etc/rc.d/geli

   1 #!/bin/sh
   2 #
   3 # Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
   4 # All rights reserved.
   5 #
   6 # Redistribution and use in source and binary forms, with or without
   7 # modification, are permitted provided that the following conditions
   8 # are met:
   9 # 1. Redistributions of source code must retain the above copyright
  10 #    notice, this list of conditions and the following disclaimer.
  11 # 2. Redistributions in binary form must reproduce the above copyright
  12 #    notice, this list of conditions and the following disclaimer in the
  13 #    documentation and/or other materials provided with the distribution.
  14 #
  15 # THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
  16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  18 # ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
  19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  25 # SUCH DAMAGE.
  26 #
  27 # $FreeBSD$
  28 #
  29
  30 # PROVIDE: disks
  31 # KEYWORD: nojail
  32
  33 . /etc/rc.subr
  34
  35 name="geli"
  36 desc="GELI disk encryption"
  37 start_precmd="geli_prestart"
  38 start_cmd="geli_start"
  39 stop_cmd="geli_stop"
  40 required_modules="geom_eli:g_eli"
  41
  42 : ${geli_mount_keys_first:=NO}
  43
  44 geli_prestart()
  45 {
  46         if checkyesno geli_mount_keys_first
  47         then
  48                 if ! mount | grep -q "on /etc/keys ("
  49                 then
  50                         mount -r /etc/keys
  51                 fi
  52         fi
  53
  54         [ -n "$(geli_make_list)" ]
  55         return $?
  56 }
  57
  58 geli_start()
  59 {
  60         devices=`geli_make_list`
  61
  62         if [ -z "${geli_tries}" ]; then
  63                 if [ -n "${geli_attach_attempts}" ]; then
  64                         # Compatibility with rc.d/gbde.
  65                         geli_tries=${geli_attach_attempts}
  66                 else
  67                         geli_tries=`${SYSCTL_N} kern.geom.eli.tries`
  68                 fi
  69         fi
  70
  71         for provider in ${devices}; do
  72                 provider_=`ltr ${provider} '/-' '_'`
  73
  74                 eval "flags=\${geli_${provider_}_flags}"
  75                 if [ -z "${flags}" ]; then
  76                         flags=${geli_default_flags}
  77                 fi
  78                 if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
  79                         echo "Configuring Disk Encryption for ${provider}."
  80                         count=1
  81                         while [ ${count} -le ${geli_tries} ]; do
  82                                 geli attach ${flags} ${provider}
  83                                 if [ -e "/dev/${provider}.eli" ]; then
  84                                         break
  85                                 fi
  86                                 echo "Attach failed; attempt ${count} of ${geli_tries}."
  87                                 count=$((count+1))
  88                         done
  89                 fi
  90         done
  91 }
  92
  93 geli_stop()
  94 {
  95         devices=`geli_make_list`
  96
  97         for provider in ${devices}; do
  98                 if [ -e "/dev/${provider}.eli" ]; then
  99                         umount "/dev/${provider}.eli" 2>/dev/null
 100                         geli detach "${provider}"
 101                 fi
 102         done
 103 }
 104
 105 load_rc_config $name
 106 run_rc_command "$1"