapper/cryptoswap* 2> /dev/null` > if [ -z "$MAPPINGS" ]; then > ewarn "WARNING: No cryptoswap mapping found." > exit 0 > fi > for m in /dev/mapper/cryptoswap*; do > MAPDEV=${m#/dev/mapper/} > ebegin " removing $m" > swapoff $m > $DMSETUP remove $MAPDEV > eend $? > done >} > >status () { > swapon -s >} >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=48781">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 78420
: 48781 |
48782
