Few questions, requests and so on...

Non release banter
Kriss
Samurai
Samurai
Posts: 135
Joined: 06 Jul 2011, 07:07
Location: Russia

Few questions, requests and so on...

Post#1 by Kriss » 04 Sep 2011, 15:01

First of all I'd like to say Thank You for Porteus and for "[HOWTO] - Slax in encrypted file container".
Then Hello everybody!
I'm not sure where to post this, so excuse me if I'm using wrong section of forums (I'm not sure if I should split it or something else).

If anybody is interested, here's how I use encrypted container at the moment:

Code: Select all

#!/bin/bash

modprobe cryptoloop
modprobe blowfish

devlabel=LaCie #USB flash label
devuuid=9410-CB53 #USB flash UUID
mntdir=/crypto #Where encrypted container will be mounted
#cpdir=
flashpath=/boot #Path to $container on flashdrive (or other storage device)
destpath=/
container=/dark.mkv
teststring="This file is used to test whether encrypted container mounted or not."
testfile=/test.file

dev_mount() {
dev=`blkid | grep $devuuid | grep $devlabel | sed 's/: .*//'`
devname=`blkid | grep $devuuid | grep $devlabel | sed -e 's/: .*//' -e 's/.....//'`
if [ ! $devname = '' ]
then
devmnt=`cat /proc/self/mounts | grep $dev | sed -e 's/ vfat.*//' -e 's/.* //g'`
if [ ! $devmnt = '' ]
then
echo $devlabel was already mounted to $devmnt
else
mkdir /mnt/$devname
mount -t auto /dev/$devname /mnt/$devname
devmnt=`cat /proc/self/mounts | grep $dev | sed -e 's/ vfat.*//' -e 's/.* //g'`
ln -s $devmnt /media/$devlabel
echo $devlabel found on $dev ... $devname and mounted to $devmnt
fi
else
echo Device $devlabel not found
fi
}

mkloop() {
# makeloop: make a new loop device
x=`ls -1 /dev/loop* | awk -F/ '{print$3}' | tr -d [:alpha:] | sort -n | tail -n1`
lp=$(($x+1))

#Create a new loop
mknod /dev/loop$lp b 7 $lp
echo Created loop device number  $lp
}

crypto_mount() {
/sbin/losetup -e blowfish /dev/loop$lp $destpath$container
mkdir $mntdir
mount /dev/loop$lp $mntdir

echo Creating symlinks
#/usr/bin/crypto.links
}

crypto_create() {

echo Enter new password:
/sbin/losetup -e blowfish /dev/loop$lp $destpath$container
echo Remember this password...
mkfs.xfs /dev/loop$lp
mkdir $mntdir
mount /dev/loop$lp $mntdir
echo $teststring > $mntdir$testfile
}

crypto_save() {
if [ -f $devmnt$flashpath$container.001 ]
then
mv -T -f -v $devmnt$flashpath$container.001 $devmnt$flashpath$container.002
fi
if [ -f $devmnt$flashpath$container ]
then
mv -T -v $devmnt$flashpath$container $devmnt$flashpath$container.001
fi
cp -v $destpath$container $devmnt$flashpath
if [ $? -eq 0 ]; then echo Successfuly saved.; fi
}

case "$1" in
'load')
  if [ -r $mntdir$testfile ]
  then
    echo Already mounted? > /dev/null
  else
    dev_mount
    if [ ! $devmnt = '' ]
    then
      echo Copying encrypted container to memory, please wait...
      cp -v $devmnt$flashpath$container $destpath
      if [ $? -eq 0 ]; then echo Successfuly copied.; fi
      mkloop
      crypto_mount
      cp -r -f -s $mntdir$HOME $HOME
    fi
  fi
  ;;
'loadunsafe')
  if [ -r $mntdir$testfile ]
  then
    echo Already mounted? > /dev/null
  else
    dev_mount
    if [ ! $devmnt = '' ]
    then
      destpath=$devmnt$flashpath
      mkloop
      crypto_mount
    fi
  fi
  ;;
'remount') #To remount file already copied to memory.
  if [ -r $mntdir$testfile ]
  then
    echo Already mounted? > /dev/null
  else
    mkloop
    crypto_mount
  fi
  ;;
'save')
  if [ -r $mntdir$testfile ]
  then
    umount $mntdir
  fi
  dev_mount
  if [ ! $devmnt = '' ]
  then
    if [ ! $destpath$container = '' ]
    then
      if [ ! $destpath$container = $devmnt$flashpath$container ]
      then
        crypto_save
        sleep 1
      fi
    fi
  fi
  ;;
'create')
  dd if=/dev/urandom of=$destpath$container bs=512K count=240
  mkloop
  crypto_create
  ;;
*)
  echo "Usage: $0 {load|loadunsafe|remount|save|create}"
esac
This script loads container dark.mkv from defined device (in my case it's USB flash with label LaCie and filesystem UUID 9410-CB53) to defined location / and mount it to directory /crypto
Options are:
"load" - copies container to memory and mounts it to /crypto
"loadunsafe" - mounts it directly from flash drive
"save" - unmounts container and copies it back from memory to flash drive, making up to 2 backup copies
"remount" - mounts container, already copied to memory but unmounted (possibly after "save")
"create" - creates container with blocksize 512Kb and 240 blocks (~125Mb)

But I have a few questions. Some of them is about porteus, others are just... questions... About linux and about this encrypted container... I don't know some things, so excuse me.
1)Is there any way to see from what disk was porteus loaded?
2)How safe it is to mount this container directly from USB flash drive (although it's not the best option for copy2ram if I'm planning to remove USB device from computer IMHO)?
3)Is it necessary to unmount container if there is nothing being written on it at the moment (like on shutdown/reboot)?

4)I've tried to load this script from /rootcopy/etc/profile.d but then it loads twice: before user login and after it (and before login password is always wrong). Is it normal? I've used this long ago so I can't remember. Is there any better way if I want my script to execute for every user?
5)I've tried to create links ./rc6.d/S01crypto.sh and ./rc0.d/S01crypto.sh to automatically save container on shutdown, but what puzzles me is the fact that it is called with "start" option instead of "stop". (That's why I don't use them here at the moment).
And more importantly, I tried to use ./rc6.d/K01crypto.sh and they just didn't work (although AFAIK K is used to "stop" something).

6) Does anybody know a better way to replace certain files/directories with links other than removing them and creating links after that (that's what I used before)?
cp -r -f -s $mntdir$HOME $HOME doesn't replace directories with links no matter the options...

A few requests:
1) I wasn't able to load modules from subdirectories in /modules folder (at least on x86_64 version) unlike slax. If possible, I'd like this feature back. =)
2)Directory "porteus" is hard-coded if I'm trying to add "from_dir=boot/64" to kernel parameters. Can this be changed (so I won't need to place everything in "/boot/64/porteus")?
3)Here should be request about encrypted containers in future versions of Porteus, but I'm not quite sure what I want, since I usually don't use "changes" option and use copy2ram so I can remove USB device and plug it back at any moment and encrypted information uses too much memory (so copying whole $HOME there is out of question)... But on the other hand there's always some sensitive information: mail, passwords and accounts (firefox is quite safe with master password, but there are other applications... some messengers, mail agents, etc)...
4)Am I the only one who doesn't like the way Kmix works with different sound cards? I found that alsamixer and alsamixergui does its work better. With only Kmix some cards are quiet, others use wrong controls and right ones are absent so there is not way to change volume or only 1 of 2 controls are present...
I'm not sure if this is a request, suggestion or just a question though... =)
Anyway, thanks for you attention!
Suggestions/corrections/additions are always welcome.

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: Few questions, requests and so on...

Post#2 by fanthom » 05 Sep 2011, 12:41

Hello Kriss,

First of all i would like to mention that cryptoloop encryption method is obsolete - check out this thread for more info:
http://porteus.org/forum/viewtopic.php?f=53&t=725
in Porteus-1.1 i'll try to switch to cryptsetup or (in case of fail) remove this feature completely.

now i'll try to answer your questions the best way i can :)
1)Is there any way to see from what disk was porteus loaded?
you can get this info from /var/log/porteus-livedbg log
2)How safe it is to mount this container directly from USB flash drive (although it's not the best option for copy2ram if I'm planning to remove USB device from computer IMHO)?
should be safe enough - unmount command calls 'sync' first to make sure that all data are copied successfully (you can always run sync command 'by hand' to be 100% sure). if you remove USB after copy2ram then nothing is saved :wink:
3)Is it necessary to unmount container if there is nothing being written on it at the moment (like on shutdown/reboot)?
container should be unmounted automatically by rc.6 script when it executes 'umount -v -a -t no,proc,sysfs,usbfs,aufs'
4)I've tried to load this script from /rootcopy/etc/profile.d but then it loads twice: before user login and after it ..... Is there any better way if I want my script to execute for every user?
if you want to execute your script once, at every boot then i would recommend linking it in /etc/rc.d/rc.local
if you want to execute your script at every login, for all users (root, guest, etc...) then you could link it in /etc/profile
if you want to execute your script at every login, for all users but in GUI only then you could link it in /opt/porteus-scripts/paths (this is universal purpose file where Porteus post-boot GUI configs are performed)
5)I've tried to create links ./rc6.d/S01crypto.sh and ./rc0.d/S01crypto.sh to automatically save container on shutdown, but what puzzles me is the fact that it is called with "start" option instead of "stop". (That's why I don't use them here at the moment).
And more importantly, I tried to use ./rc6.d/K01crypto.sh and they just didn't work (although AFAIK K is used to "stop" something)
Slax documentation is wrong at this point - i have sent an email to Tomas M few months back but never got any response. check out this thread how to create symlinks properly:
(slax.org is down at the moment - will post the link when it's back up again)
6) Does anybody know a better way to replace certain files/directories with links other than removing them and creating links after that (that's what I used before)?
as far as i know this is the only method
1) I wasn't able to load modules from subdirectories in /modules folder (at least on x86_64 version) unlike slax. If possible, I'd like this feature back. =)
this is fixed already in devel snapshot - will be included in Porteus-1.1
2)Directory "porteus" is hard-coded if I'm trying to add "from_dir=boot/64" to kernel parameters. Can this be changed (so I won't need to place everything in "/boot/64/porteus")?
i have got this request from crashman before. from linuxrc point of view it's very easy to implement but gonna break some 3rd party scripts (like md5sum check during installation which is expecting to find /porteus folder somewhere). will check what i can do about it but can't promise implementation of this feature at this stage.
3)Here should be request about encrypted containers in future versions of Porteus, but I'm not quite sure what I want, since I usually don't use "changes" option and use copy2ram so I can remove USB device and plug it back at any moment and encrypted information uses too much memory (so copying whole $HOME there is out of question)... But on the other hand there's always some sensitive information: mail, passwords and accounts (firefox is quite safe with master password, but there are other applications... some messengers, mail agents, etc)...
dont know what to answer here as i cant find the question/feature request :wink:
4)Am I the only one who doesn't like the way Kmix works with different sound cards? I found that alsamixer and alsamixergui does its work better. With only Kmix some cards are quiet, others use wrong controls and right ones are absent so there is not way to change volume or only 1 of 2 controls are present...
tried alsamixergui but found it's interface looking too much of 'retro' style (like in commodore-64 times). no go for 64bits - sorry.

thanks a lot for your feedback/suggestions.
Please add [Solved] to your thread title if the solution was found.

Kriss
Samurai
Samurai
Posts: 135
Joined: 06 Jul 2011, 07:07
Location: Russia

Re: Few questions, requests and so on...

Post#3 by Kriss » 06 Sep 2011, 02:35

2)How safe it is to mount this container directly from USB flash drive (although it's not the best option for copy2ram if I'm planning to remove USB device from computer IMHO)?
should be safe enough - unmount command calls 'sync' first to make sure that all data are copied successfully (you can always run sync command 'by hand' to be 100% sure). if you remove USB after copy2ram then nothing is saved
Sorry, I was unclear.. I meant in case someone accidentally unplug your USB device.
if you want to execute your script once, at every boot then i would recommend linking it in /etc/rc.d/rc.local
if you want to execute your script at every login, for all users (root, guest, etc...) then you could link it in /etc/profile
if you want to execute your script at every login, for all users but in GUI only then you could link it in /opt/porteus-scripts/paths (this is universal purpose file where Porteus post-boot GUI configs are performed)
/etc/profile or etc/profile.d?
I'm asking because I need user to log in first (otherwise password input always fail, besides I need to know user's home directory to create symlinks) but when I start it from /etc/profile.d it loads twice. Once before user login and once after.
5)I've tried to create links ./rc6.d/S01crypto.sh and ./rc0.d/S01crypto.sh to automatically save container on shutdown, but what puzzles me is the fact that it is called with "start" option instead of "stop". (That's why I don't use them here at the moment).
And more importantly, I tried to use ./rc6.d/K01crypto.sh and they just didn't work (although AFAIK K is used to "stop" something)
Slax documentation is wrong at this point - i have sent an email to Tomas M few months back but never got any response. check out this thread how to create symlinks properly:
(slax.org is down at the moment - will post the link when it's back up again)
Yes, slax forum is down for some time now, but google cache usually helps me. :wink:
It's not about Slax. I did startup/shutdown scripts in the past with different distros. Is it not possible in Slax and in Porteus?
6) Does anybody know a better way to replace certain files/directories with links other than removing them and creating links after that (that's what I used before)?
as far as i know this is the only method
Thank you! I think I'll need to figure out script to recursively check certain special directory for links, and recreate them with full paths in user's home directory, deleting everything that was there instead...
i have got this request from crashman before. from linuxrc point of view it's very easy to implement but gonna break some 3rd party scripts (like md5sum check during installation which is expecting to find /porteus folder somewhere). will check what i can do about it but can't promise implementation of this feature at this stage.
Thank you! It's not very important, just helps to have 32 and 64 bit version on one drive...
tried alsamixergui but found it's interface looking too much of 'retro' style (like in commodore-64 times). no go for 64bits - sorry.
Yes, it doesn't look good. But helps when there is no controls for volume (or only one of them that can raise volume to 50% of normal, like it was with USB Sound Blaster Play! if I'm not mistaken). But I think I'll search some more for alsa mixer(s)...
container should be unmounted automatically by rc.6 script when it executes 'umount -v -a -t no,proc,sysfs,usbfs,aufs'
you can get this info from /var/log/porteus-livedbg log
Thank you!
First of all i would like to mention that cryptoloop encryption method is obsolete - check out this thread for more info:
viewtopic.php?f=53&t=725
in Porteus-1.1 i'll try to switch to cryptsetup or (in case of fail) remove this feature completely.
Thank you for information! But I think encrypting whole system is too extreme for me. If possible I'd like to continue using small encrypted container. It's not like I need some SERIOUS protection, just a tiny bit in case I'll lost my USB flash. :)

Oh, and is there any way to get kernel sources?
I'm trying to use Porteus to share internet in ad-hoc wlan. Everything works good in WinXP (ad-hoc, WEP, shared) but doesn't work in Porteus. I blame it on rtl8187 that doesn't have ad-hoc support, so I wanted to try "legacy" r8187 module...
Suggestions/corrections/additions are always welcome.

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: Few questions, requests and so on...

Post#4 by fanthom » 06 Sep 2011, 16:42

Sorry, I was unclear.. I meant in case someone accidentally unplug your USB device.
all data written on the usb stick are saved with a couple of seconds delay so you have a big chance for a loss in that case
/etc/profile or etc/profile.d?
/etc/profile
I did startup/shutdown scripts in the past with different distros. Is it not possible in Slax and in Porteus?
it is possible but you must do it in a correct way. have a look on the Virtualbox module as an example:
http://ponce.cc/porteus/x86_64/current/ ... x86_64.xzm
Thank you! It's not very important, just helps to have 32 and 64 bit version on one drive...
this feature is now implemented and will be ready for testing in first rc of Porteus-1.1
Oh, and is there any way to get kernel sources?
yes - please read the FAQ for more info.
here is the link to 64bit version:
http://ponce.cc/porteus/x86_64/current/ ... l-sources/

Cheers
Please add [Solved] to your thread title if the solution was found.

Kriss
Samurai
Samurai
Posts: 135
Joined: 06 Jul 2011, 07:07
Location: Russia

Re: Few questions, requests and so on...

Post#5 by Kriss » 10 Sep 2011, 14:40

@fanthom
/etc/profile
/etc/profile is a file...
Anyway, I've made a check "if [ ! $HOME = '' ]" and I hope this will be enough to put script to /etc/profile.d and it won't load before user login.
this feature is now implemented and will be ready for testing in first rc of Porteus-1.1
Thank you!
yes - please read the FAQ for more info.
here is the link to 64bit version:
http://ponce.cc/porteus/x86_64/current/ ... l-sources/
Sorry, my bad...
I just thought that crippled sources were really crippled so they won't be suitable to anything other than fooling programs that require them, so I didn't try to check them and instead tried to look for tar.gz somewhere with complete kernel sources. :)

Thank you for your answers and your time!
Suggestions/corrections/additions are always welcome.

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: Few questions, requests and so on...

Post#6 by fanthom » 10 Sep 2011, 15:10

/etc/profile is a file...
yes - and it's content is executed during every user login. just add one extra string to it to run your custom script:

Code: Select all

sh /path/to_my_script
or put your commands directly into it.

good luck.
Please add [Solved] to your thread title if the solution was found.

Post Reply