[or-cvs] r13179: The persistent volume creation script is now even more user- (in incognito/trunk: . root_overlay/etc/init.d root_overlay/usr/sbin root_overlay/usr/share/applications)
anonym at seul.org
anonym at seul.org
Fri Jan 18 05:34:16 UTC 2008
Author: anonym
Date: 2008-01-18 00:34:16 -0500 (Fri, 18 Jan 2008)
New Revision: 13179
Added:
incognito/trunk/root_overlay/usr/sbin/enable-persistent-vol
incognito/trunk/root_overlay/usr/share/applications/enable-persistent-vol.desktop
Modified:
incognito/trunk/TODO
incognito/trunk/root_overlay/etc/init.d/external-config-setup
incognito/trunk/root_overlay/usr/sbin/create-homevol
Log:
The persistent volume creation script is now even more user-friendly and informative. It's also possible to turn it that functionality off completely during boot and to re-enable it.
Modified: incognito/trunk/TODO
===================================================================
--- incognito/trunk/TODO 2008-01-18 05:16:22 UTC (rev 13178)
+++ incognito/trunk/TODO 2008-01-18 05:34:16 UTC (rev 13179)
@@ -69,10 +69,6 @@
- Allow home dir on USB when booting from CD
Allow the home directory on a USB drive (or other media) when booting from the CD. This will require an optional menu if more than one possibility for a home directory is found.
-- Never create persistent home option on USB
-Make it possible to to permanently decline creating a persistent home partition during boot from USB (otherwise this will constantly be halting the boot process).
-This easily implemented by a "lock" file, i.e. NO_PERSISTANT on the USB root, created by external-config-setup when the users choses to never have a persistent home. external-config-setup will check for the existence of that file before prompting the user. Also, there should be a readily available script which resets this available on the KDE desktop and in the fluxbox menu.
-
- Mixmaster
Install mixmaster and mixmaster-smtp and integrate into mail clients. Remove mixminion-smtp.
@@ -80,7 +76,7 @@
KSirc isn't that user friendly. Konversation is probably better, wait for 1.1 release + make comprehensive server list incl. privacy and Tor related servers.
- Kqemu
-Badly needed for performance. The autostart should check if it's installed. If not, prompt if it should be installed (plus describe benefits). Include kqemu windows install.
+Badly needed for performance in qemu. The autostart should check if it's installed. If not, prompt if it should be installed (plus describe benefits). Include kqemu windows install.
- Remove kmail?
We already have Thunderbird, so we could save space this way. Also, Torbutton is only for Thunderbird and it scrapes IP address/host from EHLO/HELO message. Don't know whether this is possible for kmail and that's serious if it's to be used for SMTP(s).
Modified: incognito/trunk/root_overlay/etc/init.d/external-config-setup
===================================================================
--- incognito/trunk/root_overlay/etc/init.d/external-config-setup 2008-01-18 05:16:22 UTC (rev 13178)
+++ incognito/trunk/root_overlay/etc/init.d/external-config-setup 2008-01-18 05:34:16 UTC (rev 13179)
@@ -80,7 +80,7 @@
ebegin "Mounting TrueCrypt /home"
clear
splash_verbose
- QUESTION_PASSWORD="Please enter the password for the home volume."
+ QUESTION_PASSWORD="Please enter the password for the home volume, or choose cancel to boot with default settings and no persistent storage."
QUESTION_ERROR="An error occurred opening the volume, see above, hit ENTER to try again"
TITLE="Open Persistent Home Volume"
# Ask for truecrypt password, use password from creating (hidden volume preferred) if available
Modified: incognito/trunk/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/create-homevol 2008-01-18 05:16:22 UTC (rev 13178)
+++ incognito/trunk/root_overlay/usr/sbin/create-homevol 2008-01-18 05:34:16 UTC (rev 13179)
@@ -4,6 +4,8 @@
# Create the home volume
#
+
+
[[ -n "${MEDIAROOT}" ]] || MEDIAROOT="/mnt/cdrom"
[[ -n "${HOMEPART_EXT3}" ]] || HOMEPART_EXT3="${MEDIAROOT}/home.ext3.img"
[[ -n "${HOMEPART_TC}" ]] || HOMEPART_TC="${MEDIAROOT}/home.tc"
@@ -11,31 +13,61 @@
TITLE="Create Persistent Home Volume"
BACKTITLE="__INCOGNITO__"
+LOCK_FILE="${MEDIAROOT}/LOCK_NO_PERSISTENT"
MIN_SIZE=20
MAX_SIZE=$(( ${MEDIAFREE} / 1024 ))
QUESTION_HOME_PART="Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions?"
-QUESTION_SIZE="Enter the size in megabytes for the volume. For various reasons, ${MIN_SIZE} MB is the smallest we allow. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so future upgrades of Incognito will fit."
+QUESTION_NO_PERSISTENT="Would you like to disable the persistent home volume? That way this prompt will never appear when starting __INCOGNITO__.
+
+If you choose 'yes' here this can be undone by running the 'Enable persistant home volume' script located on the desktop when logged in."
+QUESTION_SIZE="Enter the size in megabytes for the volume. For various reasons, ${MIN_SIZE} MB is the smallest we allow. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so future upgrades of __INCOGNITO__ will fit."
QUESTION_HIDDEN_SIZE="How much of the normal volume's capacity would you like the hidden volume to consist of? As the hidden volume is the one you should use, try to put as much as possible there, but no too much as that will make your normal volume too small and not work well. The recommended value which already is entered in the field should be optimal for most users."
-QUESTION_ENCRYPTION="Would you like to encrypt the volume using TrueCrypt?"
-QUESTION_PASSWORDS="Please enter the passwords for the normal TrueCrypt volume and the hidden TrueCrypt volume.
+QUESTION_ENCRYPTION="Would you like to encrypt the volume using TrueCrypt? This will make your data unreadable for everyone that doesn't have the password you choose unless they can guess it."
+QUESTION_HIDDEN_VOLUME="Do you want to use a hidden volume?
-If you want to use a hidden volume you must enter two differen passwords, one normal volume password and one hidden volume password in their respective input fields. The hidden volume password is the one you should use personally when starting __INCOGNITO__ which will give you access to the hidden volume. The other password you may give away to the authorities when under pressure as that will give them access to the normal volume and provide you with plausible deniability. Without the hidden volume password it is impossible to prove the existence of the hidden volume, so never give it away. This can save you if you live in a country where there
+A hidden volume offers you plausable deniability which is essential in case you live in a country where you must hand over encryption keys and passwords to the authorities when suspected for a crime (like in the UK). The hidden volume will reside in the free space of the normal volume, and you will have two different passwords; one that grants access to the normal volume and one that grants access to the hidden volume. The password for the normal volume can be given away to the authorities when they so demand, and as long as you keep your hidden volume password for yourself they cannot prove of its existence.
-If you only want to encrypt your data and not use a hidden volume, leave the hidden volume password blank. In that case, since you only have the normal password you should always use it.
+If you want to use a hidden volume, you should do all your real work within your hidden volume, which you access with the hidden volume password. Only occasionally should you log in to the normal volume (using the normal volume password) and do some \"normal\" things (i.e. no illegal or otherwise sensitive activites) so it looks like it is being used, otherwise the authorities might become suspicious when they discover that you haven't touched it. When you do that, just remember to not save much data on the normal volume as that can damage your hidden volume.
+You can use a weak and easy-to-remember password for the normal volume, but the hidden volume should have a password just as strong as any other password protecting sensitive data."
+PASSWORD_RECOMMENDATION="REMEMBER TO USE STRONG PASSWORDS! Blank passwords are not accepted. For some security it is recommended to use at least 12 characters including both upper and lower case letters, numbers and special characters, without any words from any language or other similar systems. It should be as random (and long) as your memory allows."
+QUESTION_NORMAL_PASSWORD="Please enter the password for the normal volume.
+
Use the Up and Down arrow keys to move between input fields. Press Enter/Return when finished.
-REMEMBER TO USE STRONG PASSWORDS!"
-LABEL_PASSWORD_NORMAL="Normal"
-LABEL_PASSWORD_HIDDEN="Hidden"
+"
+QUESTION_HIDDEN_PASSWORD="Please enter the password for the hidden volume.
+
+Use the Up and Down arrow keys to move between input fields. Press Enter/Return when finished.
+
+${PASSWORD_RECOMMENDATION}
+
+This password cannot be the same as the password for the normal volume."
+NORMAL_PW_RECOMMENDATION="${ABOUT_PASSWORDS}"
+LABEL_PASSWORD="Enter your desired password:"
+LABEL_REPEAT="Re-enter your password:"
MESSAGE_CREATING_TRUECRYPT_NORMAL="Creating TrueCrypt normal volume..."
MESSAGE_CREATING_TRUECRYPT_HIDDEN="Creating TrueCrypt hidden volume..."
DIM="0 0"
+# Check if the lock file is there
+if [[ -e ${LOCK_FILE} ]]; then
+ exit 0
+fi
+
# Ask for home volume
-dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --yesno "${QUESTION_HOME_PART}" ${DIM} || exit 0
+dialog --ascii-lines --timeout 10 --title "${TITLE}" --backtitle "${BACKTITLE}" --yesno "${QUESTION_HOME_PART}" ${DIM}
+# If not, check if the user want to disable it semi-permanently
+if [[ $? -ne 0 ]]; then
+ dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --defaultno --yesno "${QUESTION_NO_PERSISTENT}" ${DIM}
+ if [[ $? -eq 0 ]]; then
+ touch ${LOCK_FILE}
+ fi
+ exit 0
+fi
+
# Check if minimum required amount of space is available
if [[ ${MAX_SIZE} -lt ${MIN_SIZE} ]]; then
echo "Sorry, but you do not have enough space left on the media (Minimum needed: ${MIN_SIZE} MB, currently available: ${MAX_SIZE} MB)"
@@ -60,20 +92,30 @@
command -v truecrypt >/dev/null && dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --yesno "${QUESTION_ENCRYPTION}" ${DIM}
if [[ $? -eq 0 ]]; then
- # Ask for truecrypt parameters
- NORMAL_PW=""
- HIDDEN_PW=""
- while [[ -z "${NORMAL_PW}" || "${NORMAL_PW}" == "${HIDDEN_PW}" ]]; do
- dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORDS}" 0 0 0 "${LABEL_PASSWORD_NORMAL}" 1 0 "" 2 0 40 1024 "${LABEL_PASSWORD_HIDDEN}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
+ # Ask if a hidden volume should be used
+ USE_HIDDEN_VOLUME="no"
+ dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --yesno "${QUESTION_HIDDEN_VOLUME}" ${DIM}
+ if [[ $? -eq 0 ]]; then
+ USE_HIDDEN_VOLUME="yes"
+ PASSWORD_RECOMMENDATION="As you will use a hidden volume, this password (i.e. for the normal volume) should just be easy to remember and need not be particularly strong, just string enough so the authorities believe that you are serious."
+ fi
+
+ # Ask for the normal volume password
+ PW1=""
+ PW2=""
+ while [[ -z "${PW1}" || "${PW1}" != "${PW2}" ]]; do
+ dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_NORMAL_PASSWORD}${PASSWORD_RECOMMENDATION}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_REPEAT}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
if [[ $? -ne 0 ]]; then
- rm /tmp/dialog
+ shred -u /tmp/dialog
exit 1
fi
- NORMAL_PW="$( tail -n 2 /tmp/dialog | head -n 1 )"
- HIDDEN_PW="$( tail -n 1 /tmp/dialog )"
- rm /tmp/dialog
+ PW1="$( tail -n 2 /tmp/dialog | head -n 1 )"
+ PW2="$( tail -n 1 /tmp/dialog )"
+ shred -u /tmp/dialog
done
+ NORMAL_PW=${PW1}
+
clear
# Unmap all
@@ -84,7 +126,6 @@
echo "*** ${MESSAGE_CREATING_TRUECRYPT_NORMAL}"
echo
truecrypt --hash RIPEMD-160 --encryption AES --filesystem ext3 --password "${NORMAL_PW}" --size ${SIZE}M --type normal --keyfile "" -c "${HOMEPART_TC}"
- # | dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --progressbox "${MESSAGE_CREATING_TRUECRYPT_NORMAL}" 30 70
[[ -e "${HOMEPART_TC}" ]] || exit 1
truecrypt -N 1 --password "${NORMAL_PW}" "${HOMEPART_TC}"
if [[ $? -ne 0 ]]; then
@@ -101,7 +142,10 @@
rmdir /tmp/home
truecrypt -d /dev/mapper/truecrypt1
- if [[ -n "${HIDDEN_PW}" ]]; then
+ # Set up hidden volume
+ if [[ ${USE_HIDDEN_VOLUME} == "yes" ]]; then
+
+ # Size considerations for hidden volume
MIN_HIDDEN_SIZE=$(( ${USED} + 1 ))
MAX_HIDDEN_SIZE=$(( ${SIZE} - ${USED} ))
HIDDEN_SIZE=-1
@@ -116,11 +160,28 @@
rm /tmp/dialog
done
+ # Ask for hidden volume password
+ PW1=""
+ PW2=""
+ while [[ -z "${PW1}" || "${PW1}" != "${PW2}" || "${PW1}" == "${NORMAL_PW}" ]]; do
+ dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_HIDDEN_PASSWORD}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_REPEAT}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
+ if [[ $? -ne 0 ]]; then
+ shred -u /tmp/dialog
+ exit 1
+ fi
+ PW1="$( tail -n 2 /tmp/dialog | head -n 1 )"
+ PW2="$( tail -n 1 /tmp/dialog )"
+ shred -u /tmp/dialog
+ done
+
+ HIDDEN_PW=${PW1}
+
+ clear
+
echo
echo "*** ${MESSAGE_CREATING_TRUECRYPT_HIDDEN}"
echo
truecrypt --hash RIPEMD-160 --encryption AES --filesystem ext3 --password "${HIDDEN_PW}" --size ${HIDDEN_SIZE}M --type hidden --keyfile "" -c "${HOMEPART_TC}"
- #| dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --progressbox "${MESSAGE_CREATING_TRUECRYPT_HIDDEN}" 30 70
truecrypt -N 1 --password "${HIDDEN_PW}" "${HOMEPART_TC}"
if [[ $? -ne 0 ]]; then
rm "${HOMEPART_TC}"
Added: incognito/trunk/root_overlay/usr/sbin/enable-persistent-vol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/enable-persistent-vol (rev 0)
+++ incognito/trunk/root_overlay/usr/sbin/enable-persistent-vol 2008-01-18 05:34:16 UTC (rev 13179)
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# FIXME: we should get this from somewhere
+LOCK_FILE=/mnt/cdrom/LOCK_NO_PERSISTENT
+
+rm -f ${LOCK_FILE}
+
+# Find the dialog command
+DIALOG="$(which Xdialog 2>/dev/null)"
+if [ -z "${DIALOG}" -o -z "${DISPLAY}" ]; then
+ DIALOG="$(which dialog 2>/dev/null)"
+fi
+
+if [[ -z "${DIALOG}" ]]; then
+ echo "Could not find Xdialog or dialog"
+ exit 1
+fi
+
+DEFAULT_WIDTH=80
+DIALOG="${DIALOG} --wrap --cr-wrap --left"
+
+if [[ -e ${LOCK_FILE} ]]; then
+ ${DIALOG} --msgbox "Operation failed." 0 ${DEFAULT_WIDTH}
+ exit 1
+else
+ ${DIALOG} --msgbox "The option to create and use persistent home volumes is enabled. You should be prompted next time you start __INCOGNITO__." 0 ${DEFAULT_WIDTH}
+ exit 0
+fi
Added: incognito/trunk/root_overlay/usr/share/applications/enable-persistent-vol.desktop
===================================================================
--- incognito/trunk/root_overlay/usr/share/applications/enable-persistent-vol.desktop (rev 0)
+++ incognito/trunk/root_overlay/usr/share/applications/enable-persistent-vol.desktop 2008-01-18 05:34:16 UTC (rev 13179)
@@ -0,0 +1,14 @@
+[Desktop Entry]
+Comment=Enable the option to create and use persistent home volumes during boot.
+Encoding=UTF-8
+Exec=sudo /usr/sbin/enable-persistent-vol
+GenericName=
+Icon=reload
+MimeType=
+Name=Enable persistant home volume
+Path=
+StartupNotify=true
+Terminal=false
+TerminalOptions=
+Type=Application
+Categories=Utility
More information about the tor-commits
mailing list