Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 21 Nov 2014, 23:10
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
Encrypted pup_save for Puppy 212
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 5 of 5 Posts_count   Goto page: Previous 1, 2, 3, 4, 5
Author Message
Gn2


Joined: 16 Oct 2006
Posts: 936
Location: virtual - Veni vidi, nihil est adpulerit

PostPosted: Thu 21 Dec 2006, 17:36    Post_subject:  

Quote:
Why are you doing this?


Several questions were posted - they were answered.

How Puppy variances apply : Bash - boot processes - creating initiate ram images.

It wil be noted - no non- relevant links were supplied.

Quote:
> I forgot to mention that Barry will have to add this
> There is a limit to how much we can talk Barry into adding.
> We'll have to wait for Barry to say something
> Maybe Barry should just throw the origninal method into the next beta
> The thing is, I'm hoping to get this encryption into
> I don't think Barry will have any issue with small script changes with initrd.gz, the standard Puppy
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Fri 22 Dec 2006, 01:58    Post_subject:  

John, you might be interested in this code fragment in that tutorial I last mentioned, the one that seems most relevant to the Puppy boot process:

Code:
 
#!/bin/sh
...
while [ -n "${maps}" ]; do
    local remaining=

    findKey

    if [ ! -e "${key}" ]; then
        # boot up will halt here until a key is typed in
        read -s -p "LUKS passphrase for ${maps}: " passwd
        echo
        echo -n "${passwd}" > "${key}"
    fi

    echo -n "creating maps in /dev/mapper/.."
    for map in ${maps} ; do
        dev=$(subst 's|^[^/].*|/dev/&|' "${map}")
        map=$(basename "${dev}")
        if ! silent /bin/cryptsetup -q --key-file="${key}" luksOpen "${dev}" "${map}"; then
       echo -n "[${map}]."
            remaining="${remaining} ${map}"
   else
       echo -n "${map}."
        fi
    done
    echo "done."
    rm -f "${key}"
    maps="${remaining}"
  done

http://www.loria.fr/~gustedt/early/initscript

He also made this interesting comment:
Quote:
Now you should be asked a passphrase and the device should be mapped. If something goes wrong here, maybe you have the wrong cryptsetup or you forgot to add the `-s' option for read in the busybox shell executable.

http://www.loria.fr/~gustedt/early/

read -s works when I try it from the command line... of course that is "read" from a booted-up puppy. Who knows how it works from initrd. The busybox from the two places is different, of course.

BTW, I nagged Barry that our busybox is quite old (1.0.1 vs the current 1.3.0, with many bugfixes). Also older than the one this fellow used, 1.1.3. Maybe I mentioned that already. I suppose another line of attack would be to build the latest busybox and stick it in the initrd, just to see if that fixes anything (don't bother cutting it down). Sounds like work though.
Back to top
View user's profile Send_private_message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Fri 22 Dec 2006, 02:54    Post_subject:  

Thanks for the links Gn2. There was some really good info in there.
Back to top
View user's profile Send_private_message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Fri 22 Dec 2006, 02:55    Post_subject:  

PaulBx1 wrote:
BTW, I nagged Barry that our busybox is quite old (1.0.1 vs the current 1.3.0, with many bugfixes). Also older than the one this fellow used, 1.1.3. Maybe I mentioned that already. I suppose another line of attack would be to build the latest busybox and stick it in the initrd, just to see if that fixes anything (don't bother cutting it down). Sounds like work though.


Don't nag him too much. I'm sure he'd like to, as he could slim down initrd.gz even more. Puppy's init has some problems with the newer busybox. I've been sitting here compiling and testing for the last 10 hours. btw, I'd recommend shooting for 1.2.2.1 as an upgrade target. 1.3.0 has about 10 patches already.

I've started narrowing the problem (with puppy and busybox specifically) down. Right after "Looking for Puppy in.." it dies. /tmp/bootinit.log says there is an operand error.

I don't think ash likes this 'NOT' like this now:
if [ ! "`echo "$TESTPARTS" | grep "iso9660"`" = "" ];then

I think bottom like is this LUKS booting idea has got to wait until Busybox is upgraded.

This could take a while Confused
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Mon 25 Dec 2006, 00:22    Post_subject:  

So John, where does that statement come from? Can it be dismantled and simplified to the point it starts working again?

What is "TESTPARTS"? I want to try that statement at the command line.
Back to top
View user's profile Send_private_message 
mlamelas

Joined: 04 Oct 2006
Posts: 42
Location: Madrid, Spain

PostPosted: Tue 08 May 2007, 15:14    Post_subject: Will this work for 2.15?  

Hi everyone,

Will this process for encrypting the pup_save work for 2.15? I assume the initrd is different for each version, or no? How about the encryption script?

Many thanks,

Mel
Back to top
View user's profile Send_private_message 
ICQ 
RobertB


Joined: 02 Jan 2006
Posts: 145
Location: Big D

PostPosted: Tue 08 May 2007, 15:33    Post_subject: Re: Will this work for 2.15?  

mlamelas wrote:
Hi everyone,

Will this process for encrypting the pup_save work for 2.15? I assume the initrd is different for each version, or no? How about the encryption script?

Many thanks,

Mel

According to Pizzasgood in this thread, encryption was dropped from 2.15, so I don't think it will work -- at least, that's how I understand it. However, Barry "Mr. Puppy" K himself replied in the thread to say that encryption will be available in 2.16, which is Coming Soon.

(And if I misunderstood anything, someone please correct me!)
Back to top
View user's profile Send_private_message Visit_website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Tue 08 May 2007, 17:06    Post_subject:  

You can add it by hand, 2.15 just doesn't include it by default like it was originally going to. Just follow the same procedure you'd use for 2.14.
_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
mlamelas

Joined: 04 Oct 2006
Posts: 42
Location: Madrid, Spain

PostPosted: Wed 09 May 2007, 12:28    Post_subject: How to add by hand and does it affect truecrypt compile  

Hi Pizzasgood and other posters,

Thanks for your help. I am a relatively new comer to Puppy and Linux in general. When you say add encryption by hand to 2.15, what are the steps? Is there a library that needs to be added, or some source code that needs to be compiled, and if so, which?

There is another thread about compiling truecrypt where I have posted a question, but let me ask a question here since it may relate to encryption in general.

I followed the instructions in the other thread for compiling truecrypt, using Puppy 2.15 and Truecrypt 4.3. I got an error message about inserting the dm and truecrypt modules when I tried to mount a tc volume.

Another user who was successful in compiling Truecrypt 4.2a under Puppy 2.12 uploaded the four ko files from his compile. I copied them to the appropriate folders in 2.15, did a depmod -a, and truecrypt was able to mount a volume. With a glitch because the names show up in 8.3 format, but it did work.

My question then is whether the inability to compile Truecrypt 4.3 under Puppy 2.15 is related to the version of Truecrypt (4.3 v. 4.2a), or to the fact that encryption was taken out of Puppy2.15? Would taking out whatever was taken out of Puppy 2.15 affect the ability to compile Truecrypt?

Many thanks,

Mel
Back to top
View user's profile Send_private_message 
ICQ 
kirk

Joined: 11 Nov 2005
Posts: 1436
Location: florida

PostPosted: Wed 09 May 2007, 17:39    Post_subject:  

The 2.14 encryption stuff is here:

http://www.puppyos.net/forum/?1172086471

It uses cryptoloop with AES 128 for encryption. TrueCrypt would be a whole other adventure.

Or just wait for 2.16, It won't be long.
Back to top
View user's profile Send_private_message 
mlamelas

Joined: 04 Oct 2006
Posts: 42
Location: Madrid, Spain

PostPosted: Wed 09 May 2007, 20:37    Post_subject: The initrd.gz file appears to be version specific  

Hi Kirk,

Thanks for the info. I downloaded the initrd.gz file and copied it to my drive, replacing the default initrd.gz file that came with 2.15, but the system would not boot. It said that it could not find puppy in idehd and dropped to the shell. If I rename the pup_215.sfs to pup_214.sfs then it loads fine, but then you end up with a version conflict with the rest of the sfs files (zdrv, web_215).

I will wait for 2.16, but if encrypting the pupsave file is going to require a different initrd.gz file than the default, someone would have to create one for each new version of puppy. That may not be an optimal solution.

With respect to truecrypt, it has been compiled successfully with versions prior to 2.15, so I am wondering whether part of the kernel code that deals with encryption that was removed in 2.15 is creating my problem with the compile.

For now, I am using the ko files from the prior version compiles and that works. As long as the module doesn't change from 2.6.18.1 that will probably solve my problem with truecrypt.

For now, I will create a truecrypt volume inside of puppy for my stored passwords files, and as a second layer set up some kind of log in process to protect against loss or theft of the puppy pen drive.

Best regards,

Mel
Back to top
View user's profile Send_private_message 
ICQ 
kirk

Joined: 11 Nov 2005
Posts: 1436
Location: florida

PostPosted: Wed 09 May 2007, 21:58    Post_subject:  

Quote:
but if encrypting the pupsave file is going to require a different initrd.gz file than the default, someone would have to create one for each new version of puppy. That may not be an optimal solution.


Starting with 2.16 Barry has made it part of the standard puppy.
Back to top
View user's profile Send_private_message 
mlamelas

Joined: 04 Oct 2006
Posts: 42
Location: Madrid, Spain

PostPosted: Wed 09 May 2007, 22:22    Post_subject:  

I was hoping that was the answer. I have downloaded the 2.16 beta.
Back to top
View user's profile Send_private_message 
ICQ 
Display_posts:   Sort by:   
Page 5 of 5 Posts_count   Goto page: Previous 1, 2, 3, 4, 5
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0925s ][ Queries: 12 (0.0041s) ][ GZIP on ]