~ubuntu-branches/ubuntu/saucy/ecryptfs-utils/saucy

« back to all changes in this revision

Viewing changes to .pc/setup-swap-skip-zram.patch/src/utils/ecryptfs-setup-swap

Committer: Package Import Robot
Author(s): Colin Watson
Date: 2012-04-18 15:52:45 UTC
Revision ID: package-import@ubuntu.com-20120418155245-ehdhkj9xfwehhgdt

Tags: 96-0ubuntu3

https://launchpad.net/bugs/979350

src/utils/ecryptfs-setup-swap: Skip /dev/zram* swap devices
(LP: #979350).

files added:
.pc/setup-swap-skip-zram.patch

.pc/setup-swap-skip-zram.patch/src

.pc/setup-swap-skip-zram.patch/src/utils

.pc/setup-swap-skip-zram.patch/src/utils/ecryptfs-setup-swap

debian/patches/setup-swap-skip-zram.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

src/utils/ecryptfs-setup-swap

Show diffs side-by-side

added added

removed removed

.pc/setup-swap-skip-zram.patch/src/utils/ecryptfs-setup-swap

#!/bin/sh -e

# ecryptfs-setup-swap

# Authors: Dustin Kirkland <kirkland@ubuntu.com>

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; version 2 of the License.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# The cryptswap setup used here follows a guide published at:

# * http://ubuntumagnet.com/2007/11/creating-encrypted-swap-file-ubuntu-using-cryptsetup

TEXTDOMAIN="ecryptfs-utils"

error() {

echo `gettext "ERROR:"` "$@" 1>&2

exit 1

}

info() {

echo `gettext "INFO:"` "$@"

}

warn() {

echo `gettext "WARNING:"` "$@" 1>&2

}

usage() {

echo

echo `gettext "Usage:"`

echo " $0 [-f|--force] [-n|--no-reload]"

echo

exit 1

}

# Handle command line options

FORCE=0

while [ ! -z "$1" ]; do

case "$1" in

-f|--force)

FORCE=1

shift 1

;;

-n|--no-reload)

NO_RELOAD=1

shift 1

;;

usage

;;

esac

done

# Ensure that cryptsetup is available

[ -x /sbin/cryptsetup ] || error `gettext "Please install"` "'cryptsetup'"

# Ensure that we're running with root privileges

[ -w /etc/passwd ] || error `gettext "This program must be run with 'sudo', or as root"`

# Count swap spaces available

if [ $(grep -c "^/" /proc/swaps) -eq 0 ]; then

mem=$(grep "^MemTotal:" /proc/meminfo | awk '{print $2}')

swapsize=$((4*$mem))

info "You do not currently have any swap space defined."

echo

echo `gettext "You can create a swap file by doing:"`

echo " $ sudo dd if=/dev/zero of=/swapfile count=$swapsize"

echo " $ sudo mkswap /swapfile"

echo " $ sudo swapon /swapfile"

echo

echo `gettext "And then re-run"` "$0"

echo

exit 0

swaps=$(grep "^/" /proc/swaps | awk '{print $1}')

filtered_swaps=$(

for swap in $swaps; do

# Make sure this is swap space

if [ "$(blkid -o value -s TYPE $swap)" != "swap" ]; then

warn "[$swap]" `gettext "does not appear to be swap space, skipping."`

continue

if [ "${swap#/dev/ram}" != "$swap" ]; then

warn "[$swap]" `gettext "is a RAM device, skipping."`

continue

100

# Check if this swap space is already setup for encryption

101

if /sbin/dmsetup table "$swap" 2>/dev/null | grep -qs " crypt "; then

102

warn "[$swap]" `gettext "already appears to be encrypted, skipping."`

103

continue

104

105

106

base=$(basename "$swap")

107

if grep -qs "^$base.*swap.*cipher" /etc/crypttab 2>/dev/null; then

108

warn "[$swap]" `gettext "already has an entry in /etc/crypttab, skipping."`

109

continue

110

111

if grep -qs "$swap" /etc/initramfs-tools/conf.d/cryptroot 2>/dev/null; then

112

warn "[$swap]" `gettext "already has an entry in /etc/crypttab, skipping."`

113

continue

114

115

116

echo $swap

117

done

118

)

119

swaps="$filtered_swaps"

120

if [ -z "$swaps" ]; then

121

warn "There were no usable swap devices to be encrypted. Exiting."

122

exit 0

123

124

##########################################################################

125

# Warn the user about breaking hibernate mode

126

if [ "$FORCE" != 1 ]; then

127

echo

128

echo `gettext "WARNING:"`

129

echo `gettext "An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format."`

130

echo

131

echo `gettext "HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!"`

132

echo

133

echo `gettext "NOTE: Your suspend/resume capabilities will not be affected."`

134

echo

135

echo -n `gettext "Do you want to proceed with encrypting your swap?"` "[y/N]: "

136

CONFIRM=`head -n1`

137

echo

138

if [ "$CONFIRM" != "y" -a "$CONFIRM" != "Y" ]; then

139

echo

140

info `gettext "Aborting."`

141

echo

142

exit 0

143

144

145

##########################################################################

146

147

148

i=0

149

for swap in $swaps; do

150

info `gettext "Setting up swap:"` "[$swap]"

151

uuid=$(blkid -o value -s UUID $swap)

152

for target in "UUID=$uuid" $swap; do

153

if [ -n "$target" ] && grep -qs "^$target " /etc/fstab; then

154

sed -i "s:^$target :\#$target :" /etc/fstab

155

warn "Commented out your unencrypted swap from /etc/fstab"

156

157

done

158

159

while :; do

160

i=$((i+1))

161

[ -e "/dev/mapper/cryptswap$i" ] || break

162

done

163

# Add crypttab entry

164

echo "cryptswap$i $swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256" >> /etc/crypttab

165

166

# Add fstab entry

167

echo "/dev/mapper/cryptswap$i none swap sw 0 0" >> /etc/fstab

168

done

169

170

if [ "$NO_RELOAD" != 1 ]; then

171

# Turn swap off

172

swapoff -a

173

174

# Restart cryptdisks

175

/etc/init.d/cryptdisks restart

176

177

# Turn the swap on

178

swapon -a

179

180

181

info `gettext "Successfully setup encrypted swap!"`

Older »