search

pieroproietti / penguins-eggs

On the road of Remastersys, Refracta, Systemback and father Knoppix!
https://penguins-eggs.net
374 stars 41 forks source link

syncto e syncfrom #347

Closed pieroproietti closed 3 months ago

pieroproietti commented 4 months ago

@markoceri

syncto and syncfrom

I am thinking of restructuring, and also simplifying, syncto and syncfrom.

When I created these commands I had fallen in love with LUKS which, however - used as I have been using it - has a not insignificant problem and that is the need to know before the space required for the device.

After your intervention I thought maybe it was better to use a payload.tar.gz.gpg file created with tar, gz and gpg, however this would mean giving up the exclude list, applicable however to mksquashfs.

So I tried to see the possibility of using mksquashfs and encrypting the final result with LUKS . I got the idea from this link

sudo mksquashfs /home /etc/passwd /etc/shadow /etc/group payload.sfs
sudo truncate -s +32M payload.sfs # add 32M for cryptsetup
sudo cryptsetup -q reencrypt --encrypt --type luks2 --resilience none --disable-locks --reduce-device-size 32M payload.sfs

payload should be mounted with the commands:

sudo cryptsetup open payload.sfs payload
sudo mount /dev/payload /tmp/payload

and you could directly copy the files contained in / with syncfrom.

What do you think? Thanks for the patch anyway

markoceri commented 4 months ago

Create a tar.gz file and after encrypt it with gpg is not a bad idea.

I can image you wanting to use the linux tar command to create the compressed archive and the gpg command to encrypt It or, perhaps something like gpgtar to create an encrypted archive shortly (although it seems that gpgtar does not have the exclusion of paths from a file).

While I'm not very knowledgeable on the subject, if you want, let's explore the different possibilities.

For what I can read in the manual page of the tar command (man) it is indeed possible to exclude a list of paths using the canonical argument, similar to how other programs do, --exclude-from=FILE. By concatenating this with the gpg command, we can create the encrypted and compressed archive.

tar --exclude-from='exclusion-list.txt' -czf - /home/myuser | gpg -c -o payload.tar.gz.gpg

Now, regarding the use of mksquashfs and LUKS partitions, I must admit that I hadn’t encountered them until I got my hands on penguins.

What made you fall in love with LUKS? What do you thing are the advantages of using mksquashfs+LUKS instead of tar.gz+gpg?

I don’t know the instrument well (penguins-eggs), and due to my limited perspective, I can’t comment on what is better for all scenario.

But I think, Hey! We are developer! We can implement both! :smiley:

pieroproietti commented 4 months ago

I fall in love with LUKS when understood it was impossible to discover the pass-frase, but this is probably possible with others methods too. I'm not too expert on cryptografy, just - when I build the first version of syncto, syncfrom - want to help a friend with the need to move servers on the net, without expose it's data.

So far, I had a couple of days off, I tried to implement everything with LUKS and mksquashfs. It works as well - sometimes - but I can't figure out the reasons why.

It's all on the branch syncto

I hope to have time in the next days to fix it, but maybe the idea of using tar if it has the ability to use an exclude-list would probably be more stable.