(old)Puppy Linux Discussion Forum

I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.

Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.

The initrd.gz is 42k bigger and has the following additions:

cryptoloop.ko.gz
aes.ko.gz
losetup (compiled with dietlibc to replace the busybox version)


The init script has these changes:

lines 263-270:

CRYPT=$( echo $PUPSAVE | grep crypt )
if [ "$CRYPT" != "" ] ; then
CRYPTO="-e aes"
zcat /lib/modules/${KERNVER}/aes.ko.gz | insmod -
zcat /lib/modules/${KERNVER}/cryptoloop.ko.gz | insmod -
else
CRYPTO=""
fi

lines 576-618 (mostly 593-609)

#v2.13 do a f.s. check at every boot...
# e2fsck -y -f $SMNTPT$SAVEFILE // moved to line 612 for crypto
#about to mount pup_save.3fs, but before that check if need to resize it...
if [ -f $SMNTPT/pupsaveresize.txt ];then #created by /usr/sbin/resizepfile.sh
KILOBIG=`cat $SMNTPT/pupsaveresize.txt`
rm -f $SMNTPT/pupsaveresize.txt
echo -n "Increasing $SAVEFILE by $KILOBIG Kbytes, please wait..." >/dev/console
# dd if=/dev/zero bs=1k count=$KILOBIG | tee -a $SMNTPT$SAVEFILE > /dev/null
dd if=/dev/zero bs=1024 count=$KILOBIG >> $SMNTPT$SAVEFILE
sync
#v2.13 see above e2fsck -y -f $SMNTPT$SAVEFILE
resize2fs -pf $SMNTPT$SAVEFILE;check_status $? #no size, will fill all of file.
sync
sleep 6 #so we can see result. v2.11 only see result in log file.
check_status 0 #v2.11 e2fsck gives an error even though it works.
fi

if [ "$CRYPTO" != "" ] ; then
echo -e "\\033[1;31m" >/dev/console
echo "Loading encrypted pup_save_crypt" >/dev/console
echo "" >/dev/console
while true; do
echo "Password: " >/dev/console
losetup $CRYPTO /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
mount -t ext2 -o noatime,rw /dev/loop1 $EFSMNT
if [ "$?" = "0" ] ; then
break
else
losetup -d /dev/loop1
echo "Can't mount file, Try password again." >/dev/console
fi
done
else

losetup /dev/loop1 $SMNTPT$SAVEFILE
e2fsck -y -f /dev/loop1
echo -n "Mounting ${SAVEFILE} on ${EFSMNT}..." >/dev/console
FILEFS="ext3"
[ ! "`echo -n "$SAVEFILE" | grep "2fs"`" = "" ] && FILEFS="ext2"
mount -t $FILEFS -o noatime,rw /dev/loop1 $EFSMNT;check_status $?
fi
}



The package is here:


http://www.mediafire.com/?2m3jmtnjzwi


If you test this out please post any problems / success in this thread. If you have comments about various encryption methods or other ideas on encryption please use one of our other threads or start a new one. I'd like to keep this one short and on topic. Thanks!

Tried to download the file the other day - upload2.net gave all kinds of errors. Could you please upload it somewhere else?
Thanks a lot.

Try the new link, I updated the original post. Let me know how it works!

kirk wrote:I've updated the pup_save encryption for 213. Included in the package below is a modified initrd.gz which will prompt you for a password if your pup_save file has "crypt" in the name. Only ext2 encrypted files are supported and it's been updated to fsck the file on every boot.

Also there's a script in the package to create an encrypted pup_save file with an ext2 file system.

The initrd.gz is 42k bigger and has the following additions ...

How do I install/use this? I'm assuming that I can only use this for a new save file, and can't apply it to an already existing one. Is this correct? Where do I put the files, etc.

If you have time, could you put together a brief "pup_save for Dummies" on how to employ this?

Thanks.

--MDD

mdd wrote:If you have time, could you put together a brief "pup_save for Dummies" on how to employ this?

Hmm. After actually looking at the package files, it looks pretty self-explanatory.

When in doubt, rtfp.

--MDD

To use this you'll have to replace the initrd.gz file with the one posted here. If you're booting from the live cd You'll have to remaster it. To remaster the cd do this:

1) Copy all the files off the Puppy 2.13 CD to a folder.

2) Replace initrd.gz with the one supplied here.

3) From a terminal window do this:

sh-3.00# mkisofs -o NEWpuppy2.13.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /folder-created-in-step-1/

Then you should have a new iso file called NEWpuppy2.13.iso. Then just burn it.

If you have a frugal hard drive install, then just replace the initrd.gz.

The package contains two files, the new initrd.gz and a script called pup_save encryption. The pup_save_encryption script will created a encrypted pupsave file and give you the option to copy your current pup_save file to the new encrypted one.

Works great. Thanks.

--MDD

Kirk,

Perhaps you should get in touch with Dougal to see if he can add an option to the Puppy remaster script, incorporating the file and steps you list so that it is an option in the official Puppy remaster process going forward. Just a thought.

Jam

Any plans to update this for 2.14/2.15, or to integrate it into the default distrib files ?

--MDD

Did it for 2.14. Have to wait and see for 2.15.


http://www.murga-linux.com/puppy/viewtopic.php?t=15668