reimplement support for encrypted savefiles

using losetup-222 (static)
puppylinux-woof-CE · Dec 30, 2016 · 44e15f2 · 44e15f2 · peabee · Dec 31, 2016
1 parent 332766a
commit 44e15f2
Show file tree

Hide file tree

Showing 15 changed files with 230 additions and 27 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -44,17 +44,6 @@ In this release there have been many important changes.
   * Here you can find the initrd skeleton, init script and pkgs.
   * With this you can compile static apps for the initrd
     and create initrd.gz automatically.
-  * Dropped support for encrypted savefiles (using the old method)
-    The encrypted savefiles use:
-    1) ext2 filesystem 
-    2) unsupported losetup 2.22-
-    3) encrpyption methods known to be easily cracked
-    - Tthere was a discussion about using cryptsetup or ecryptfs
-      but cryptsetup is a bit unreliable for use with savefiles
-      and ecryptfs does not work within aufs stack
-    - So this the end for encrypted savefiles.. at least in WoofCE
-    - However it could be possible to encrypt the home directory
-      or something with ecryptfs.. this is a possibility
   * Used by 3builddistro
   * See README file for more details
 - kernel-kit

diff --git a/initrd-progs/0initrd/init b/initrd-progs/0initrd/init
@@ -51,6 +51,10 @@ L_ERROR_FAILED_AUFS_STACK='Failed to create empty aufs stack'
 L_ADDING_MODULE="Adding module %s" #printf
 L_NO_DISTRO_SPECS="No DISTRO_SPECS file found, assuming that personal storage is empty."
 L_DEBUG_SAVE="To save debug info to a partition, type 'debugsave'"
+L_PASSWORD="Password:"
+L_PASSWORD_MSG_1="NOTICE: As you type your password nothing will be displayed on the screen."
+L_PASSWORD_MSG_2="This is a security measure. Just type it in then press ENTER key..."
+
 ##############################################################
 
 /sbin/usablefs # mount: /proc /sys /dev / (proc sysfs devtmpfs rootfs)
@@ -63,6 +67,13 @@ KERNELVER="$(uname -r)"
 VFAT_OUT_PARAM='shortname=mixed,quiet,utf8' #see also /sbin/set_plang
 . /DISTRO_SPECS #v412 has DISTRO_VERSION, DISTRO_FILE_PREFIX
 
+#precaution - if using a DISTRO_SPECS not processed by 3builddistro...
+[ ! "$DISTRO_ZDRVSFS" ] && DISTRO_ZDRVSFS="zdrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_FDRVSFS" ] && DISTRO_FDRVSFS="fdrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_ADRVSFS" ] && DISTRO_ADRVSFS="adrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_YDRVSFS" ] && DISTRO_YDRVSFS="adrv_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+[ ! "$DISTRO_PUPPYSFS" ] && DISTRO_PUPPYSFS="puppy_${DISTRO_FILE_PREFIX}_${DISTRO_VERSION}.sfs"
+
 # filenames specified in DISTRO_SPECS: DISTRO_ZDRVSFS, DISTRO_PUPPYSFS...
 Z_DEF_FN="$DISTRO_ZDRVSFS"
 F_DEF_FN="$DISTRO_FDRVSFS"
@@ -423,11 +434,28 @@ format_bytes() {
 load_ext_file() {
  SAVE_SZ_FN=""
  RESIZE_FN="$(dirname $SAVE_FN)/pupsaveresizenew.txt"
-#delete following line when resize file location is fixed
+ #delete following line when resize file location is fixed
  [ -f "$RESIZE_FN" ] || RESIZE_FN="${SAVE_MP}/pupsaveresizenew.txt"
  [ -f "$RESIZE_FN" ] && resize_ext_file
  ONE_LOOP="$(losetup -f)"
- losetup $ONE_LOOP $SAVE_FN
+ #-- is the ${DISTRO_FILE_PREFIX}save encrypted?...
+ if echo "$SAVE_FN" | grep -q '_crypt' ;then
+   #mount encrypted savefile
+   case $SAVE_FN in 
+    *cryptx*) CRYPTO='-e 1' ;;
+    *) CRYPTO='-e aes' ;;
+   esac
+   echo >/dev/console
+   echo "${L_PASSWORD_MSG_1}"  >/dev/console
+   echo "${L_PASSWORD_MSG_2}" >/dev/console
+   echo -e "\\033[1;36m" >/dev/console #aqua-blue
+   echo -n "${L_PASSWORD} " >/dev/console
+   echo -en "\\033[0;39m" >/dev/console
+   read -s MYPASS
+   echo "$MYPASS" | losetup-222 -p 0 $CRYPTO $ONE_LOOP $SAVE_FN
+ else
+   losetup $ONE_LOOP $SAVE_FN
+ fi
  SFFS='ext'$(echo -n "$SAVE_FN" | rev | cut -c 3)
  [ "$PFSCK" = "yes" ] && { echo "" > /dev/console; fsck_func "$ONE_LOOP" "$SFFS"; }
  [ "$SAVE_SZ_FN" ] && resize_ext_fs "$ONE_LOOP" "$SFFS"

diff --git a/initrd-progs/build.conf b/initrd-progs/build.conf
@@ -52,6 +52,7 @@ nano_static
 ntfs-3g_static
 #sed_static
 #util-linux_static
+util-linux-222_static
 '
 
 # to build specific pkgs:
@@ -74,6 +75,7 @@ e2fsck
 grep
 #kmod
 #losetup
+losetup-222
 nano
 ntfs-3g
 #ntfsfix

diff --git a/initrd-progs/build.sh b/initrd-progs/build.sh
@@ -13,7 +13,7 @@ DEFAULT_x86=i686
 DEFAULT_ARM=armv6l
 #DEFAULT_ARM64=aarch64
 
-PREBUILT_BINARIES="http://01micko.com/wdlkmpx/woof-CE/initrd_progs-20161109-static.tar.xz"
+PREBUILT_BINARIES="http://01micko.com/wdlkmpx/woof-CE/initrd_progs-20161230-static.tar.xz"
 
 ARCH=`uname -m`
 OS_ARCH=$ARCH
@@ -280,6 +280,7 @@ function check_bin() {
 		e2fsprogs_static) static_bins='e2fsck resize2fs' ;;
 		findutils_static) static_bins='find' ;;
 		util-linux_static) static_bins='losetup' ;;
+		util-linux-222_static) static_bins='losetup-222' ;;
 		*) static_bins=${init_pkg%_*} ;;
 	esac
 	for sbin in ${static_bins} ; do

diff --git a/initrd-progs/pkg/util-linux-222_static/util-linux-222.patch b/initrd-progs/pkg/util-linux-222_static/util-linux-222.patch
@@ -0,0 +1,54 @@
+diff -Naur util-linux-2.22.2/config/config.sub util-linux-2.22.2-patched/config/config.sub
+--- util-linux-2.22.2/config/config.sub	2012-09-18 02:53:51.000000000 +0000
++++ util-linux-2.22.2-patched/config/config.sub	2016-07-23 20:52:45.685261722 +0000
+@@ -253,7 +253,7 @@
+ 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ 	| am33_2.0 \
+-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
++	| arc | arm | arm[bl]e | arme[lb] | armv[2345678] | armv[345678][lb] | avr | avr32 \
+         | be32 | be64 \
+ 	| bfin \
+ 	| c4x | clipper \
+diff -Naur util-linux-2.22.2/lib/tt.c util-linux-2.22.2-patched/lib/tt.c
+--- util-linux-2.22.2/lib/tt.c	2012-12-12 20:04:47.902355093 +0000
++++ util-linux-2.22.2-patched/lib/tt.c	2016-07-23 20:51:58.358596857 +0000
+@@ -22,7 +22,7 @@
+ #include "widechar.h"
+ #include "tt.h"
+ #include "mbsalign.h"
+-#include "ttyutils.h"
++//#include "ttyutils.h"
+
+ struct tt_symbols {
+ 	const char *branch;
+diff -Naur util-linux-2.22.2/term-utils/setterm.c util-linux-2.22.2-patched/term-utils/setterm.c
+--- util-linux-2.22.2/term-utils/setterm.c	2012-11-30 08:01:42.950919423 +0000
++++ util-linux-2.22.2-patched/term-utils/setterm.c	2016-07-23 20:51:58.358596857 +0000
+@@ -123,15 +123,6 @@
+ #include "nls.h"
+ #include "closestream.h"
+
+-#if __GNU_LIBRARY__ < 5
+-#ifndef __alpha__
+-# include <linux/unistd.h>
+-#define __NR_klogctl __NR_syslog
+-_syscall3(int, klogctl, int, type, char*, buf, int, len);
+-#else /* __alpha__ */
+-#define klogctl syslog
+-#endif
+-#endif
+ extern int klogctl(int type, char *buf, int len);
+
+ /* Constants. */
+diff -Naur util-linux-2.22.2/term-utils/ttymsg.c util-linux-2.22.2-patched/term-utils/ttymsg.c
+--- util-linux-2.22.2/term-utils/ttymsg.c	2012-11-29 15:15:00.347642630 +0000
++++ util-linux-2.22.2-patched/term-utils/ttymsg.c	2016-07-23 20:51:58.358596857 +0000
+@@ -42,6 +42,7 @@
+
+ #include <sys/types.h>
+ #include <sys/uio.h>
++#include <sys/param.h>
+ #include <signal.h>
+ #include <fcntl.h>
+ #include <dirent.h>
diff --git a/initrd-progs/pkg/util-linux-222_static/util-linux-222_static.petbuild b/initrd-progs/pkg/util-linux-222_static/util-linux-222_static.petbuild
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. ../../func
+
+URL=https://www.kernel.org/pub/linux/utils/util-linux/v2.22
+SRC=util-linux
+PKG=util-linux-222_static
+VER=2.22.2
+COMP=tar.xz
+DESC=""
+DEPS=
+CAT=BuildingBlock
+CWD=`pwd`
+
+build() {
+	cd ${SRC}-${VER}
+	patch -p1 < ../util-linux-222.patch
+	opts="--prefix=/usr --enable-static-programs=losetup
+--disable-shared --disable-nls --without-ncurses --disable-libuuid --disable-libblkid
+--disable-libmount --disable-mount --disable-fsck --disable-partx
+--disable-uuidd --disable-mountpoint --disable-fallocate
+--disable-eject --disable-agetty
+--disable-cramfs --disable-switch_root --disable-pivot_root
+--disable-kill --disable-utmpdump --disable-raw --disable-rename
+--disable-chsh-only-listed --disable-login --disable-sulogin --disable-su
+--disable-schedutils --disable-wall
+--disable-pg-bell --disable-use-tty-group --disable-makeinstall-chown
+--disable-makeinstall-setuid --without-selinux "
+	_configure
+	sed -i 's|^LDFLAGS =.*|LDFLAGS = -all-static|' Makefile
+	_make ${MKFLG} losetup
+	abort_if_file_not_found losetup
+	install -d -m 0755 $CWD/${PKG}-${VER}-${ARCH}/bin
+	mv losetup losetup-222
+	_install losetup-222 $CWD/${PKG}-${VER}-${ARCH}/bin
+	cd -
+}
+
+package() {
+	# add this recipe
+	install -d -m 0755 ./${PKG}-${VER}-${ARCH}/build
+	cat ${PKG}.petbuild > ./${PKG}-${VER}-${ARCH}/build/$PKG-build-recipe
+	# move, don't package
+	cp -a --remove-destination ./${PKG}-${VER}-${ARCH}/* ../../00_${ARCH}
+	rm -r ${SRC}-${VER}
+	rm -r ${PKG}-${VER}-${ARCH}
+	echo "moved to initrd"
+	echo "done!"
+}
+
+# main
+retrieve ${SRC}-${VER}.${COMP}
+[ "$DLD_ONLY" = "yes" ] && exit
+extract ${SRC}-${VER}.${COMP}
+build
+package
diff --git a/woof-arch/arm/target/rootfs-skeleton/sbin/losetup-2.21 b/woof-arch/arm/target/rootfs-skeleton/sbin/losetup-2.21
diff --git a/woof-arch/arm/target/rootfs-skeleton/sbin/losetup-222 b/woof-arch/arm/target/rootfs-skeleton/sbin/losetup-222
diff --git a/woof-arch/x86/target/rootfs-skeleton/sbin/losetup-2.21 b/woof-arch/x86/target/rootfs-skeleton/sbin/losetup-2.21
diff --git a/woof-arch/x86/target/rootfs-skeleton/sbin/losetup-222 b/woof-arch/x86/target/rootfs-skeleton/sbin/losetup-222
diff --git a/woof-arch/x86_64/target/rootfs-skeleton/sbin/losetup-2.21 b/woof-arch/x86_64/target/rootfs-skeleton/sbin/losetup-2.21
diff --git a/woof-arch/x86_64/target/rootfs-skeleton/sbin/losetup-222 b/woof-arch/x86_64/target/rootfs-skeleton/sbin/losetup-222
diff --git a/woof-code/rootfs-skeleton/etc/rc.d/rc.shutdown b/woof-code/rootfs-skeleton/etc/rc.d/rc.shutdown
@@ -253,9 +253,9 @@ case $PUPMODE in
    mount -t $FILEFS -o noatime,rw,loop $SMNTPT$SAVEFILE /tmp/save1stpup
   else
    #note: loop2 is kept available for scripts to use. but, do this to find free one...
-   DEVLOOP="`losetup-FULL -f`"
+   DEVLOOP="`losetup-222 -f`"
    #'-p 0' means read password from stdin...
-   echo "$MYPASSWORD" | losetup-FULL -p 0 $CRYPTO $DEVLOOP ${SMNTPT}$SAVEFILE >/dev/console
+   echo "$MYPASSWORD" | losetup-222 -p 0 $CRYPTO $DEVLOOP ${SMNTPT}$SAVEFILE >/dev/console
    [ ! $? -eq 0 ] && exit 1
    mount -t $FILEFS -o noatime,rw $DEVLOOP /tmp/save1stpup
   fi

diff --git a/woof-code/rootfs-skeleton/usr/sbin/filemnt b/woof-code/rootfs-skeleton/usr/sbin/filemnt
@@ -83,7 +83,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
      *_cryptx*) #light encryption.
       CRYPTO='light'
       modprobe cryptoloop
-      rxvt -geometry 25x3 -title "$(gettext 'Enter password')" -bg orange -e losetup-2.21 -E 1 $DEVLOOP $imgFile
+      rxvt -geometry 25x3 -title "$(gettext 'Enter password')" -bg orange -e losetup-222 -E 1 $DEVLOOP $imgFile
       Err=$?
      ;;
      *_crypt*) #heavy encryption.
@@ -97,7 +97,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
       MYPASS="`pupdialog --title "$(gettext 'Password required')" --stdout --inputbox "$(gettext 'Password required to open') ${imgFileBASE}:" 0 0`"
       Err=$?
       if [ $Err -eq 0 ];then
-       echo "$MYPASS" | losetup-2.21 -p 0 -e aes $DEVLOOP $imgFile
+       echo "$MYPASS" | losetup-222 -p 0 -e aes $DEVLOOP $imgFile
        Err=$?
       fi
      ;;
@@ -129,7 +129,7 @@ if [ "$MNTEDLOOP" = "" ];then #not mounted on $MntPt
     /usr/lib/gtkdialog/box_splash -timeout 6 -bg green -text "`eval_gettext \"Click \\\$imgFileBASE icon again to unmount it\"`" &
     defaultfilemanager -n "$MntPt" &
   else
-    [ "$CRYPTO" ] && losetup-2.21 -d $DEVLOOP
+    [ "$CRYPTO" ] && losetup-222 -d $DEVLOOP
     rm -rf "$MntPt" #121203
   fi