1 Topic by benyouyou (edited by benyouyou 2024-06-09 10:24:34)

  • benyouyou
  • Beginner
  • Offline
  • Registered: 2024-06-02
  • Posts: 19

Topic: Hyperbola setup and user programs

From
"Bringing my .cwmrc to Hyperbola" thread:

jim wrote:

As I understand it, you also decrypt disks or usb using the
terminal.

What do you think about scripts to automate this process? Can you write
complex scripts?

I don't encrypt full disks as I don't see the usefulness to, putting a
password in BIOS is simpler if needed to protect the system itself at
boot, but even then you can't know that the disks haven't been removed
and executables changed unless you sign them or reinstall the whole
system. But a line in an init script that would decrypt some file using a password at
startup with aescrypt2 for example, and encrypt it at shutdown is a good way of
protecting privacy.

Regarding full usb encryption, use fscrypt:
https://wiki.archlinux.org/title/Fscrypt#ext4.
Compile and install fscryptctl:
https://github.com/google/fscryptctl/bl … README.md.
and follow the instructions
For auto_mounting, you can add a udev rule, for example (supposing you want to enter the password in dmenu):

(inspired by
https://stackoverflow.com/questions/451 … ell-script)

/lib/udev/rules.d/10-usb-decryption-automount.rules

// SPDX-License-Identifier: BSD-3-Clause
ACTION=="add", KERNEL=="sdb[0-9]", SUBSYSTEM=="block", RUN+="auto-mount"
ACTION=="remove", KERNEL=="sdb[0-9]", SUBSYSTEM=="block", RUN+="auto-mount"

/usr/bin/auto-mount 

// SPDX-License-Identifier: BSD-3-Clause
#!/bin/sh

Name=$(basename $0)
Logger="/usr/bin/logger -p local3.info -t $Name "
Message="$* $DEVNAME $ACTION $ID_FS_LABEL"
$Logger <<< $Message

usb_add ()
{ Message="automounting  $DEVNAME $ID_FS_LABEL"
  $Logger <<< $Message
  /sbin/mount $DEVNAME /mnt && $Logger <<< "mounted" ||
 $Logger <<< "failed"
  dmenu < /dev/null | fscryptctl add_key /mnt
}

pico_remove ()
{ Message="umounting  $DEVNAME $ID_FS_LABEL"
  $Logger <<< $Message
  /sbin/umount -f /mnt && $Logger <<< "umounted" || $LOGGER "failed"
}

usb_$ACTION

then: udevadm control --reload-rules && udevadm trigger

2 Reply by jim

  • jim
  • Guest

Re: Hyperbola setup and user programs

Thank you for your answer. I meant this script, this is Luke Smith

#!/bin/bash

# Mounts Android Phones and USB drives (encrypted or not). This script will
# replace the older `dmenumount` which had extra steps and couldn't handle
# encrypted drives.
# TODO: Try decrypt for drives in crtypttab
# TODO: Add some support for connecting iPhones (although they are annoying).

IFS='
'
# Function for escaping cell-phone names.
escape(){ echo "$@" | iconv -cf UTF-8 -t ASCII//TRANSLIT | tr -d '[:punct:]' | tr '[:upper:]' '[:lower:]' | tr ' ' '-' | sed "s/-\+/-/g;s/\(^-\|-\$\)//g" ;}

# Check for phones.
phones="$(simple-mtpfs -l 2>/dev/null | sed "s/^/📱/")"
mountedphones="$(grep "simple-mtpfs" /etc/mtab)"
# If there are already mounted phones, remove them from the list of mountables.
[ -n "$mountedphones" ] && phones="$(for phone in $phones; do
    for mounted in $mountedphones; do
        escphone="$(escape "$phone")"
        [[ "$mounted" =~ "$escphone" ]] && break 1
    done && continue 1
    echo "$phone"
done)"

# Check for drives.
lsblkoutput="$(lsblk -rpo "uuid,name,type,size,label,mountpoint,fstype")"
# Get all LUKS drives
allluks="$(echo "$lsblkoutput" | grep crypto_LUKS)"
# Get a list of the LUKS drive UUIDs already decrypted.
decrypted="$(find /dev/disk/by-id/dm-uuid-CRYPT-LUKS2-* | sed "s|.*LUKS2-||;s|-.*||")"
# Functioning for formatting drives correctly for dmenu:
filter() { sed "s/ /:/g" | awk -F':' '$7==""{printf "%s%s (%s) %s\n",$1,$3,$5,$6}' ; }

# Get only LUKS drives that are not decrypted.
unopenedluks="$(for drive in $allluks; do
    uuid="${drive%% *}"
    uuid="${uuid//-}"    # This is a bashism.
    [ -n "$decrypted" ] && for open in $decrypted; do
        [ "$uuid" = "$open" ] && break 1
    done && continue 1
    echo "🔒 $drive"
done | filter)"

# Get all normal, non-encrypted or decrypted partitions that are not mounted.
normalparts="$(echo "$lsblkoutput"| grep -v crypto_LUKS | grep 'part\|rom\|crypt' | sed "s/^/💾 /" | filter )"

# Add all to one variable. If no mountable drives found, exit.
alldrives="$(echo "$phones
$unopenedluks
$normalparts" | sed "/^$/d;s/ *$//")"

# Quit the script if a sequential command fails.
set -e

test -n "$alldrives"

# Feed all found drives to dmenu and get user choice.
chosen="$(echo "$alldrives" | dmenu -p "Mount which drive?" -i)"

# Function for prompting user for a mountpoint.
getmount(){
    mp="$(find /mnt /media /mount /home -maxdepth 1 -type d 2>/dev/null | dmenu -i -p "Mount this drive where?")"
    test -n "$mp"
    if [ ! -d "$mp" ]; then
        mkdiryn=$(printf "No\\nYes" | dmenu -i -p "$mp does not exist. Create it?")
        [ "$mkdiryn" = "Yes" ] && (mkdir -p "$mp" || sudo -A mkdir -p "$mp")
    fi
}

attemptmount(){
        # Attempt to mount without a mountpoint, to see if drive is in fstab.
        sudo -A mount "$chosen" || return 1
        notify-send "💾Drive Mounted." "$chosen mounted."
        exit
}

case "$chosen" in
    💾*)
        chosen="${chosen%% *}"
        chosen="${chosen:1}"    # This is a bashism.
        attemptmount || getmount
        sudo -A mount "$chosen" "$mp" -o uid="$(id -u)",gid="$(id -g)"
        notify-send "💾Drive Mounted." "$chosen mounted to $mp."
        ;;

    🔒*)
        chosen="${chosen%% *}"
        chosen="${chosen:1}"    # This is a bashism.
        # Number the drive.
        while true; do
            [ -f "/dev/mapper/usb$num" ] || break
            num="$(printf "%02d" "$((num +1))")"
        done

        # Decrypt in a terminal window
        ${TERMINAL:-st} -n floatterm -g 60x1 -e sudo cryptsetup open "$chosen" "usb$num"
        # Check if now decrypted.
        test -b "/dev/mapper/usb$num"

        attemptmount || getmount
        sudo -A mount "/dev/mapper/usb$num" "$mp" -o uid="$(id -u)",gid="$(id -g)"
        notify-send "🔓Decrypted drive Mounted." "$chosen decrypted and mounted to $mp."
        ;;

    📱*)
        notify-send "❗Note" "Remember to allow file access on your phone now."
        getmount
        number="${chosen%%:*}"
        number="${chosen:1}"    # This is a bashism.
        sudo -A simple-mtpfs -o allow_other -o fsname="simple-mtpfs-$(escape "$chosen")" --device "$number" "$mp"
        notify-send "🤖 Android Mounted." "Android device mounted to $mp."
        ;;
esac

3 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,924

Re: Hyperbola setup and user programs

Please always name the source where those scripts are coming from, so it is possible to check the license for other interested. If you are the creator(s), please add a corresponding free, permissive license for others to check out.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

4 Reply by jim

  • jim
  • Guest

Re: Hyperbola setup and user programs

Okay, I indicated the author of this script, here is the source (GPL-3.0 license )

5 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,924

Re: Hyperbola setup and user programs

Thanks for adding. smile
But also note: Luke Smith is not getting any "welcome" here. So please do not add further sources from him or based on him. Thanks!

We do not support people oriented on far-right political ideologies (with pointing on our social contract).

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!