Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (9)
to SailfishOS by biketool - 4 hrs, 9 mins ago -
[Announce] coderus unrestricted system-ui (297)
to MeeGo / Harmattan by nieldk - 6 days, 9 hrs ago - more...
 |
|
2012-01-18
, 17:11
|
|
Posts: 238 |
Thanked: 291 times |
Joined on Mar 2010
@ London, UK
|
#32
|
I use a custom made TrueCrypt Script which doesn't work no more. However, these are the Icons that I used to use for it. . Hope you might find these useful. Great work on this Project BTW...
Last edited by fareed_xtreme; 2012-01-18 at 17:37.
__________________
Wish to have Portrait LockSlider's for your theme? Click Here
Wish to have Portrait LockSlider's for your theme? Click Here
Last edited by fareed_xtreme; 2012-01-18 at 17:37.
| The Following 2 Users Say Thank You to fareed_xtreme For This Useful Post: | ||
|
|
2012-01-18
, 17:55
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#33
|
And please NIM101, if You quote, don't cut it in a way that changes meaning I've said: "writing by hand *or* saving as sh script".
Also, AFAICT, you haven't had idea if "hidden volume protected" option will work or not (well, at least during our last IRC conversation),
... IMO pointless for any other reason, that setting it up for other program/GUI. Also, i don't see any reason to save scripts for executing 1 short command with 1 short value, like ... Using auto-completion via TAB, it's much faster to write by hand.
I also think (and know) that typing something like ./tcmasstorage is faster and more convenient than the command with the per-defined /dev/mapper/truecryptX
...It also contains many checks and warnings, popping up - using Maemo notifications - if any stage fails (thus, user can feel relatively sure, that every command succeed, if no errors popped).
I use a custom made TrueCrypt Script which doesn't work no more.
The icons are good imho (if not under some evil copyright :P) .
| The Following 2 Users Say Thank You to NIN101 For This Useful Post: | ||
|
|
2012-01-18
, 21:56
|
|
Posts: 238 |
Thanked: 291 times |
Joined on Mar 2010
@ London, UK
|
#34
|
Originally Posted by NIN101
To Begin with, I created these icons myself :P (Except for the first one, a rip off from google :P)... So I do not know who could sue us for Original Development through Photoshop.
Oops, accidentally skipped it. Excuse me.
Ohm..., no, I don't remember that, but let's forget it.
The point of my greps and cuts is that you can't know the name of the new mapper. Sure, if you only mount one, it is likely to be /dev/mapper/truecrypt1, but if you have multiple volumes, it's better to get it from TC output (especially if the order you mount them is not always the same).
I also think (and know) that typing something like ./tcmasstorage is faster and more convenient than the command with the per-defined /dev/mapper/truecryptX
Well, that's a good idea.
More details on that?
The icons are good imho (if not under some evil copyright :P) .
Secondly, The script I use is attached. Well it is something that I created long ago and it never required me to run it as root. But now I believe it needs to run as root to execute. Error relates to Kernel not supporting something...
__________________
Wish to have Portrait LockSlider's for your theme? Click Here
Wish to have Portrait LockSlider's for your theme? Click Here
| The Following User Says Thank You to fareed_xtreme For This Useful Post: | ||
 |
|
2012-01-18
, 22:32
|
|
Posts: 5,028 |
Thanked: 8,613 times |
Joined on Mar 2011
|
#35
|
fareed_xtreme, thanks a lot for the icons! I also like them, will surely put it to good use.
NIN101, for sure many people may benefit from Your grepping command, that's why I've put both into tutorial
I think we agree, that's it's up to personal preferences, so no conflict here.
Sorry for delay in posting set of script for encryption, got extremely busy day. Will *try* to polish them and publish after midnight.
/Estel
NIN101, for sure many people may benefit from Your grepping command, that's why I've put both into tutorial
I think we agree, that's it's up to personal preferences, so no conflict here.Sorry for delay in posting set of script for encryption, got extremely busy day. Will *try* to polish them and publish after midnight.
/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 |
|
2012-01-19
, 02:53
|
|
Posts: 1,455 |
Thanked: 3,309 times |
Joined on Dec 2009
@ Rochester, NY
|
#36
|
Personally, I modified my scripts to pre-test to see if it's mounted, and if so it bumps the number of devices up to 3 and puts the encrypted volume up as a separate drive.
No reason to fuss with the other devices that way.
Deltas are below.
...
Last edited by woody14619; 2012-01-19 at 02:59.
No reason to fuss with the other devices that way.
Deltas are below.
Code:
MOUNT_PT=/media/truecrypt1
DEV_COUNT=2
if [ -e $MOUNT_PT ]; then
DEV_COUNT=3
fi
/sbin/lsmod | grep g_file_storage > /dev/null
if [ $? != 0 ]; then
/sbin/modprobe g_file_storage stall=0 luns=$DEV_COUNT removable
RC=$?
fi
if [ $RC != 0 ]; then
logger "$0: failed to install g_file_storage"
exit 1
fi
LUN0='/sys/devices/platform/musb_hdrc/gadget/gadget-lun0/file'
LUN1='/sys/devices/platform/musb_hdrc/gadget/gadget-lun1/file'
LUN2='/sys/devices/platform/musb_hdrc/gadget/gadget-lun2/file'
if [ $DEV_COUNT=3 ]; then
# since we may be called when this was already set up...
if [ -e $LUN2 ]; then
# find/remember out mount point
TC_DEV=`/bin/df | /bin/grep $MOUNT_PT | /usr/bin/cut -d\ -f1`
if [ "x$TC_DEV" = "x" ]; then
DEV_COUNT=2
else
DEV_COUNT=3
fi
else
DEV_COUNT=2
fi
fi
Code:
if [ $# = 1 ]; then
STR=`cat $LUN0`
if [ "x$STR" = "x" ]; then
echo $1 > $LUN0
else
echo $1 > $LUN1
fi
if [ $DEV_COUNT=3 ]; then
STR=`cat $LUN2`
if [ "x$STR" = "x" ]; then
echo $TC_DEV > $LUN2
fi
fi
fi
Last edited by woody14619; 2012-01-19 at 02:59.
| The Following 2 Users Say Thank You to woody14619 For This Useful Post: | ||
|
|
2012-01-19
, 17:56
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#37
|
But now I believe it needs to run as root to execute. Error relates to Kernel not supporting something...
Oh, I just noticed, those sudo rules are a HUGE security threat. For example, it could be possible for an attacker to overwrite /dev/mmcblk*. Sure, killing the user data is possible with the normal user, but this is another level. Your device could be made unbootable, then one of your few options would be to to reflash EMMC. But anyway, you can gain root access on 90%(guess) of the maemo installations just by running the command "root". Still, this should be removed for the next build.
|
|
2012-01-19
, 18:33
|
|
Posts: 1,455 |
Thanked: 3,309 times |
Joined on Dec 2009
@ Rochester, NY
|
#38
|
Originally Posted by NIN101
Oh, I just noticed, those sudo rules are a HUGE security threat.
Not exactly. Sudo can restrict not only the program called, but the options passed to it. You can, for example, allow the command:
Code:
/bin/mount
Code:
/bin/mount -t vfat /dev/mmcblk1p1 /mnt/mmc
| The Following User Says Thank You to woody14619 For This Useful Post: | ||
|
|
2012-01-19
, 19:30
|
|
Posts: 115 |
Thanked: 342 times |
Joined on Dec 2010
|
#39
|
Not exactly. Sudo can restrict not only the program called, but the options passed to it.
Code:
cat truecrypt.sudoers user ALL = NOPASSWD: /usr/bin/truecrypt user ALL = NOPASSWD: /opt/maemo/usr/bin/truecrypt
| The Following 2 Users Say Thank You to NIN101 For This Useful Post: | ||
|
|
2012-01-19
, 20:20
|
|
Posts: 1,455 |
Thanked: 3,309 times |
Joined on Dec 2009
@ Rochester, NY
|
#40
|
Originally Posted by NIN101
Right, but you can easily edit the file and insert the parameters to allow it to do just the one thing you want it to do. But that then gives away the location of a container if you're "hiding" it.
I know that. Doesn't matter here. The TC package comes with the following rule:
and this rule allows to mess with every file on the system. That simple.Code:cat truecrypt.sudoers user ALL = NOPASSWD: /usr/bin/truecrypt user ALL = NOPASSWD: /opt/maemo/usr/bin/truecrypt
Personally, I don't encrypt things to "hide" them. I put them there to prevent others from getting casual access to them. I don't care if people scroll off a photo and into my vacation album. But the more "fun" bachelor party photos require a partition be mounted, which is only enabled if I intend to show those photos to someone.
| The Following User Says Thank You to woody14619 For This Useful Post: | ||
 |
| Tags |
| cryptography, encrypted, kernelcrypto, security, truecrypt |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 17:08.
I've no friggin idea, why I'm able to hotswap mass-storage mounts - or, why my microSD partition was *never* dismounted from N900, when exported to desktop via mass-storage.
Anyway, thanks for link to interesting material. Yet, I've never had *any* problems with my "multimount" setup (speaking off microSD partition 1) - not even single vfat corruption, unlike many other people, that doesn't seem to have "multimount"
Filesystem checking - if started by hand or via backupmenu "FSCK all partitions" - always show perfectly fine filesystem. Just keep in mind, that I've never tried stupid things like simultaneous write from 2 devices, though.
Of course, If I ever encounter any problems related to mass-storage multimount, I'll report it ASAP.
---
In the meantime, I've prepared set of scripts, that should take care of enabling encrypted partitions with encrypted swap, and disabling it in favor of regular swap after "work". It also contains many checks and warnings, popping up - using Maemo notifications - if any stage fails (thus, user can feel relatively sure, that every command succeed, if no errors popped).
As a nice bonus for KP users, I've also upgraded actual encrypted swap creation, to make use of XTS + it's using stronger encryption as whole (when compared to original instructions by NIN101 - BTW, thanks for it, I would not be able to do it without Your research!).
I'll post it today - I'm trying to figure a nice way to allow user-defined patches to encrypted volumes, swaps etc + some filesystem option customization. No GUI yet, but simple config file - instead of modyfing raw script - would be nice beginning, I think.
/Estel
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
Last edited by Estel; 2012-01-18 at 04:11.