On Saturday 21 October 2006 23:16, Jason Booth wrote: > On Saturday 21 October 2006 21:26, Richard Freeman wrote: > > Duncan wrote: > > > I'm not running encrypted swap tho I've always thought it'd be nice to > > > setup /someday/, so I can't help directly. > > > > I just run the following script from local.start. I forget where I > > found it online. Obviously change the swapdevice variable! > > > > Honestly, my guess is that it is overly paranoid. You could probably > > eliminate most of the steps this script takes, but it runs in only a > > second or two so it isn't a big deal. I would leave in the bit that > > zeros the start of the encrypted swap partition - it probably helps to > > keep mkswap from getting confused. > > > > Not sure what the fancy scripts that are being discussed do, but this is > > plenty good for me, and I'm sure Duncan could get this running in about > > 15 seconds... > > Yeah this script has worked fine for me for like 5 years except for one > thing: > > I can't find which gentoo package contains uuencode(installed > uucp,uulib,uudeview and googled to no avail). Nevermind I just found it: sharutils
> > > #!/bin/sh > > # Run this script somewhere in your startup scripts _after_ random > > # number generator has been initialized and /usr has been mounted. > > # (md5sum, uuencode, tail and head programs usually reside in /usr/bin/) > > > > # encrypted swap partition > > SWAPDEVICE=/dev/hda3 > > > > # loop device name > > LOOPDEV=/dev/loop6 > > > > MD=`dd if=${SWAPDEVICE} bs=4k count=10 2>/dev/null | md5sum` > > for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do > > dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 conv=notrunc > > 2>/dev/null sync > > done > > UR=`dd if=/dev/urandom bs=18 count=1 2>/dev/null \ > > > > | uuencode -m - | head -n 2 | tail -n 1` > > > > echo ${MD}${UR} | losetup -p 0 -e aes-cbc-256 ${LOOPDEV} ${SWAPDEVICE} > > MD= > > UR= > > dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2>/dev/null > > sync > > mkswap ${LOOPDEV} > > sync > > swapon ${LOOPDEV} > > Thanks, > Jason > > -- > gpg public key: > http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc -- gpg public key: http://lazybird.hyperintelligent.net/~jbooth/jbooth_key.asc -- gentoo-amd64@gentoo.org mailing list