system/secure-delete: Added (wipe files securely).

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2015-05-29 05:51:30 +07:00 · 2015-05-29 05:51:30 +07:00 · dba446dc51
parent 12051e054c
commit dba446dc51
5 changed files with 378 additions and 0 deletions
--- a/system/secure-delete/README
+++ b/system/secure-delete/README
@ -0,0 +1,5 @@
+Tools to wipe files, free disk space, swap and memory.
+
+Gutmann method based tools for securely wiping data.
+
+From files (srm), free disk space (sfill), swap (sswap) and memory (sdmem).
--- a/system/secure-delete/secure-delete.SlackBuild
+++ b/system/secure-delete/secure-delete.SlackBuild
@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# Slackware build script for secure-delete.
+#
+# Copyright 2015 Edinaldo P. Silva, Rio de Janeiro, Brazil.
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=secure-delete
+SRCNAM=secure_delete
+VERSION=${VERSION:-3.1}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i486 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$SRCNAM-$VERSION.tar.gz
+mv $SRCNAM-$VERSION $PRGNAM-$VERSION
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+patch -p1 < $CWD/secure-delete.diff
+make prefix=/usr DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+mkdir -p $PKG/usr/bin
+cp -a sfill smem srm sswap $PKG/usr/bin
+
+DOCS="CHANGES README TODO usenix6-gutmann.doc"
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
--- a/system/secure-delete/secure-delete.diff
+++ b/system/secure-delete/secure-delete.diff
@ -0,0 +1,251 @@
+--- secure-delete-3.1.orig/srm.1
+++ secure-delete-3.1/srm.1
+@@ -55,7 +55,7 @@
+ .TP
+ .B \-d
+ ignore the two special dot files . and .. on the commandline. (so you can
+-execute it like "srm -d .* *")
+execute it like "srm \-d .* *")
+ .TP
+ .B \-f
+ fast (and insecure mode): no /dev/urandom, no synchronize mode.
+@@ -65,7 +65,7 @@
+ and a final mode random values.
+ .TP
+ .B \-l
+--l for a second time lessons the security even more: only one random pass
+\-l for a second time lessons the security even more: only one random pass
+ is written.
+ .TP
+ .B \-r
+@@ -95,7 +95,7 @@
+ which comes with the
+ .I secure_deletion package
+ to ensure to wipe also the free diskspace. However, If already a small
+-file aquired a block with your precious data, no tool known to me can help
+file acquired a block with your precious data, no tool known to me can help
+ you here. For a secure deletion of the swap space
+ .I sswap
+ is available.
+@@ -136,5 +136,5 @@
+ (1),
+ .I sswap
+ (1),
+-.I smem
+.I sdmem
+ (1)
+--- secure-delete-3.1.orig/sfill.1
+++ secure-delete-3.1/sfill.1
+@@ -16,7 +16,7 @@
+ is designed to delete data which lies on available diskspace on mediums
+ in a secure manner which can not be recovered by thiefs, law enforcement
+ or other threats.
+-The wipe algorythm is based on the paper "Secure Deletion of Data from
+The wipe algorithm is based on the paper "Secure Deletion of Data from
+ Magnetic and Solid-State Memory" presented at the 6th Usenix Security
+ Symposium by Peter Gutmann, one of the leading civilian cryptographers.
+ .PP
+@@ -59,7 +59,7 @@
+ and a final mode with random values.
+ .TP
+ .B \-l
+--l for a second time lessons the security even more: only one random pass
+\-l for a second time lessons the security even more: only one random pass
+ is written.
+ .TP
+ .B \-v
+@@ -130,5 +130,5 @@
+ (1),
+ .I sswap
+ (1),
+-.I smem
+.I sdmem
+ (1)
+--- secure-delete-3.1.orig/Makefile
+++ secure-delete-3.1/Makefile
+@@ -1,19 +1,19 @@
+ CC=gcc
+-OPT=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+OPT=$(CFLAGS) -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+ #OPT=-Wall -D_DEBUG_ -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+-INSTALL_DIR=/usr/local/bin
+INSTALL_DIR=$(prefix)/bin
+ MAN_DIR=/usr/local/man
+ DOC_DIR=/usr/share/doc/secure_delete
+ OPT_MOD=-D__KERNEL__ -DMODULE -fomit-frame-pointer -fno-strict-aliasing -pipe -mpreferred-stack-boundary=2
+ #LD_MOD=-r
+ 
+-all: sdel-lib.o srm sfill sswap smem sdel-mod.o
+-	@echo
+-	@echo "A Puritan is someone who is deathly afraid that someone, somewhere, is"
+-	@echo "having fun."
+-	@echo
+-	@echo "I hope YOU have fun!"
+-	@echo
+all: sdel-lib.o srm sfill sswap smem
+#	@echo
+#	@echo "A Puritan is someone who is deathly afraid that someone, somewhere, is"
+#	@echo "having fun."
+#	@echo
+#	@echo "I hope YOU have fun!"
+#	@echo
+ 
+ sdel-mod.o: sdel-mod.c
+ 	$(CC) $(OPT) $(OPT_MOD) $(LD_MOD) -I/lib/modules/`uname -r`/build/include -c sdel-mod.c
+@@ -23,32 +23,28 @@
+ 
+ srm: srm.c
+ 	$(CC) ${OPT} -o srm srm.c sdel-lib.o
+-	-strip srm
+ sfill: sfill.c
+ 	$(CC) ${OPT} -o sfill sfill.c sdel-lib.o
+-	-strip sfill
+ sswap: sswap.c
+ 	$(CC) ${OPT} -o sswap sswap.c sdel-lib.o
+-	-strip sswap
+ smem: smem.c
+ 	$(CC) ${OPT} -o smem smem.c sdel-lib.o
+-	-strip smem
+ 
+ clean:
+ 	rm -f sfill srm sswap smem sdel sdel-lib.o sdel-mod.o core *~
+ 
+ install: all
+ 	mkdir -p -m 755 ${INSTALL_DIR} 2> /dev/null
+-	rm -f sdel && ln -s srm sdel
+-	cp -f sdel srm sfill sswap smem the_cleaner.sh ${INSTALL_DIR}
+-	chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem ${INSTALL_DIR}/the_cleaner.sh
+-	mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null
+-	cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1
+-	chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1
+-	mkdir -p -m 755 ${DOC_DIR} 2> /dev/null
+-	cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR}
+-	-test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char
+#	rm -f sdel && ln -s srm sdel
+	cp -f srm sfill sswap smem ${INSTALL_DIR}
+	chmod 711 ${INSTALL_DIR}/srm ${INSTALL_DIR}/sfill ${INSTALL_DIR}/sswap ${INSTALL_DIR}/smem 
+#	mkdir -p -m 755 ${MAN_DIR}/man1 2> /dev/null
+#	cp -f srm.1 sfill.1 sswap.1 smem.1 ${MAN_DIR}/man1
+#	chmod 644 ${MAN_DIR}/man1/srm.1 ${MAN_DIR}/man1/sfill.1 ${MAN_DIR}/man1/sswap.1 ${MAN_DIR}/man1/smem.1
+#	mkdir -p -m 755 ${DOC_DIR} 2> /dev/null
+#	cp -f CHANGES FILES README secure_delete.doc usenix6-gutmann.doc ${DOC_DIR}
+#	-test -e sdel-mod.o && cp -f sdel-mod.o /lib/modules/`uname -r`/kernel/drivers/char
+ #	@-test '!' -e sdel-mod.o -a `uname -s` = 'Linux' && echo "type \"make sdel-mod install\" to compile and install the Linux loadable kernel module for secure delete"
+-	@echo
+-	@echo "If men could get pregnant, abortion would be a sacrament."
+-	@echo
+#	@echo
+#	@echo "If men could get pregnant, abortion would be a sacrament."
+#	@echo
+--- secure-delete-3.1.orig/srm.c
+++ secure-delete-3.1/srm.c
+@@ -110,7 +110,7 @@
+ 	        if ( (filestat.st_dev != controlstat.st_dev) || (filestat.st_ino != controlstat.st_ino) ) {
+ 	            fprintf(stderr, "Race found! (directory %s became a link)\n", filename);
+ 	        } else {
+-  	            if ((dir = opendir (".")) != NULL) {
+  	            if ((dir = opendir (".")) < 0) {
+ 	                (void) chmod(".", 0700); /* ignore permission errors */
+ 	                dir = opendir (".");
+ 	            }
+@@ -166,8 +166,10 @@
+             return 3;
+         }
+ 
+-        if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0)
+        if (sdel_overwrite(mode, fd, 0, bufsize, filestat.st_size > 0 ? filestat.st_size : 1, zero) == 0) {
+            close(fd);
+             return sdel_unlink(filename, 0, 1, slow);
+		}
+     } /* end IS_REG() */
+     else {
+         if (S_ISDIR(filestat.st_mode)) {
+--- secure-delete-3.1.orig/smem.1
+++ secure-delete-3.1/smem.1
+@@ -3,16 +3,16 @@
+ .if n .sp
+ .if t .sp 0.4
+ ..
+-.TH SMEM 1
+.TH SDMEM 1
+ 
+ .SH NAME
+-smem \- secure memory wiper (secure_deletion toolkit)
+sdmem \- secure memory wiper (secure_deletion toolkit)
+ 
+ .SH SYNOPSIS
+-.B smem [-f] [-l] [-l] [-v]
+.B sdmem [-f] [-l] [-l] [-v]
+ 
+ .SH DESCRIPTION
+-.I smem
+.I sdmem
+ is designed to delete data which may lie still in your memory (RAM)
+ in a secure manner which can not be recovered by thiefs, law enforcement
+ or other threats.
+@@ -24,7 +24,7 @@
+ .PP
+ The
+ .I secure data deletion
+-process of smem goes like this:
+process of sdmem goes like this:
+ .PP
+ .TP
+ .B *
+@@ -51,20 +51,26 @@
+ and a final random one.
+ .TP
+ .B \-l
+--l for a second time lessons the security even more: only one pass with
+\-l for a second time lessons the security even more: only one pass with
+ 0x00 is written.
+ .TP
+ .B \-v
+ verbose mode
+ .PP
+ 
+.SH NOTE
+.TP
+This utility was originally called
+.I smem
+but was renamed for debian to avoid name clashes with another package.
+
+ .SH BEWARE
+ .TP
+ .B SLOW
+-Wiping the memory is very slow. You might use smem with the -ll option. (tip)
+Wiping the memory is very slow. You might use sdmem with the \-ll option. (tip)
+ .TP
+ .B BETA!
+-.I smem
+.I sdmem
+ is still beta.
+ 
+ .PP
+@@ -84,7 +90,7 @@
+ can be obtained from 
+ .I http://www.thc.org
+ .Sp
+-.I smem
+.I sdmem
+ and the
+ .I secure_deletion package
+ is (C) 1997-2003 by van Hauser / THC (vh@thc.org)
+--- secure-delete-3.1.orig/sswap.1
+++ secure-delete-3.1/sswap.1
+@@ -49,7 +49,7 @@
+ a final mode with random values.
+ .TP
+ .B \-l
+--l for a second time lessons the security even more: only one pass with
+\-l for a second time lessons the security even more: only one pass with
+ random values is written.
+ .TP
+ .B \-v
+@@ -106,5 +106,5 @@
+ (1),
+ .I sfill
+ (1),
+-.I smem
+.I sdmem
+ (1)
--- a/system/secure-delete/secure-delete.info
+++ b/system/secure-delete/secure-delete.info
@ -0,0 +1,10 @@
+PRGNAM="secure-delete"
+VERSION="3.1"
+HOMEPAGE="https://www.thc.org/releases.php?q=delete/"
+DOWNLOAD="https://www.thc.org/releases/secure_delete-3.1.tar.gz"
+MD5SUM="aabbd7e77bf96b326d260f16fb7f8bba"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="Edinaldo P. Silva"
+EMAIL="edps.mundognu@gmail.com"
--- a/system/secure-delete/slack-desc
+++ b/system/secure-delete/slack-desc
@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+             |-----handy-ruler------------------------------------------------------|
+secure-delete: secure-delete (wipe files, free disk space, swap and memory)
+secure-delete:
+secure-delete: Gutmann method based tools for securely wiping data.
+secure-delete:
+secure-delete: Home page: https://www.thc.org/releases.php?q=delete/
+secure-delete:
+secure-delete:
+secure-delete:
+secure-delete:
+secure-delete:
+secure-delete: