Date: Thu, 7 Sep 2006 20:13:11 +0200 From: Daniel Bond <db@danielbond.org> To: freebsd-stable@freebsd.org Subject: Patch for GBDE rc-script Message-ID: <20060907181311.GA25768@spearburn.danielbond.org>
next in thread | raw e-mail | index | archive | help
--TakKZr9L6Hm6aLOc
Content-Type: multipart/mixed; boundary="d6Gm4EdcadzBjdND"
Content-Disposition: inline
--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I just setup GBDE on my laptop, encrypting my 512M cf-card.
This works like a charm, but I felt the need to enchance the rc-script a
little to automatically mount the encrypted drive(s), if you have the
following in /etc/rc.conf:
* gbde_autoattach_all=3D"YES"
* gbde_devices=3D"device1 device2 .. etc"=20
So I added another option:
* gbde_mountpoint=3D"/private" to /etc/defaults/rc.conf=20
This option acts like a basedir for mounting the partition, IE. after runni=
ng
/etc/rc.d/gbde start, I get the following mount entry in the the mount-comm=
and
output:
/dev/ad1s1c.bde on /private/bde_ad1s1c (ufs, local, soft-updates)
Note: I also altered the output of which device is beeing attached, so that=
it
also specifies which lockfile it is using. The reason for this is that the
handbook example of "gbde init" uses /etc/gbde/ad4s1c as lockfile, while the
rc-script defaultly uses /etc/ad4s1c.lock. For a regular user this will cau=
se
great frustration, because while booting it will basicly just tell the user
that the password is wrong, not that the lockfile dosn't exist (debugging t=
he
rc-script to find out what was going on triggered me to start this
enchancement).=20
I'm not sure that the naming of my rc.conf variable is optimal (couldn't
think of a short/descriptive name for it), and the same with /mount/point/b=
de_<device>.
Also, I am not sure that the new script-logic takes care of everything that=
could go
wrong, so please review it carefully.
I hope this patch might be usefull for other users (maybee especially lapto=
p-users),
and if so, that it might be a part of the project :-)
If I mailed the wrong mailinglist, please let me know.
--=20
Med vennlig hilsen / Best regards,
------------------------------------------
Daniel Bond =20
PGP: C822C4BD =20
=20
------------------------------------------
--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="gbde.patch"
Content-Transfer-Encoding: quoted-printable
--- gbde.orig Thu Sep 7 20:03:46 2006
+++ gbde Thu Sep 7 20:01:46 2006
@@ -84,7 +84,7 @@
parent_=3D`ltr ${parent} '/' '_'`
eval "lock=3D\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"=
}"
if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then
- echo "Configuring Disk Encryption for ${parent}."
+ echo "Configuring Disk Encryption for ${parent}. (Lockfile: ${gbde_lock=
dir}/${parent_}.lock)"
=20
count=3D1
while [ ${count} -le ${gbde_attach_attempts} ]; do
@@ -94,6 +94,14 @@
gbde attach ${parent}
fi
if [ -e "/dev/${parent}.bde" ]; then
+ if [ -e ${gbde_mountpoint} ]; then
+ if [ ! -e "${gbde_mountpoint}/bde_${parent}" ]; then
+ mkdir -p "${gbde_mountpoint}/bde_${parent}"
+ fi
+ if fsck -p -t ffs "/dev/${parent}.bde" 1>/dev/null; then=20
+ mount /dev/${parent}.bde ${gbde_mountpoint}/bde_${parent}
+ fi
+ fi
break
fi
echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
--d6Gm4EdcadzBjdND--
--TakKZr9L6Hm6aLOc
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFFAGE3SOD4dcgixL0RAubUAJ41ace2kKB2FLIDjP1Go69XEWDcrwCgqTie
hsWjwNc43Tak1uSOx3EZ36I=
=mSvP
-----END PGP SIGNATURE-----
--TakKZr9L6Hm6aLOc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060907181311.GA25768>