Archive for the ‘FreeBSD’ Category

FreeBSD and subversion

No Comments »

FreeBSD now uses subversion for acquiring sources, ports, etc. The below initial checkouts may help someone:

Sources (RELEASE, STABLE and CURRENT):

svn co svn://svn.freebsd.org/base/release/9.2.0 /usr/src
svn co svn://svn.freebsd.org/base/stable/9 /usr/src
svn co svn://svn.freebsd.org/base/head /usr/src

Ports:

svn co svn://svn.freebsd.org/ports/head /usr/ports

Linux java on FreeBSD

No Comments »

So I installed Linux’s jdk1.6 on my FreeBSD box at work and had to add a few environmental variables in order to get everything working correctly. I added the following to my .bashrc:

export PATH=/usr/local/linux-sun-jdk1.6.0/bin:$PATH
export JAVADIR=/usr/local/linux-sun-jdk1.6.0/
export LD_LIBRARY_PATH=/usr/local/linux-sun-jdk1.6.0/jre/lib/i386/jli

I also needed to mount linprocfs; I just added the following to /etc/fstab, and ran mount linprocfs:

linprocfs /compat/linux/proc linprocfs rw 0 0

Hopefully these help someone out!


Disk encryption on FreeBSD

No Comments »

Though I use Linux on most my workstations, I use FreeBSD on my servers. I love it compared to Linux, and I’d use it on my workstations if there was better hardware support. So I wanted to create this post highlight how to setup disk encryption with FreeBSD using GELI (as opposed to Luks, which is what I’m used to on Linux).

First, if needed, remove any partition table on the disk that you’ll be setting up the encryption on and replace it with a GPT partition table. Not a totally necessary step, as you can easily encrypt individual partitions, however this will setup full disk encryption. Keep in mind the devices in the examples should be replaced with whatever is on your system:

gpart destroy -F da0

Now, create a GPT partition table on the disk:

gpart create -s gpt da0

Next create your partition (in this case, I was setting up for a ZFS partition, substitute “freebsd-zfs” for whichever partition type you’d like to use):

gpart add -t freebsd-zfs da0

Generate your encryption key, I placed it in my /boot folder:

dd if=/dev/random of=/boot/encryption.key bs=4096 count=1

Now we’ll actually setup encryption on the device (obviously you can use different options, check out the man page if interested, however these should do well for most cases):

geli init -b -B /boot/da0p1.eli -e AES-XTS -K /boot/encryption.key -l 256 -s 4096 /dev/da0p1

To open the disk. Doing so will create a new device at /dev/[disk].eli:

geli attach -k /boot/encryption.key /dev/da0p1

Now that the disk is open, you can add it to your zfs pool or simply begin using it if you are using UFS:

zpool create [pool] /dev/da0p1.eli

You’ll need to add the following to /boot/loader.conf in order to have it mounted properly on boot:

geli_da0p1_keyfile0_load=”YES”
geli_da0p1_keyfile0_type=”da0p1:geli_keyfile0″
geli_da0p2_keyfile0_name=”/boot/encryption.key”

That’s it! Enjoy your encrypted disk.