Site Navigation

Date:      Sun, 11 Jul 2004 13:52:38 +0200
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        freebsd-rc@FreeBSD.org
Subject:   Enhancement to gbde rc.d script (try 2)
Message-ID:  <20040711115238.GB753@zaphod.nitro.dk>

---

next in thread | raw e-mail | index | archive | help

---

--ABTtc+pdwF7KHXCz
Content-Type: multipart/mixed; boundary="IiVenqGWf+H9Y6IX"
Content-Disposition: inline


--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hey

I posted this patch in January without getting much response so I'm
trying again with an updated version which works with recent
-CURRENT's.

The functionality is the same as the last time... :

I have enhanced the gbde rc.d script a bit, so it asks the user X
times (normally 3) for the pass-phrase.  I have also added support for
having the lockfiles in another other directories than /etc.  Both
features are documented, and the existing feature of specifying the
exact filename of a lockfile is also documented in this patch.

Could someone commit or approve this ?

Thanks.

--=20
Simon L. Nielsen
FreeBSD Documentation Team

--IiVenqGWf+H9Y6IX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="gbde-rc.d.2.patch"
Content-Transfer-Encoding: quoted-printable

Index: etc/rc.d/gbde
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/etc/rc.d/gbde,v
retrieving revision 1.4
diff -u -d -r1.4 gbde
--- etc/rc.d/gbde	8 Mar 2004 12:25:05 -0000	1.4
+++ etc/rc.d/gbde	11 Jul 2004 10:41:40 -0000
@@ -81,10 +81,20 @@
 	for device in $gbde_devices; do
 		parentdev=3D${device%.bde}
 		parent=3D${parentdev#/dev/}
-		eval "lock=3D\${gbde_lock_${parent}-\"/etc/${parent}.lock\"}"
-		if [ -e $lock ]; then
+		eval "lock=3D\${gbde_lock_${parent}-\"${gbde_lockdir}/${parent}.lock\"}"
+		if [ -e "${lock}" -a ! -e "${device}" ]; then
 			echo "Configuring Disk Encryption for ${device}."
-			gbde attach ${parentdev} -l ${lock}
+
+			count=3D1
+			while [ ${count} -le ${gbde_attach_attempts} ]; do
+				gbde attach ${parentdev} -l ${lock}
+				if [ -e ${device} ]; then
+					break
+				fi
+				echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
+				count=3D$((${count} + 1))
+			done
+
 		fi
 	done
 }
Index: etc/defaults/rc.conf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.210
diff -u -d -r1.210 rc.conf
--- etc/defaults/rc.conf	30 Jun 2004 15:58:46 -0000	1.210
+++ etc/defaults/rc.conf	3 Jul 2004 11:00:23 -0000
@@ -50,6 +50,8 @@
 # Experimental - test before enabling
 gbde_autoattach_all=3D"NO" # YES automatically mounts gbde devices from fs=
tab
 gbde_devices=3D"NO" 	# Devices to automatically attach (list, or AUTO)
+gbde_attach_attempts=3D"3" # Number of times to attempt attaching gbde dev=
ices.
+gbde_lockdir=3D"/etc"	# Where to look for gbde lockfiles.
 gbde_swap_enable=3D"NO"	# Set to YES to automatically initialize gbde swap
 			# devices listed in fstab with a random one-shot key
=20
Index: share/man/man5/rc.conf.5
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v
retrieving revision 1.220
diff -u -d -r1.220 rc.conf.5
--- share/man/man5/rc.conf.5	3 Jul 2004 18:29:23 -0000	1.220
+++ share/man/man5/rc.conf.5	11 Jul 2004 11:44:39 -0000
@@ -1069,6 +1069,31 @@
 List the devices that the script should try to attach,
 or
 .Dq Li AUTO .
+.It Va gbde_lockdir
+.Pq Vt str
+The directory where the
+.Xr gbde 4
+lockfiles are located.
+The default lockfile directory is
+.Pa /etc .
+.Pp
+The lockfile for each individual
+.Xr gbde 4
+device can be overridden by setting the variable
+.Va gbde_lock_ Ns Aq Ar device ,
+where
+.Ar device
+is the encrypted device without the
+.Dq Pa /dev/
+and
+.Dq Pa .bde
+parts.
+.It Va gbde_attach_attempts
+.Pq Vt int
+Number of times to attempt attaching to a
+.Xr gbde 4
+device, i.e. how many times the user is asked for the pass-phrase.
+Default is 3.
 .It Va gbde_swap_enable
 .Pq Vt bool
 If set to

--IiVenqGWf+H9Y6IX--

--ABTtc+pdwF7KHXCz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFA8SoGh9pcDSc1mlERAvFFAJ9ZpMuO1JwMTseBteEGUf3zQ+CLcgCdFCig
KChwp8kQfoEwWiJ6itBu6zw=
=90Ea
-----END PGP SIGNATURE-----

--ABTtc+pdwF7KHXCz--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040711115238.GB753>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact