Encrypted pup_save for 2.13
Posted: Wed 03 Jan 2007, 04:24
I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.
Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.
The initrd.gz is 42k bigger and has the following additions:
cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)
The init script has these changes:
lines 263-270:
CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="-e aes"
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
else
CRYPTO=""
fi
lines 576-618 (mostly 593-609)
#v2.13 do a f.s. check at every boot...
# e2fsck -y -f $SMNTPT$SAVEFILE // moved to line 612 for crypto
#about to mount pup_save.3fs, but before that check if need to resize it...
if [ -f $SMNTPT/pupsaveresize.txt ];then #created by /usr/sbin/resizepfile.sh
KILOBIG=`cat $SMNTPT/pupsaveresize.txt`
rm -f $SMNTPT/pupsaveresize.txt
echo -n "Increasing $SAVEFILE by $KILOBIG Kbytes, please wait..." >/dev/console
# dd if=/dev/zero bs=1k count=$KILOBIG | tee -a $SMNTPT$SAVEFILE > /dev/null
dd if=/dev/zero bs=1024 count=$KILOBIG >> $SMNTPT$SAVEFILE
sync
#v2.13 see above e2fsck -y -f $SMNTPT$SAVEFILE
resize2fs -pf $SMNTPT$SAVEFILE;check_status $? #no size, will fill all of file.
sync
sleep 6 #so we can see result. v2.11 only see result in log file.
check_status 0 #v2.11 e2fsck gives an error even though it works.
fi
if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
echo "Password: " >/dev/console
losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
mount -t ext2 -o noatime,rw /dev/loop1 $EFSMNT
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else
losetup /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
echo -n "Mounting ${SAVEFILE} on ${EFSMNT}..." >/dev/console
FILEFS="ext3"
[ ! "`echo -n "$SAVEFILE" | grep "2fs"`" = "" ] && FILEFS="ext2"
mount -t $FILEFS -o noatime,rw /dev/loop1 $EFSMNT;check_status $?
fi
}
The package is here:
http://www.mediafire.com/?2m3jmtnjzwi
If you test this out please post any problems / success in this thread. If you have comments about various encryption methods or other ideas on encryption please use one of our other threads or start a new one. I'd like to keep this one short and on topic. Thanks!
Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.
The initrd.gz is 42k bigger and has the following additions:
cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)
The init script has these changes:
lines 263-270:
CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="-e aes"
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
else
CRYPTO=""
fi
lines 576-618 (mostly 593-609)
#v2.13 do a f.s. check at every boot...
# e2fsck -y -f $SMNTPT$SAVEFILE // moved to line 612 for crypto
#about to mount pup_save.3fs, but before that check if need to resize it...
if [ -f $SMNTPT/pupsaveresize.txt ];then #created by /usr/sbin/resizepfile.sh
KILOBIG=`cat $SMNTPT/pupsaveresize.txt`
rm -f $SMNTPT/pupsaveresize.txt
echo -n "Increasing $SAVEFILE by $KILOBIG Kbytes, please wait..." >/dev/console
# dd if=/dev/zero bs=1k count=$KILOBIG | tee -a $SMNTPT$SAVEFILE > /dev/null
dd if=/dev/zero bs=1024 count=$KILOBIG >> $SMNTPT$SAVEFILE
sync
#v2.13 see above e2fsck -y -f $SMNTPT$SAVEFILE
resize2fs -pf $SMNTPT$SAVEFILE;check_status $? #no size, will fill all of file.
sync
sleep 6 #so we can see result. v2.11 only see result in log file.
check_status 0 #v2.11 e2fsck gives an error even though it works.
fi
if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
echo "Password: " >/dev/console
losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
mount -t ext2 -o noatime,rw /dev/loop1 $EFSMNT
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else
losetup /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
echo -n "Mounting ${SAVEFILE} on ${EFSMNT}..." >/dev/console
FILEFS="ext3"
[ ! "`echo -n "$SAVEFILE" | grep "2fs"`" = "" ] && FILEFS="ext2"
mount -t $FILEFS -o noatime,rw /dev/loop1 $EFSMNT;check_status $?
fi
}
The package is here:
http://www.mediafire.com/?2m3jmtnjzwi
If you test this out please post any problems / success in this thread. If you have comments about various encryption methods or other ideas on encryption please use one of our other threads or start a new one. I'd like to keep this one short and on topic. Thanks!