Attachment #70373 for bug #102700

View | Details | Raw Unified | Return to bug 102700
Collapse All | Expand All

Lines 7-12 Link Here

(-)rc.d/gbde (-14 / +39 lines)
7	#	7	#
8		8
9	# PROVIDE: disks	9	# PROVIDE: disks
		10	# REQUIRE: initrandom
10	# KEYWORD: nojail	11	# KEYWORD: nojail
11		12
12	. /etc/rc.subr	13	. /etc/rc.subr
Lines 19-28 Link Here
19		20
20	find_gbde_devices()	21	find_gbde_devices()
21	{	22	{
22	case "${gbde_devices-auto}" in	23	case "${gbde_devices:-enctmp}" in
23	[Aa][Uu][Tt][Oo])	24	[Aa][Uu][Tt][Oo])
24	gbde_devices=""	25	gbde_devices=""
25	;;	26	;;
		27	[Ee][Nn][Cc][Tt][Mm][Pp])
		28	gbde_devices="${gbde_enctmp_devices}"
		29	;;
26	*)	30	*)
27	return 0	31	return 0
28	;;	32	;;
Lines 82-105 Link Here
82	parent=${device%.bde}	86	parent=${device%.bde}
83	parent=${parent#/dev/}	87	parent=${parent#/dev/}
84	parent_=`ltr ${parent} '/' '_'`	88	parent_=`ltr ${parent} '/' '_'`
85	eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}"
86	if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then
87	echo "Configuring Disk Encryption for ${parent}."
88		89
89	count=1	90	istmp=0
90	while [ ${count} -le ${gbde_attach_attempts} ]; do	91
91	if [ -e "${lock}" ]; then	92	if [ ! -z "${gbde_enctmp_devices}" ]; then
92	gbde attach ${parent} -l ${lock}	93	for dev in ${gbde_enctmp_devices}; do
93	else	94	if [ ${dev} = ${parent} ]; then
94	gbde attach ${parent}	95	istmp=1
95	fi
96	if [ -e "/dev/${parent}.bde" ]; then
97	break	96	break
98	fi	97	fi
99	echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
100	count=$((${count} + 1))
101	done	98	done
102	fi	99	fi
		100
		101	eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}"
		102	if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then
		103	if [ ${istmp} -eq 1 ]; then
		104	echo "Configuring Encrypted Temporary Space for ${parent}."
		105
		106	passphrase=`dd if=/dev/random count=1 2>/dev/null \| md5 -q`
		107	gbde init "${device}" -P "${passphrase}" \
		108	&& gbde attach "${device}" -p "${passphrase}" \
		109	&& newfs -U /dev/${device}.bde
		110	else
		111	echo "Configuring Disk Encryption for ${parent}."
		112
		113	count=1
		114	while [ ${count} -le ${gbde_attach_attempts} ]; do
		115	if [ -e "${lock}" ]; then
		116	gbde attach ${parent} -l ${lock}
		117	else
		118	gbde attach ${parent}
		119	fi
		120	if [ -e "/dev/${parent}.bde" ]; then
		121	break
		122	fi
		123	echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
		124	count=$((${count} + 1))
		125	done
		126	fi
		127	fi
103	done	128	done
104	}	129	}
105		130




#!/bin/sh
#
# Copyright (c) 2006 Shaun Amott <shaun@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 
# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#

# PROVIDE: gbde2
# REQUIRE: mountcritlocal
# KEYWORD: nojail
# BEFORE:  tmp

. /etc/rc.subr

name="gbde2"
start_cmd="gbde2_start"
stop_cmd=":"

gbde2_start()
{
	for provider in ${gbde_enctmp_devices}; do
		mountpoint=`awk "/^\/dev\/${provider}/ {print \\$2}" /etc/fstab`
		ismounted=`mount | awk "/^\/dev\/${provider}/ {print \\$3}"`
		if [ ! -z "${mountpoint}" -a "${mountpoint}" = "${ismounted}" ]; then
			chmod 1777 ${mountpoint}
		fi
	done
}

load_rc_config $name
run_rc_command "$1"




	for provider in ${devices}; do
		provider_=`ltr ${provider} '/' '_'`

		istmp=0

		if [ ! -z "${geli_enctmp_devices}" ]; then
			for prov in ${geli_enctmp_devices}; do
				if [ ${prov} = ${provider} ]; then
					istmp=1
					break
				fi
			done
		fi

		eval "flags=\${geli_${provider_}_flags}"
		if [ -z "${flags}" ]; then
			if [ ${istmp} -eq 1 ]; then
				flags=${geli_enctmp_flags}
			else
				flags=${geli_default_flags}
			fi
		fi
		if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
			if [ ${istmp} -eq 1 ]; then
				echo "Configuring Encrypted Temporary Space for ${provider}."
				geli onetime ${flags} ${provider}	\
				  && newfs -U /dev/${provider}.eli
			else
				echo "Configuring Disk Encryption for ${provider}."
				count=1
				while [ ${count} -le ${geli_tries} ]; do
					geli attach ${flags} ${provider}
					if [ -e "/dev/${provider}.eli" ]; then
						break
					fi
					echo "Attach failed; attempt ${count} of ${geli_tries}."
					count=$((count+1))
				done
			fi
		fi
	done
}




# PROVIDE: geli2
# REQUIRE: mountcritlocal
# KEYWORD: nojail
# BEFORE:  tmp

. /etc/rc.subr


	for provider in ${devices}; do
		provider_=`ltr ${provider} '/' '_'`

		istmp=0

		if [ ! -z "${geli_enctmp_devices}" ]; then
			for prov in ${geli_enctmp_devices}; do
				if [ ${prov} = ${provider} ]; then
					istmp=1
					break
				fi
			done
		fi

		if [ ${istmp} -eq 1 ]; then
			mountpoint=`awk "/^\/dev\/${provider}/ {print \\$2}" /etc/fstab`
			ismounted=`mount | awk "/^\/dev\/${provider}/ {print \\$3}"`
			if [ ! -z "${mountpoint}" -a "${mountpoint}" = "${ismounted}" ]; then
				chmod 1777 ${mountpoint}
			fi
		fi

		eval "autodetach=\${geli_${provider_}_autodetach}"
		if [ -z "${autodetach}" ]; then
			autodetach=${geli_autodetach}

Return to bug 102700

Lines 55-67 Link Here

(-)defaults/rc.conf (-1 / +5 lines)
55		55
56	# Experimental - test before enabling	56	# Experimental - test before enabling
57	gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab	57	gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
58	gbde_devices="NO" # Devices to automatically attach (list, or AUTO)	58	gbde_devices="ENCTMP" # Devices to automatically attach (list, or AUTO/ENCTMP)
		59	# Set to ENCTMP to auto-mount enctmp devices only
		60	gbde_enctmp_devices="" # Encrypted /tmp devices listed in /etc/fstab
59	gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices	61	gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
60	gbde_lockdir="/etc" # Where to look for gbde lockfiles	62	gbde_lockdir="/etc" # Where to look for gbde lockfiles
61		63
62	# GELI disk encryption configuration.	64	# GELI disk encryption configuration.
63	geli_devices="" # List of devices to automatically attach in addition to	65	geli_devices="" # List of devices to automatically attach in addition to
64	# GELI devices listed in /etc/fstab.	66	# GELI devices listed in /etc/fstab.
		67	geli_enctmp_devices="" # GELI encrypted /tmp devices listed in /etc/fstab
		68	geli_enctmp_flags="-e AES -l 256 -s 4096" # Encrypted /tmp flags
65	geli_tries="" # Number of times to attempt attaching geli device.	69	geli_tries="" # Number of times to attempt attaching geli device.
66	# If empty, kern.geom.eli.tries will be used.	70	# If empty, kern.geom.eli.tries will be used.
67	geli_default_flags="" # Default flags for geli(8).	71	geli_default_flags="" # Default flags for geli(8).

Added Link Here

(-)rc.d/gbde2 (+53 lines)
1	#!/bin/sh
2	#
3	# Copyright (c) 2006 Shaun Amott <shaun@FreeBSD.org>
4	# All rights reserved.
5	#
6	# Redistribution and use in source and binary forms, with or without
7	# modification, are permitted provided that the following conditions
8	# are met:
9	# 1. Redistributions of source code must retain the above copyright
10	# notice, this list of conditions and the following disclaimer.
11	# 2. Redistributions in binary form must reproduce the above copyright
12	# notice, this list of conditions and the following disclaimer in the
13	# documentation and/or other materials provided with the distribution.
14	#
15	# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
16	# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17	# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18	# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
19	# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20	# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21	# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22	# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23	# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24	# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25	# SUCH DAMAGE.
26	#
27	# $FreeBSD$
28	#
29
30	# PROVIDE: gbde2
31	# REQUIRE: mountcritlocal
32	# KEYWORD: nojail
33	# BEFORE: tmp
34
35	. /etc/rc.subr
36
37	name="gbde2"
38	start_cmd="gbde2_start"
39	stop_cmd=":"
40
41	gbde2_start()
42	{
43	for provider in ${gbde_enctmp_devices}; do
44	mountpoint=`awk "/^\/dev\/${provider}/ {print \\$2}" /etc/fstab`
45	ismounted=`mount \| awk "/^\/dev\/${provider}/ {print \\$3}"`
46	if [ ! -z "${mountpoint}" -a "${mountpoint}" = "${ismounted}" ]; then
47	chmod 1777 ${mountpoint}
48	fi
49	done
50	}
51
52	load_rc_config $name
53	run_rc_command "$1"

Lines 60-80 Link Here

(-)rc.d/geli (-11 / +32 lines)
60	for provider in ${devices}; do	60	for provider in ${devices}; do
61	provider_=`ltr ${provider} '/' '_'`	61	provider_=`ltr ${provider} '/' '_'`
62		62
		63	istmp=0
		64
		65	if [ ! -z "${geli_enctmp_devices}" ]; then
		66	for prov in ${geli_enctmp_devices}; do
		67	if [ ${prov} = ${provider} ]; then
		68	istmp=1
		69	break
		70	fi
		71	done
		72	fi
		73
63	eval "flags=\${geli_${provider_}_flags}"	74	eval "flags=\${geli_${provider_}_flags}"
64	if [ -z "${flags}" ]; then	75	if [ -z "${flags}" ]; then
65	flags=${geli_default_flags}	76	if [ ${istmp} -eq 1 ]; then
		77	flags=${geli_enctmp_flags}
		78	else
		79	flags=${geli_default_flags}
		80	fi
66	fi	81	fi
67	if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then	82	if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
68	echo "Configuring Disk Encryption for ${provider}."	83	if [ ${istmp} -eq 1 ]; then
69	count=1	84	echo "Configuring Encrypted Temporary Space for ${provider}."
70	while [ ${count} -le ${geli_tries} ]; do	85	geli onetime ${flags} ${provider} \
71	geli attach ${flags} ${provider}	86	&& newfs -U /dev/${provider}.eli
72	if [ -e "/dev/${provider}.eli" ]; then	87	else
73	break	88	echo "Configuring Disk Encryption for ${provider}."
74	fi	89	count=1
75	echo "Attach failed; attempt ${count} of ${geli_tries}."	90	while [ ${count} -le ${geli_tries} ]; do
76	count=$((count+1))	91	geli attach ${flags} ${provider}
77	done	92	if [ -e "/dev/${provider}.eli" ]; then
		93	break
		94	fi
		95	echo "Attach failed; attempt ${count} of ${geli_tries}."
		96	count=$((count+1))
		97	done
		98	fi
78	fi	99	fi
79	done	100	done
80	}	101	}

Lines 30-35 Link Here

(-)rc.d/geli2 (+20 lines)
30	# PROVIDE: geli2	30	# PROVIDE: geli2
31	# REQUIRE: mountcritlocal	31	# REQUIRE: mountcritlocal
32	# KEYWORD: nojail	32	# KEYWORD: nojail
		33	# BEFORE: tmp
33		34
34	. /etc/rc.subr	35	. /etc/rc.subr
35		36
Lines 44-49 Link Here
44	for provider in ${devices}; do	45	for provider in ${devices}; do
45	provider_=`ltr ${provider} '/' '_'`	46	provider_=`ltr ${provider} '/' '_'`
46		47
		48	istmp=0
		49
		50	if [ ! -z "${geli_enctmp_devices}" ]; then
		51	for prov in ${geli_enctmp_devices}; do
		52	if [ ${prov} = ${provider} ]; then
		53	istmp=1
		54	break
		55	fi
		56	done
		57	fi
		58
		59	if [ ${istmp} -eq 1 ]; then
		60	mountpoint=`awk "/^\/dev\/${provider}/ {print \\$2}" /etc/fstab`
		61	ismounted=`mount \| awk "/^\/dev\/${provider}/ {print \\$3}"`
		62	if [ ! -z "${mountpoint}" -a "${mountpoint}" = "${ismounted}" ]; then
		63	chmod 1777 ${mountpoint}
		64	fi
		65	fi
		66
47	eval "autodetach=\${geli_${provider_}_autodetach}"	67	eval "autodetach=\${geli_${provider_}_autodetach}"
48	if [ -z "${autodetach}" ]; then	68	if [ -z "${autodetach}" ]; then
49	autodetach=${geli_autodetach}	69	autodetach=${geli_autodetach}