[or-cvs] r15339: Refactored the actual mounting of the persistent drive from (in incognito/trunk/root_overlay: etc/init.d usr/sbin)

anonym at seul.org anonym at seul.org
Tue Jun 17 20:57:54 UTC 2008 

Author: anonym
Date: 2008-06-17 16:57:54 -0400 (Tue, 17 Jun 2008)
New Revision: 15339

Added:
   incognito/trunk/root_overlay/usr/sbin/mount-homevol
Modified:
   incognito/trunk/root_overlay/etc/init.d/external-config-setup
   incognito/trunk/root_overlay/usr/sbin/create-homevol
Log:
Refactored the actual mounting of the persistent drive from the init script to a script of its own.
Also made this part compatible with the new user name thingie.


Modified: incognito/trunk/root_overlay/etc/init.d/external-config-setup
===================================================================
--- incognito/trunk/root_overlay/etc/init.d/external-config-setup	2008-06-17 20:53:29 UTC (rev 15338)
+++ incognito/trunk/root_overlay/etc/init.d/external-config-setup	2008-06-17 20:57:54 UTC (rev 15339)
@@ -1,129 +1,95 @@
 #!/sbin/runscript
 
 # Sets up configuration based on media files external from the root
-# fs, i.e. /mnt/cdrom
+# fs, i.e. /mnt/cdrom.
 
 MEDIAROOT="/mnt/cdrom"
 HOMEPART_EXT3="${MEDIAROOT}/home.ext3.img"
 HOMEPART_TC="${MEDIAROOT}/home.tc"
 
 depend() {
-    need localmount
-    before xdm
+	need localmount
+	before xdm
 }
 
 start() {
-    # User specific config
-    export MEDIAFREE="$(df -k -P "${MEDIAROOT}" | tail -n 1 | awk '{ print $4 }')"
-    einfo "Found ${MEDIAFREE}k free on ${MEDIAROOT}"
-    if [[ -d "${MEDIAROOT}" ]]; then
-     	# Remount media rw
-	mount -o rw,remount ${MEDIAROOT} >/dev/null 2>&1
-	if [[ "${MEDIAFREE}" -gt 24576 && ! -f "${HOMEPART_EXT3}" && ! -f "${HOMEPART_TC}" ]]; then
-	    # Check if really writeable
-	    touch "${MEDIAROOT}/writetest" >/dev/null 2>/dev/null
-	    if [[ -f "${MEDIAROOT}/writetest" ]]; then
-		rm "${MEDIAROOT}/writetest"
+	# User specific config
+	export MEDIAFREE="$(df -k -P "${MEDIAROOT}" | tail -n 1 | awk '{ print $4 }')"
+	einfo "Found ${MEDIAFREE}k free on ${MEDIAROOT}"
+	if [[ -d "${MEDIAROOT}" ]]; then
+	 	# Remount media rw
+		mount -o rw,remount ${MEDIAROOT} >/dev/null 2>&1
+		if [[ "${MEDIAFREE}" -gt 24576 && ! -f "${HOMEPART_EXT3}" && ! -f "${HOMEPART_TC}" ]]; then
+			# Check if really writeable
+			touch "${MEDIAROOT}/writetest" >/dev/null 2>/dev/null
+			if [[ -f "${MEDIAROOT}/writetest" ]]; then
+				rm "${MEDIAROOT}/writetest"
+				splash_verbose
+				clear
+				/usr/sbin/create-homevol
+				splash_silent
+			fi
+		fi
+	fi
+
+	if [[ -w "${HOMEPART_TC}" ]]; then
+		ebegin "Mounting TrueCrypt /home"
+		#clear
 		splash_verbose
-		clear
-		/usr/sbin/create-homevol
+		/usr/sbin/mount-homevol TC ${HOMEPART_TC}
+		TMP=$?
 		splash_silent
-	    fi
+		eend ${TMP}
+	elif [[ -w "${HOMEPART_EXT3}" ]]; then
+		ebegin "Mounting boot media /home"
+		/usr/sbin/mount-homevol EXT3 ${HOMEPART_EXT3}
+		eend $?
 	fi
-    fi
 
-    if [[ -w "${HOMEPART_TC}" ]]; then
-	ebegin "Mounting TrueCrypt /home"
-	clear
-	splash_verbose
-	BACKTITLE="__INCOGNITO__"
-	LABEL_PASSWORD="Password"
-	LABEL_OPT_PWD="Optional password"
-	QUESTION_PASSWORD="Please enter the password(s) for the home volume, or choose cancel to boot with default settings and no persistent storage.
+	if [[ ! -e /var/state/boot-media-home ]]; then
+		ebegin "Copying user config from boot media to /home/__INCOGNITO_USER__"
+		mkdir -p /home/__INCOGNITO_USER__/.kde3.5/share/config
+		[[ -f ${MEDIAROOT}/config/kopeterc ]] && cp ${MEDIAROOT}/config/kopeterc /home/__INCOGNITO_USER__/.kde3.5/share/config
+		if [[ -d ${MEDIAROOT}/keys/ssh ]]; then
+			cp -a ${MEDIAROOT}/keys/ssh /home/__INCOGNITO_USER__/.ssh
+			chown -R __INCOGNITO_USER__:users /home/__INCOGNITO_USER__/.ssh
+			chmod 700 /home/__INCOGNITO_USER__/.ssh
+		fi
+		eend 0
+	fi
 
-To get standard access to a volume, enter the appropriate password in the '${LABEL_PASSWORD}' field and leave the ${LABEL_OPT_PWD} blank. For example, if you do NOT have a hidden volume, you should always simply enter your single password in the '${LABEL_PASSWORD}' field. If you have a hidden volume and want to access it you instead enter the hidden volume password in the '${LABEL_PASSWORD}' field.
-
-If you have a hidden volume but want to access the normal volume safely, enter the normal volume password in the '${LABEL_PASSWORD}' field and the hidden volume password in the '${LABEL_OPT_PWD}' field. If you enter the normal volume password without entering the hidden volume password in this way you risk corrupting the hidden volume and make it inaccessible."
-	QUESTION_ERROR="An error occurred opening the volume, see above, hit Enter/Return to try again"
-	TITLE="Open Persistent Home Volume"
-	# Ask for truecrypt password, use password from creating (hidden volume preferred) if available
-	while true; do
-	    dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_OPT_PWD}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
-	    if [[ $? -ne 0 ]]; then
-		clear
-		rm /tmp/dialog
-		break
-	    fi
-	    clear
-	    TRUECRYPT_PW1="$( tail -n 2 /tmp/dialog | head -n 1 )"
-	    TRUECRYPT_PW2="$( tail -n 1 /tmp/dialog )"	
-	    rm /tmp/dialog
-	    # if we got two passwords, try mounting the normal volume safely, otherwise mount normally
-	    if [[ -z ${TRUECRYPT_PW2} ]]; then
-		truecrypt --keyfile "" --password "${TRUECRYPT_PW1}" "${HOMEPART_TC}" /home
-	    else
-		truecrypt --protect-hidden --keyfile "" --keyfile "" --password "${TRUECRYPT_PW1}" --password "${TRUECRYPT_PW2}" "${HOMEPART_TC}" /home
-	    fi
-		
-	    if [[ $? -eq 0 ]]; then
-		touch /var/state/boot-media-home
-		break
-	    fi
-	    echo
-	    echo "*** ${QUESTION_ERROR} ***"
-	    echo
-	    read TMP
-	done
-	splash_silent
-	eend 0
-    elif [[ -w "${HOMEPART_EXT3}" ]]; then
-	ebegin "Mounting boot media /home"
-	mount -o rw,remount ${MEDIAROOT} >/dev/null 2>&1
-	mount -o loop -t ext3 "${HOMEPART_EXT3}" /home && touch /var/state/boot-media-home
-	eend $?
-    fi
-    if [[ ! -e /var/state/boot-media-home ]]; then
-	ebegin "Copying user config from boot media to /home/gentoo"
-	mkdir -p /home/gentoo/.kde3.5/share/config
-	[[ -f ${MEDIAROOT}/config/kopeterc ]] && cp ${MEDIAROOT}/config/kopeterc /home/gentoo/.kde3.5/share/config
-	if [[ -d ${MEDIAROOT}/keys/ssh ]]; then
-	    cp -a ${MEDIAROOT}/keys/ssh /home/gentoo/.ssh
-	    chown -R gentoo:users /home/gentoo/.ssh
-	    chmod 700 /home/gentoo/.ssh
+	# System wide config
+	ebegin "Copying system config from boot media"
+	if [[ -d ${MEDIAROOT}/keys/openvpn ]]; then
+		cp -a ${MEDIAROOT}/keys/openvpn /etc
 	fi
 	eend 0
-    fi
 
-    # System wide config
-    ebegin "Copying system config from boot media"
-    [[ -d ${MEDIAROOT}/keys/openvpn ]] && cp -a ${MEDIAROOT}/keys/openvpn /etc
-    eend 0
-
-    # Ensure correct user dir permissions
-    if [[ ! -f /var/state/boot-media-home ]]; then
-	ebegin "Fixing permissions on /home"
-	for USERDIR in /home/*; do
-	    chown -R ${USERDIR/\/home\//}:users $USERDIR
-	    find $USERDIR -type f -print0 | xargs -0 chmod u+rw
-	done
-	eend 0
+	# Ensure correct user dir permissions
+	if [[ ! -f /var/state/boot-media-home ]]; then
+		ebegin "Fixing permissions on /home"
+		for USERDIR in /home/*; do
+			chown -R ${USERDIR/\/home\//}:users $USERDIR
+			#find $USERDIR -type f -print0 | xargs -0 chmod u+rw
+		done
+		eend 0
 	fi
-    chown -R root /root
+	chown -R root /root
 
-    # If using 'docache' we are done with the boot media, eject it
-    CD_DEV="$(eject -n | sed 's:.*\(/dev/[A-Za-z0-9]*\).*:\1:')"
-    [[ ! -f /var/state/boot-media-home ]] && grep docache /proc/cmdline >/dev/null && [[ -n "${CD_DEV}" ]] && grep "${CD_DEV}" /proc/mounts >/dev/null && eject
+	# If using 'docache' we are done with the boot media, eject it
+	CD_DEV="$(eject -n | sed 's:.*\(/dev/[A-Za-z0-9]*\).*:\1:')"
+	[[ ! -f /var/state/boot-media-home ]] && grep docache /proc/cmdline >/dev/null && [[ -n "${CD_DEV}" ]] && grep "${CD_DEV}" /proc/mounts >/dev/null && eject
 
-    # The previous line could return a false value which is OK, but should not fail the service
-    true
+	# The previous line could return a false value which is OK, but should not fail the service
+	true
 
 }
 
 stop() {
-    if [[ -f /var/state/boot-media-home ]]; then
-	ebegin "Unmounting boot media /home"
-	umount /home && rm /var/state/boot-media-home
-	eend $?
-    fi
+	if [[ -f /var/state/boot-media-home ]]; then
+		ebegin "Unmounting boot media /home"
+		umount /home && rm /var/state/boot-media-home
+		eend $?
+	fi
 }
 

Modified: incognito/trunk/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-06-17 20:53:29 UTC (rev 15338)
+++ incognito/trunk/root_overlay/usr/sbin/create-homevol	2008-06-17 20:57:54 UTC (rev 15339)
@@ -14,10 +14,12 @@
 LOCK_FILE="${MEDIAROOT}/LOCK_NO_PERSISTENT"
 MIN_SIZE=$(( $(du -sk /home | awk '{print $1}') / 1024 + 11)) # 10 to 11 MB extra so that it works better
 MAX_SIZE=$(( ${MEDIAFREE} / 1024 ))
-QUESTION_HOME_PART="Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns which is not normally the case with __INCOGNITO__ (normally everything is reseted on a reboot)."
-QUESTION_NO_PERSISTENT="Would you like to disable the persistent home volume? That way this prompt will never appear when starting __INCOGNITO__.
+QUESTION_HOME_PART="Use the UP and DOWN arrowkeys, and TAB to navigate between different fields and buttons in this guide.
 
-If you choose 'yes' here this can be undone by removing the file ${LOCK_FILE}, located on the USB drive."
+Would you like to create a persistent home volume that will keep your data over __INCOGNITO__ sessions? This means that application settings and file changes in your home directory will persist through computer shutdowns which is not normally the case with __INCOGNITO__ (normally everything is reseted on a reboot)."
+QUESTION_NO_PERSISTENT="Would you like to disable the previous prompt? That way the start sequence will never get interrupted when booting __INCOGNITO__.
+
+If you choose 'yes' here this can be undone by removing the file $(basename ${LOCK_FILE}), located on the USB drive."
 QUESTION_SIZE="Enter the size in megabytes for the home volume. ${MIN_SIZE} MB is the smallest we allow, but it is strongly recommended to use more. There will be a recommended value in the input field which work for most users. The recommended value will utilize most space but save a little so that future upgrades of __INCOGNITO__ will fit. If you plan to store other files on the media you should take that into account and decrease the volume size appropriately."
 QUESTION_ENCRYPTION="Would you like to encrypt the home volume using TrueCrypt? This will make your data unreadable for everyone that does not have the password you choose unless they can guess it."
 QUESTION_HIDDEN_VOLUME="Do you want to use a hidden home volume?
@@ -209,6 +211,7 @@
 else
 	clear
 	# Create ext3 home volume
+	echo "Creating unencrypted home volume. This can take a few minutes depending on the chosen size."
 	dd if=/dev/zero "of=${HOMEPART_EXT3}" bs=1M count=${SIZE} >/dev/null 2>&1
 	if [[ $? -eq 0 && -w "${HOMEPART_EXT3}" ]]; then
 		mkfs.ext3 -q -F -T small "${HOMEPART_EXT3}"
@@ -223,5 +226,4 @@
 		rm -f "${HOMEPART_EXT3}" 2>/dev/null
 		exit 1
 	fi
-
 fi

Added: incognito/trunk/root_overlay/usr/sbin/mount-homevol
===================================================================
--- incognito/trunk/root_overlay/usr/sbin/mount-homevol	                        (rev 0)
+++ incognito/trunk/root_overlay/usr/sbin/mount-homevol	2008-06-17 20:57:54 UTC (rev 15339)
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+#
+# Mount the home volume
+#
+
+# dialog text for TC password prompt
+BACKTITLE="__INCOGNITO__"
+LABEL_PASSWORD="Password"
+LABEL_OPT_PWD="Optional password"
+QUESTION_PASSWORD="Please enter the password(s) for the home volume, or choose cancel to boot with default settings and no persistent storage. Use the UP and DOWN arrows to navigate between the password fields and TAB to switch between <OK> and <Cancel>.
+
+To get standard access to a volume, enter the appropriate password in the '${LABEL_PASSWORD}' field and leave the ${LABEL_OPT_PWD} blank. For example, if you do NOT have a hidden volume, you should always simply enter your single password in the '${LABEL_PASSWORD}' field. If you have a hidden volume and want to access it you instead enter the hidden volume password in the '${LABEL_PASSWORD}' field.
+
+If you have a hidden volume but want to access the normal volume safely, enter the normal volume password in the '${LABEL_PASSWORD}' field and the hidden volume password in the '${LABEL_OPT_PWD}' field. If you enter the normal volume password without entering the hidden volume password in this way you risk corrupting the hidden volume and make it inaccessible."
+QUESTION_ERROR="An error occurred opening the volume, see above, hit ENTER/RETURN to try again"
+TITLE="Open Persistent Home Volume"
+
+# command line arguments
+TYPE="$1"
+HOMEPART="$2"
+
+if [[ -z "${TYPE}" ]] || [[ -z "${HOMEPART}" ]]; then
+	echo "Usage: $0 TYPE HOMEPART" >&2
+	echo "where TYPE is either TC for TrueCrypt or EXT3 for ext3, and HOMEPART is the" >&2
+	echo "partition image file." >&2
+	exit 1
+fi
+
+if [[ ! -w "${HOMEPART}" ]]; then
+	echo "The partition image file ${HOMEPART} has to be writable." >&2
+	exit 1
+fi
+
+if [[ ${TYPE} != "TC"  ]] && [[ ${TYPE} != "EXT3" ]]; then
+	echo "Incorrect TYPE ${TYPE}. Should be either TC or EXT3."
+	exit 1
+fi
+
+if [[ ${TYPE} == "TC" ]]; then
+	# Ask for truecrypt password, use password from creating (hidden volume preferred) if available
+	while true; do
+		dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --insecure --passwordform "${QUESTION_PASSWORD}" 0 0 0 "${LABEL_PASSWORD}" 1 0 "" 2 0 40 1024 "${LABEL_OPT_PWD}" 4 0 "" 5 0 40 1024 2>/tmp/dialog
+		if [[ $? -ne 0 ]]; then
+			clear
+			rm /tmp/dialog
+			break
+	    	fi
+		clear
+
+		# we have to read the passwords in this way to evade reading any errors written to /tmp/dialog
+		TRUECRYPT_PW1="$( tail -n 2 /tmp/dialog | head -n 1 )"
+		TRUECRYPT_PW2="$( tail -n 1 /tmp/dialog )"	
+		shred -u /tmp/dialog
+
+		# if we got both passwords, try mounting the normal volume safely, otherwise mount normally
+		if [[ -z ${TRUECRYPT_PW2} ]]; then
+			truecrypt --keyfile "" --password "${TRUECRYPT_PW1}" "${HOMEPART}" /home
+		else
+			truecrypt --protect-hidden --keyfile "" --keyfile "" --password "${TRUECRYPT_PW1}" --password "${TRUECRYPT_PW2}" "${HOMEPART}" /home
+		fi
+		
+		if [[ $? -eq 0 ]]; then
+			touch /var/state/boot-media-home
+			break
+		fi
+		echo >&2
+		echo "*** ${QUESTION_ERROR} ***" >&2
+		echo >&2
+		read
+	done
+elif [[ ${TYPE} == "EXT3" ]]; then
+	mount -o loop -t ext3 "${HOMEPART}" /home
+	TMP=$?
+	if [[ ${TMP} -eq 0 ]]; then 
+		touch /var/state/boot-media-home
+	fi
+	exit ${TMP}
+fi
+
+exit 0


Property changes on: incognito/trunk/root_overlay/usr/sbin/mount-homevol
___________________________________________________________________
Name: svn:executable
   + *

More information about the tor-commits mailing list