search

AvANa-BBS / freepto-lb

Encrypted GNU/Linux OS (based on Debian Wheezy) which can be installed on USB flash drive. Freepto is designed for encrypt your communications, carry your documents in secure way and save your anonymity.
http://www.freepto.mx/
43 stars 14 forks source link

Freepto Live Helper: doesn't recognize existing persistence #112

Closed ghost closed 10 years ago

ghost commented 10 years ago

If Freepto is started in live mode, freepto-live-helper correctly recognize the live status, but not the existing persistence.

paranoid@freepto:~$ check-persistence -v has-avail-persistence /dev/mapper/control: open failed: Permesso negato Failure to communicate with kernel device-mapper driver. Impossibile inizializzare device-mapper. Forse il modulo kernel dm_mod non è caricato. /dev/sdb2 is not an encrypted partition

There is a permission problem with the cryptsetup command executed as "paranoid": 

/sbin/cryptsetup isLuks /dev/sdb2

http://github.com/AvANa-BBS/freepto-usb-utils/blob/master/check-persistence#L106

Therefore this check always fails if executed as "paranoid":

paranoid@freepto:~$ sudo check-persistence has-avail-persistence /dev/sdb2

boyska commented 10 years ago

This should be avoided by the check [[ ! -r $persistence ]]. Can you, therefore, check if the persistence is readable by paranoid? it should not, be, so that has-avail-persitence will output a warning but also return the FOUND status.

ghost commented 10 years ago

Yes, it is readable from paranoid:

paranoid@freepto:~$ ls -l /dev/sdb2
brw-rw---T 1 root floppy 8, 18 feb 24 23:16 /dev/sdb2
paranoid@freepto:~$ grep floppy /etc/group
floppy:x:25:paranoid

A workaround could be something like that:

if lsblk | grep ${persistence:5} >/dev/null && [ "$UID" -ne 0 ]; then
      echo "Not able to check encryption; maybe you should be root?" >&2
      echo $persistence
      return ${RET_PERSISTENCE_FOUND}
fi
boyska commented 10 years ago

I am confused. Can you post the complete output of 

check-persistence -v has-avail-persistence; echo $?

as both root and paranoid?

After that, can you manually run modprobe dm_mod as root, and rerun the previous commands?

boyska commented 10 years ago

Ok, I can confirm the bug: it appears even when dm_mod is loaded, so I don't know why in debian it rants about /dev/mapper/control problems.

However, this can be fixed using

udisks --show-info "$persistence" | fgrep 'type:' | grep 'crypto_LUKS'
ghost commented 10 years ago

fixed: https://github.com/vinc3nt/freepto-usb-utils/commit/3c19b30ee3a27724e33372bf11d75cb6fcc318c4

ghost commented 10 years ago

also added alert about running makepersistence on virtualized environments: https://github.com/vinc3nt/freepto-usb-utils/commit/769b96615deb77b4d9cbf24821dfbcaa20855a77

boyska commented 10 years ago

this is delegated to https://github.com/AvANa-BBS/freepto-usb-utils/issues/8