Hi, I just setup GBDE on my laptop, encrypting my 512M cf-card. This works like a charm, but I felt the need to enchance the rc-script a little to automatically mount the encrypted drive(s), if you have the following in /etc/rc.conf:
* gbde_autoattach_all="YES"
* gbde_devices="device1 device2 .. etc"
So I added another option:
* gbde_mountpoint="/private" to /etc/defaults/rc.conf
This option acts like a basedir for mounting the partition, IE. after running
/etc/rc.d/gbde start, I get the following mount entry in the the mount-command
output:
/dev/ad1s1c.bde on /private/bde_ad1s1c (ufs, local, soft-updates)
Note: I also altered the output of which device is beeing attached, so that it
also specifies which lockfile it is using. The reason for this is that the
handbook example of "gbde init" uses /etc/gbde/ad4s1c as lockfile, while the
rc-script defaultly uses /etc/ad4s1c.lock. For a regular user this will cause
great frustration, because while booting it will basicly just tell the user
that the password is wrong, not that the lockfile dosn't exist (debugging the
rc-script to find out what was going on triggered me to start this
enchancement).
I'm not sure that the naming of my rc.conf variable is optimal (couldn't
think of a short/descriptive name for it), and the same with
/mount/point/bde_<device>.
Also, I am not sure that the new script-logic takes care of everything that
could go
wrong, so please review it carefully.
I hope this patch might be usefull for other users (maybee especially
laptop-users),
and if so, that it might be a part of the project :-)
If I mailed the wrong mailinglist, please let me know.
--
Med vennlig hilsen / Best regards,
------------------------------------------
Daniel Bond
PGP: C822C4BD
------------------------------------------
--- gbde.orig Thu Sep 7 20:03:46 2006
+++ gbde Thu Sep 7 20:01:46 2006
@@ -84,7 +84,7 @@
parent_=`ltr ${parent} '/' '_'`
eval
"lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}"
if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then
- echo "Configuring Disk Encryption for ${parent}."
+ echo "Configuring Disk Encryption for ${parent}.
(Lockfile: ${gbde_lockdir}/${parent_}.lock)"
count=1
while [ ${count} -le ${gbde_attach_attempts} ]; do
@@ -94,6 +94,14 @@
gbde attach ${parent}
fi
if [ -e "/dev/${parent}.bde" ]; then
+ if [ -e ${gbde_mountpoint} ]; then
+ if [ ! -e
"${gbde_mountpoint}/bde_${parent}" ]; then
+ mkdir -p
"${gbde_mountpoint}/bde_${parent}"
+ fi
+ if fsck -p -t ffs
"/dev/${parent}.bde" 1>/dev/null; then
+ mount
/dev/${parent}.bde ${gbde_mountpoint}/bde_${parent}
+ fi
+ fi
break
fi
echo "Attach failed; attempt ${count} of
${gbde_attach_attempts}."
pgpsxFfB6sALU.pgp
Description: PGP signature
