3
# Copyright (C) 2008 Canonical Ltd.
5
# Authors: Dustin Kirkland <kirkland@ubuntu.com>
7
# This program is free software; you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License as published by
9
# the Free Software Foundation; version 2 of the License.
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU General Public License
17
# along with this program. If not, see <http://www.gnu.org/licenses/>.
19
# The cryptswap setup used here follows a guide published at:
20
# * http://ubuntumagnet.com/2007/11/creating-encrypted-swap-file-ubuntu-using-cryptsetup
22
TEXTDOMAIN="ecryptfs-utils"
25
echo `gettext "ERROR:"` "$@" 1>&2
30
echo `gettext "INFO:"` "$@"
34
echo `gettext "WARNING:"` "$@" 1>&2
39
echo `gettext "Usage:"`
40
echo " $0 [-f|--force] [-n|--no-reload]"
45
# Handle command line options
47
while [ ! -z "$1" ]; do
63
# Ensure that cryptsetup is available
64
[ -x /sbin/cryptsetup ] || error `gettext "Please install"` "'cryptsetup'"
66
# Ensure that we're running with root privileges
67
[ -w /etc/passwd ] || error `gettext "This program must be run with 'sudo', or as root"`
69
# Count swap spaces available
70
if [ $(grep -c "^/" /proc/swaps) -eq 0 ]; then
71
mem=$(grep "^MemTotal:" /proc/meminfo | awk '{print $2}')
73
info "You do not currently have any swap space defined."
75
echo `gettext "You can create a swap file by doing:"`
76
echo " $ sudo dd if=/dev/zero of=/swapfile count=$swapsize"
77
echo " $ sudo mkswap /swapfile"
78
echo " $ sudo swapon /swapfile"
80
echo `gettext "And then re-run"` "$0"
85
swaps=$(grep "^/" /proc/swaps | awk '{print $1}')
88
for swap in $swaps; do
89
# Make sure this is swap space
90
if [ "$(blkid -o value -s TYPE $swap)" != "swap" ]; then
91
warn "[$swap]" `gettext "does not appear to be swap space, skipping."`
95
if [ "${swap#/dev/ram}" != "$swap" ]; then
96
warn "[$swap]" `gettext "is a RAM device, skipping."`
100
# Check if this swap space is already setup for encryption
101
if /sbin/dmsetup table "$swap" 2>/dev/null | grep -qs " crypt "; then
102
warn "[$swap]" `gettext "already appears to be encrypted, skipping."`
106
base=$(basename "$swap")
107
if grep -qs "^$base.*swap.*cipher" /etc/crypttab 2>/dev/null; then
108
warn "[$swap]" `gettext "already has an entry in /etc/crypttab, skipping."`
111
if grep -qs "$swap" /etc/initramfs-tools/conf.d/cryptroot 2>/dev/null; then
112
warn "[$swap]" `gettext "already has an entry in /etc/crypttab, skipping."`
119
swaps="$filtered_swaps"
120
if [ -z "$swaps" ]; then
121
warn "There were no usable swap devices to be encrypted. Exiting."
124
##########################################################################
125
# Warn the user about breaking hibernate mode
126
if [ "$FORCE" != 1 ]; then
128
echo `gettext "WARNING:"`
129
echo `gettext "An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format."`
131
echo `gettext "HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!"`
133
echo `gettext "NOTE: Your suspend/resume capabilities will not be affected."`
135
echo -n `gettext "Do you want to proceed with encrypting your swap?"` "[y/N]: "
138
if [ "$CONFIRM" != "y" -a "$CONFIRM" != "Y" ]; then
140
info `gettext "Aborting."`
145
##########################################################################
149
for swap in $swaps; do
150
info `gettext "Setting up swap:"` "[$swap]"
151
uuid=$(blkid -o value -s UUID $swap)
152
for target in "UUID=$uuid" $swap; do
153
if [ -n "$target" ] && grep -qs "^$target " /etc/fstab; then
154
sed -i "s:^$target :\#$target :" /etc/fstab
155
warn "Commented out your unencrypted swap from /etc/fstab"
161
[ -e "/dev/mapper/cryptswap$i" ] || break
164
echo "cryptswap$i $swap /dev/urandom swap,cipher=aes-cbc-essiv:sha256" >> /etc/crypttab
167
echo "/dev/mapper/cryptswap$i none swap sw 0 0" >> /etc/fstab
170
if [ "$NO_RELOAD" != 1 ]; then
175
/etc/init.d/cryptdisks restart
181
info `gettext "Successfully setup encrypted swap!"`