I think bottom line is that the first implimentation will be the best for puppy (unless a miracle happens here). Although this does look like it will work also, just need some help with the boot script. Perhaps Barry can use the first one and those of use on the forum will just make a second (larger) initrd.gz available or they could both be on the main site or whatever.
Luks-Modules.tar.gz has:
DM-Mod.ko (66k)
DM-Crypt.ko (15k)
'Install' is a script to install them for testing. I think one needs to run it every time you reboot unless you add the modules to modules.dep. They can be gziped for initrd.
crypt-pupsave-LUKS.tar.gz is a modified version of crypt-pupsave. Only the first "make empty crypt save" function has been modified. It also still uses the old cypto aes loop for the random data. It doesn't do the filesystem copying yet either.
Puppy-Luks.tar.gz is an alien package (2376K extracted) which can be extracted and added to the boot image and/or used as an alien package to run Luks. I've removed as much as I can. I'm hoping there are additional libraries that can be removed. I thought one could compile libraries as static and they wouldn't call each other unless they were needed. I tried this with libcrypt so I could get rid of libgpg-error all together (because I don't plan on making any errors) but it still wouldn't run without libgpg-error. There is also that lib-dietC thing (I forget the name, you know what I mean), which I don't understand how to use. It would slim off some size also.
(*edit, sorry this formating didn't work very nicely)
It contains the following:
/usr/sbin/cryptsetup 28k
/usr/sbin/dmsetup 34k
/usr/sbin/hashalot 48k
/usr/sbin/rmd160 Symlink to hashalot
/usr/sbin/sha256 Symlink to hashalot
/usr/sbin/sha384 Symlink to hashalot
/usr/sbin/sha512 Symlink to hashalot
/usr/lib/cryptsetup Empty Directory
/usr/lib/libcryptsetup.la 885B
/usr/lib/libcryptsetup.so 22B
/usr/lib/libcryptsetup.so.0 22B
/usr/lib/libcryptsetup.so.0.0.0 104K
/usr/lib/libdevmapper.so 20B
/usr/lib/libdevmapper.so.1.02 64K
/usr/lib/libgcrypt.a 1215k
/usr/lib/libgcrypt.la 847B
/usr/lib/libgcrypt.so 19B
/usr/lib/libgcrypt.so.11 19B
/usr/lib/libgcrypt.so.11.2.2 719B
/usr/lib/libgpg-error.a 65K
/usr/lib/libgpg-error.la 837B
/usr/lib/libgpg-error.so 21B
/usr/lib/libgpg-error.so.0 21B
/usr/lib/libgpg-error.so.0.3.0 37K
Latest Init Code:
These are mods on what Kirk wrote, I'll refer to them as "Block One" and "Block Two" (block two needs a bit of help still).
New Path Var:
Code: Select all
PATH="/bin:/sbin:/lib:/usr:/usr/sbin:/usr/lib"
Block One:
Code: Select all
CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="yes"
zcat /lib/modules/${KERNVER}/dm-mod.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/dm-crypt.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
else
CRYPTO=""
fi
Block Two:
Code: Select all
if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
losetup /dev/loop1 $SMNTPT$SAVEFILE
echo "Enter your LUKS passphrase:" >/dev/console
read PASSPHRASE
echo -n "$PASSPHRASE" | cryptsetup luksOpen /dev/loop1 pup_crypt
#get_password | cryptsetup luksOpen /dev/loop1 pup_crypt
#while test $? -ne 0; do
#cryptsetup -y luksOpen /dev/loop1 pup_crypt;
#done
mount -t ext3 -o noatime,rw /dev/mapper/pup_crypt $EFSMNT;check_status $?
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else
Reference Links:
http://feraga.com/node/51
http://www.g-loaded.eu/2005/11/10/encry ... -and-luks/
http://www.redhat.com/archives/fedora-s ... 00056.html
http://ubuntuforums.org/showthread.php?t=199824&page=3
http://www.shimari.com/dm-crypt-on-raid/#why_dmcrypt
http://www.shimari.com/dm-crypt-on-raid/encrypted_home
http://www.saout.de/tikiwiki/tiki-index.php?page=HOWTO
http://www.ubuntuforums.org/showthread.php?t=120091
http://www.google.com/search?q=initrd+cryptsetup