Puppy Linux Discussion Forum

[kirk]

I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.

Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.

The initrd.gz is 42k bigger and has the following additions:

cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)


The init script has these changes:

lines 263-270:

CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="-e aes"
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
else
CRYPTO=""
fi

lines 576-618 (mostly 593-609)

#v2.13 do a f.s. check at every boot...
# e2fsck -y -f $SMNTPT$SAVEFILE // moved to line 612 for crypto
#about to mount pup_save.3fs, but before that check if need to resize it...
if [ -f $SMNTPT/pupsaveresize.txt ];then #created by /usr/sbin/resizepfile.sh
KILOBIG=`cat $SMNTPT/pupsaveresize.txt`
rm -f $SMNTPT/pupsaveresize.txt
echo -n "Increasing $SAVEFILE by $KILOBIG Kbytes, please wait..." >/dev/console
# dd if=/dev/zero bs=1k count=$KILOBIG | tee -a $SMNTPT$SAVEFILE > /dev/null
dd if=/dev/zero bs=1024 count=$KILOBIG >> $SMNTPT$SAVEFILE
sync
#v2.13 see above e2fsck -y -f $SMNTPT$SAVEFILE
resize2fs -pf $SMNTPT$SAVEFILE;check_status $? #no size, will fill all of file.
sync
sleep 6 #so we can see result. v2.11 only see result in log file.
check_status 0 #v2.11 e2fsck gives an error even though it works.
fi

if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
echo "Password: " >/dev/console
losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
mount -t ext2 -o noatime,rw /dev/loop1 $EFSMNT
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else

losetup /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
echo -n "Mounting ${SAVEFILE} on ${EFSMNT}..." >/dev/console
FILEFS="ext3"
[ ! "`echo -n "$SAVEFILE" | grep "2fs"`" = "" ] && FILEFS="ext2"
mount -t $FILEFS -o noatime,rw /dev/loop1 $EFSMNT;check_status $?
fi
}



The package is here:


http://www.mediafire.com/?2m3jmtnjzwi


If you test this out please post any problems / success in this thread. If you have comments about various encryption methods or other ideas on encryption please use one of our other threads or start a new one. I'd like to keep this one short and on topic. Thanks!

[al3x]

Tried to download the file the other day - upload2.net gave all kinds of errors. Could you please upload it somewhere else?
Thanks a lot.

[kirk]

Try the new link, I updated the original post. Let me know how it works!

[mdd]

[mdd]

[kirk]

To use this you'll have to replace the initrd.gz file with the one posted here. If you're booting from the live cd You'll have to remaster it. To remaster the cd do this:

1) Copy all the files off the Puppy 2.13 CD to a folder.

2) Replace initrd.gz with the one supplied here.

3) From a terminal window do this:

[mdd]

Works great. Thanks.

--MDD

[jam]

Kirk,

Perhaps you should get in touch with Dougal to see if he can add an option to the Puppy remaster script, incorporating the file and steps you list so that it is an option in the official Puppy remaster process going forward. Just a thought.

Jam

[mdd]

Any plans to update this for 2.14/2.15, or to integrate it into the default distrib files ?

--MDD

[kirk]

Did it for 2.14. Have to wait and see for 2.15.


http://www.murga-linux.com/puppy/viewtopic.php?t=15668