Browse Source

Apparently functional release

root 2 years ago
parent
commit
484e43e1f0
8 changed files with 58 additions and 31 deletions
  1. 0 0
      CMDS
  2. 7 0
      README
  3. 7 5
      TODO
  4. 31 22
      encrypt.py
  5. 12 3
      test/run.sh
  6. 1 1
      test/sample.lst
  7. BIN
      test/swap.img
  8. BIN
      test/test.img

test/HELP → CMDS


+ 7 - 0
README

@@ -25,3 +25,10 @@ you need some swap space. auditory feedback
  - be wary if you have non ext2/3/4 filesystems. extended attributes / alternate data streams / resource forks will likely be lost
  - you want to read yourself about encryption. Getting locked out of data can be unpleasant.
  - you might want to change the fstype aswell
+
++------------+
+| UsefulCmds |
++------------+
+
+ - {kpartx, losetup}	-> add/del/view device mappings
+ - lsblk		-> shows cryptsetup mapped stuff

+ 7 - 5
TODO

@@ -1,8 +1,10 @@
-Check and hook emergency routine
-Check [optional] prerequisites at start
-Refactor code to use same routines for swap and parts
-(except keygen)
-move check before loop
+Check and hook emergency routine!
 
+More testing!
 
+[ Refactor code to use same routines for swap and parts ]
+(except keygen)
+
+Check [optional] prerequisites at start
+  -> HOW? Install on brand new debian
 packager: for air-gapped machines, download all dependences and the script into a tarball

+ 31 - 22
encrypt.py

@@ -2,7 +2,6 @@
 # coding=utf-8
 import io
 
-import calendar
 from datetime import datetime
 import inspect
 from multiprocessing import Process
@@ -60,14 +59,13 @@ def prepareSwap(dev):
     die('More than one encrypted swap on system!? Aborting')
   log('Zero-filling swap drive')
   print(dev)
-  subprocess.run('dd if=/dev/zero of='+dev+' bs=4M',
+  subprocess.run('dd if=/dev/zero of=/dev/mapper/ENCSWAP bs=4M',
   shell=True)
   os.mkdir('staging')
-  log('Waiting 2sec and creating fs')
-  time.sleep(2)
-  subprocess.run('mkfs.ext2 -FF '+dev, shell=True, check=True)
+  subprocess.run('partprobe '+dev, shell=True)
+  subprocess.run('mkfs.ext2 /dev/mapper/ENCSWAP', shell=True, check=True)
   log('Mounting swap')
-  subprocess.run('mount '+dev+' staging', shell=True, check=True)
+  subprocess.run('mount /dev/mapper/ENCSWAP staging', shell=True, check=True)
   return 0
 
 def promptForSwapUse(dev):
@@ -116,8 +114,8 @@ def mkKeyFile(p):
   log('Making key file for '+p)
   kf = KFDIR+'/'+p
 # generate key and store it
-  with open(kf, 'w') as of:
-    with open('/dev/random', 'r') as rnd:
+  with open(kf, 'wb') as of:
+    with open('/dev/random', 'rb') as rnd:
       of.write(rnd.read(8192))
   return kf
 
@@ -126,30 +124,38 @@ def mkCryptVol(p):
   kf = mkKeyFile(p)
   beep(0)
   print('Key file '+kf+' created for part '+p)
-  subprocess.run('cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time 2000 --use-random luksFormat '+p+' '+kf, 
+  subprocess.run('cryptsetup -v --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time 2000 --use-random luksFormat /dev/mapper/'+p+' '+kf, 
   shell=True,check=True) # create luks header on part
-  subprocess.run('cryptsetup luksOpen '+p+' dest --key-file '+kf, shell=True, check=True)
-  subprocess.run('mkfs.reiserfs /dev/mapper/dest', shell=True, check=True) #Choose your fs
+  subprocess.run('cryptsetup luksOpen /dev/mapper/'+p+' dest --key-file '+kf, shell=True, check=True)
+  subprocess.run('mkfs.ext2 /dev/mapper/dest', shell=True, check=True) # test disk too small for reiserfs journal
+#  subprocess.run('mkfs.reiserfs /dev/mapper/dest', shell=True, check=True) #Choose your fs
   subprocess.run('mount /dev/mapper/dest dest', shell=True, check=True)
 
 def doCryptPart(p):
   mkCryptVol(p)
   print('Copying back files')
-  subprocess.run('rsync -aAX --info=progress2 staging/ dest', shell=True, check=True, stdout=subprocess.STDOUT)
+  pp = subprocess.check_output('rsync -aAX --info=progress2 staging/ dest', shell=True)
   print('Work done for partition '+p)
+  print(pp)
   beep(3)
   return 0
 
 
 def ckDisk(d):
-  sout=""
-  subprocess.run('df /dev/mapper/'+d+'|grep dev|tr -s " " | cut -d ' ' -f 4',shell=True,stdout=sout)
+  sout = '0'
+  try:
+   subprocess.run('df '+d, stdout=subprocess.STDOUT)
+   sout = subprocess.check_output('df '+d+' | grep dev|tr -s " " | cut -d " " -f 4',shell=True)
+   return int(sout)
+  except: 1
   return int(sout)
 
 def ckDiskSpace(p):
 #check that swap is big enough to store part p
-  swapsize = ckDisk('ENCSWAP')
+  swapsize = ckDisk('/dev/mapper/ENCSWAP')
+  log('swapsize: '+str(swapsize))
   partsize = ckDisk(p)
+  log('partsize: '+str(partsize))
   if partsize > swapsize:
     log('partition '+p+' is too big for swap')
     return -1
@@ -159,8 +165,8 @@ def doDisk(part):
   if part[0] == '#': return 0
   part=str.strip(part)
   log("doDisk "+part)
-  subprocess.run('mount '+part+' src -o ro', shell=True, check=True)   #mount the part ro
-  subprocess.run('rsync -aAX --info=progress2 '+part+'/ staging', shell=True, check=True)
+  subprocess.run('mount /dev/mapper/'+part+' src -o ro', shell=True, check=True)   #mount the part ro
+  subprocess.run('rsync -aAX --info=progress2 src/ staging', shell=True, check=True)
   log("Partition "+part+" copied to staging")
   beep(1)
   print('WARNING! Starting now, loss of power will result in dataloss on partition '+part)
@@ -181,17 +187,20 @@ def doDisk(part):
 '''
 def doDisks(parts):
   global KFDIR
+  log('doDisks')
   mp = os.mkdir('src')
-  os.mkdir('dest')
-  KFDIR='kfs_'+calendar.timegm(datetime.datetime.now())
+  try:
+    os.mkdir('dest')
+  except: 1
+  KFDIR='kfs_'+str(int(time.mktime(datetime.now().timetuple())))
   os.mkdir(KFDIR)
 
   ps = []; nd= []
   ret = 0
-  for part in parts.open('r').readlines():
+  for part in open(parts, 'r').readlines():
    ret = ckDiskSpace(part)
    if ret != 0:
-    print('Partition '+part+' too big for space; skipping it')
+    log('Partition '+part+' too big for space; skipping it')
     nd.append(part)
    else:
     ps.append(part)
@@ -237,6 +246,7 @@ def cleanup():
   global LOG_HANDLE
 #  pdb.set_trace()
   LOG_HANDLE.close()
+  subprocess.run('umount ./staging', shell=True)
   subprocess.run('cryptsetup close ENCSWAP', shell=True)
   subprocess.run('umount ./src', shell=True)
   try:
@@ -245,7 +255,6 @@ def cleanup():
   try:
     os.rmdir('staging')
   except: pass
-
 def checkEntropy():
   ent = int(open('/proc/sys/kernel/random/entropy_avail', 'r').readline())
   log("available entropy: "+str(ent))

+ 12 - 3
test/run.sh

@@ -1,13 +1,22 @@
 #!/bin/sh
 # Mounts test.img in the device mapper
 
+rm kfs_* -r
+umount staging
+umount dest
+umount src
+cryptsetup close dest
+cryptsetup close ENCSWAP
 kpartx -d swap.img
 kpartx -d test.img
 
+git checkout -- test.img # restore unencrypted disk img
+
 rm encryptLog* -f
-IT=`kpartx -al test.img|cut -d ' ' -f 5`
+IT=`kpartx -av test.img|cut -d ' ' -f 3`
+echo Target is $IT
 echo $IT > sample.lst
-SWP=`kpartx -al swap.img`
+SWP=`kpartx -av swap.img`
 echo Swap is $SWP
 
-../encrypt.py /dev/loop1 sample.lst
+../encrypt.py /dev/mapper/loop1p1 sample.lst

+ 1 - 1
test/sample.lst

@@ -1 +1 @@
-/dev/loop0
+loop0p1

BIN
test/swap.img


BIN
test/test.img