Few questions, requests and so on...
Posted: 04 Sep 2011, 15:01
First of all I'd like to say Thank You for Porteus and for "[HOWTO] - Slax in encrypted file container".
Then Hello everybody!
I'm not sure where to post this, so excuse me if I'm using wrong section of forums (I'm not sure if I should split it or something else).
If anybody is interested, here's how I use encrypted container at the moment:
This script loads container dark.mkv from defined device (in my case it's USB flash with label LaCie and filesystem UUID 9410-CB53) to defined location / and mount it to directory /crypto
Options are:
"load" - copies container to memory and mounts it to /crypto
"loadunsafe" - mounts it directly from flash drive
"save" - unmounts container and copies it back from memory to flash drive, making up to 2 backup copies
"remount" - mounts container, already copied to memory but unmounted (possibly after "save")
"create" - creates container with blocksize 512Kb and 240 blocks (~125Mb)
But I have a few questions. Some of them is about porteus, others are just... questions... About linux and about this encrypted container... I don't know some things, so excuse me.
1)Is there any way to see from what disk was porteus loaded?
2)How safe it is to mount this container directly from USB flash drive (although it's not the best option for copy2ram if I'm planning to remove USB device from computer IMHO)?
3)Is it necessary to unmount container if there is nothing being written on it at the moment (like on shutdown/reboot)?
4)I've tried to load this script from /rootcopy/etc/profile.d but then it loads twice: before user login and after it (and before login password is always wrong). Is it normal? I've used this long ago so I can't remember. Is there any better way if I want my script to execute for every user?
5)I've tried to create links ./rc6.d/S01crypto.sh and ./rc0.d/S01crypto.sh to automatically save container on shutdown, but what puzzles me is the fact that it is called with "start" option instead of "stop". (That's why I don't use them here at the moment).
And more importantly, I tried to use ./rc6.d/K01crypto.sh and they just didn't work (although AFAIK K is used to "stop" something).
6) Does anybody know a better way to replace certain files/directories with links other than removing them and creating links after that (that's what I used before)?
cp -r -f -s $mntdir$HOME $HOME doesn't replace directories with links no matter the options...
A few requests:
1) I wasn't able to load modules from subdirectories in /modules folder (at least on x86_64 version) unlike slax. If possible, I'd like this feature back. =)
2)Directory "porteus" is hard-coded if I'm trying to add "from_dir=boot/64" to kernel parameters. Can this be changed (so I won't need to place everything in "/boot/64/porteus")?
3)Here should be request about encrypted containers in future versions of Porteus, but I'm not quite sure what I want, since I usually don't use "changes" option and use copy2ram so I can remove USB device and plug it back at any moment and encrypted information uses too much memory (so copying whole $HOME there is out of question)... But on the other hand there's always some sensitive information: mail, passwords and accounts (firefox is quite safe with master password, but there are other applications... some messengers, mail agents, etc)...
4)Am I the only one who doesn't like the way Kmix works with different sound cards? I found that alsamixer and alsamixergui does its work better. With only Kmix some cards are quiet, others use wrong controls and right ones are absent so there is not way to change volume or only 1 of 2 controls are present...
I'm not sure if this is a request, suggestion or just a question though... =)
Anyway, thanks for you attention!
Then Hello everybody!
I'm not sure where to post this, so excuse me if I'm using wrong section of forums (I'm not sure if I should split it or something else).
If anybody is interested, here's how I use encrypted container at the moment:
Code: Select all
#!/bin/bash
modprobe cryptoloop
modprobe blowfish
devlabel=LaCie #USB flash label
devuuid=9410-CB53 #USB flash UUID
mntdir=/crypto #Where encrypted container will be mounted
#cpdir=
flashpath=/boot #Path to $container on flashdrive (or other storage device)
destpath=/
container=/dark.mkv
teststring="This file is used to test whether encrypted container mounted or not."
testfile=/test.file
dev_mount() {
dev=`blkid | grep $devuuid | grep $devlabel | sed 's/: .*//'`
devname=`blkid | grep $devuuid | grep $devlabel | sed -e 's/: .*//' -e 's/.....//'`
if [ ! $devname = '' ]
then
devmnt=`cat /proc/self/mounts | grep $dev | sed -e 's/ vfat.*//' -e 's/.* //g'`
if [ ! $devmnt = '' ]
then
echo $devlabel was already mounted to $devmnt
else
mkdir /mnt/$devname
mount -t auto /dev/$devname /mnt/$devname
devmnt=`cat /proc/self/mounts | grep $dev | sed -e 's/ vfat.*//' -e 's/.* //g'`
ln -s $devmnt /media/$devlabel
echo $devlabel found on $dev ... $devname and mounted to $devmnt
fi
else
echo Device $devlabel not found
fi
}
mkloop() {
# makeloop: make a new loop device
x=`ls -1 /dev/loop* | awk -F/ '{print$3}' | tr -d [:alpha:] | sort -n | tail -n1`
lp=$(($x+1))
#Create a new loop
mknod /dev/loop$lp b 7 $lp
echo Created loop device number $lp
}
crypto_mount() {
/sbin/losetup -e blowfish /dev/loop$lp $destpath$container
mkdir $mntdir
mount /dev/loop$lp $mntdir
echo Creating symlinks
#/usr/bin/crypto.links
}
crypto_create() {
echo Enter new password:
/sbin/losetup -e blowfish /dev/loop$lp $destpath$container
echo Remember this password...
mkfs.xfs /dev/loop$lp
mkdir $mntdir
mount /dev/loop$lp $mntdir
echo $teststring > $mntdir$testfile
}
crypto_save() {
if [ -f $devmnt$flashpath$container.001 ]
then
mv -T -f -v $devmnt$flashpath$container.001 $devmnt$flashpath$container.002
fi
if [ -f $devmnt$flashpath$container ]
then
mv -T -v $devmnt$flashpath$container $devmnt$flashpath$container.001
fi
cp -v $destpath$container $devmnt$flashpath
if [ $? -eq 0 ]; then echo Successfuly saved.; fi
}
case "$1" in
'load')
if [ -r $mntdir$testfile ]
then
echo Already mounted? > /dev/null
else
dev_mount
if [ ! $devmnt = '' ]
then
echo Copying encrypted container to memory, please wait...
cp -v $devmnt$flashpath$container $destpath
if [ $? -eq 0 ]; then echo Successfuly copied.; fi
mkloop
crypto_mount
cp -r -f -s $mntdir$HOME $HOME
fi
fi
;;
'loadunsafe')
if [ -r $mntdir$testfile ]
then
echo Already mounted? > /dev/null
else
dev_mount
if [ ! $devmnt = '' ]
then
destpath=$devmnt$flashpath
mkloop
crypto_mount
fi
fi
;;
'remount') #To remount file already copied to memory.
if [ -r $mntdir$testfile ]
then
echo Already mounted? > /dev/null
else
mkloop
crypto_mount
fi
;;
'save')
if [ -r $mntdir$testfile ]
then
umount $mntdir
fi
dev_mount
if [ ! $devmnt = '' ]
then
if [ ! $destpath$container = '' ]
then
if [ ! $destpath$container = $devmnt$flashpath$container ]
then
crypto_save
sleep 1
fi
fi
fi
;;
'create')
dd if=/dev/urandom of=$destpath$container bs=512K count=240
mkloop
crypto_create
;;
*)
echo "Usage: $0 {load|loadunsafe|remount|save|create}"
esac
Options are:
"load" - copies container to memory and mounts it to /crypto
"loadunsafe" - mounts it directly from flash drive
"save" - unmounts container and copies it back from memory to flash drive, making up to 2 backup copies
"remount" - mounts container, already copied to memory but unmounted (possibly after "save")
"create" - creates container with blocksize 512Kb and 240 blocks (~125Mb)
But I have a few questions. Some of them is about porteus, others are just... questions... About linux and about this encrypted container... I don't know some things, so excuse me.
1)Is there any way to see from what disk was porteus loaded?
2)How safe it is to mount this container directly from USB flash drive (although it's not the best option for copy2ram if I'm planning to remove USB device from computer IMHO)?
3)Is it necessary to unmount container if there is nothing being written on it at the moment (like on shutdown/reboot)?
4)I've tried to load this script from /rootcopy/etc/profile.d but then it loads twice: before user login and after it (and before login password is always wrong). Is it normal? I've used this long ago so I can't remember. Is there any better way if I want my script to execute for every user?
5)I've tried to create links ./rc6.d/S01crypto.sh and ./rc0.d/S01crypto.sh to automatically save container on shutdown, but what puzzles me is the fact that it is called with "start" option instead of "stop". (That's why I don't use them here at the moment).
And more importantly, I tried to use ./rc6.d/K01crypto.sh and they just didn't work (although AFAIK K is used to "stop" something).
6) Does anybody know a better way to replace certain files/directories with links other than removing them and creating links after that (that's what I used before)?
cp -r -f -s $mntdir$HOME $HOME doesn't replace directories with links no matter the options...
A few requests:
1) I wasn't able to load modules from subdirectories in /modules folder (at least on x86_64 version) unlike slax. If possible, I'd like this feature back. =)
2)Directory "porteus" is hard-coded if I'm trying to add "from_dir=boot/64" to kernel parameters. Can this be changed (so I won't need to place everything in "/boot/64/porteus")?
3)Here should be request about encrypted containers in future versions of Porteus, but I'm not quite sure what I want, since I usually don't use "changes" option and use copy2ram so I can remove USB device and plug it back at any moment and encrypted information uses too much memory (so copying whole $HOME there is out of question)... But on the other hand there's always some sensitive information: mail, passwords and accounts (firefox is quite safe with master password, but there are other applications... some messengers, mail agents, etc)...
4)Am I the only one who doesn't like the way Kmix works with different sound cards? I found that alsamixer and alsamixergui does its work better. With only Kmix some cards are quiet, others use wrong controls and right ones are absent so there is not way to change volume or only 1 of 2 controls are present...
I'm not sure if this is a request, suggestion or just a question though... =)
Anyway, thanks for you attention!