Feature #10731

Tails Installer should not allow installing on non-removable USB sticks

Added by intrigeri 2015-12-09 05:07:55 . Updated 2020-03-09 19:39:32 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Installer
Deliverable for:

Description

We assume that we can write to removable devices via UDisks, but we don’t filter out of the available destination devices list the ones that have the removable bit set to false, and then of course the installation fails, which is confusing:

[creator.py:817 (partition_device)] INFO: Partitioning device /dev/sda
[creator.py:820 (partition_device)] DEBUG: Creating partition table
[gui.py:259 (run)] ERROR: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation (4)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/tails_installer/gui.py", line 196, in run
    self.live.partition_device()
  File "/usr/lib/python2.7/dist-packages/tails_installer/creator.py", line 829, in partition_device
    cancellable=None)
Error: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation (4)
[gui.py:260 (run)] DEBUG: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/tails_installer/gui.py", line 196, in run
    self.live.partition_device()
  File "/usr/lib/python2.7/dist-packages/tails_installer/creator.py", line 829, in partition_device
    cancellable=None)
Error: udisks-error-quark: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation (4)

Subtasks


Related issues

Related to Tails - Bug #12696: Tails Installer rejects working USB drives, pretending they're not "removable" Resolved 2017-06-14
Related to Tails - Bug #14446: Tails installer proposes to install in laptop's eMMC internal storage Rejected 2017-08-24
Related to Tails - Feature #15292: Distribute a USB image Resolved 2016-04-14 2019-01-29
Related to Tails - Feature #15742: Test running Tails from an external hard disk Resolved 2018-07-19
Related to Tails - Bug #15989: Update our plans to remove removable flag requirement Resolved 2018-09-28

History

#1 Updated by intrigeri 2016-03-08 13:47:36

  • Target version changed from Tails_2.2 to Tails_2.3

#2 Updated by kurono 2016-03-08 14:00:15

I might take a look. How do you reproduce this?

#3 Updated by intrigeri 2016-03-13 11:37:01

  • Assignee changed from intrigeri to kurono

> I might take a look.

Excellent, thank you!

> How do you reproduce this?

You need a USB stick or SD card that has the “removable” bit set to false. E.g. one of the Sandisk sticks listed on https://tails.boum.org/support/known_issues/ (“Problematic USB sticks”). I would personally go the virtualization way: boot Tails from virtual DVD in libvirt/QEMU, give the VM an emulated USB drive that isn’t “removable”, start Tails Installer and confirm that that virtual USB drive shows up in the list of candidate target devices, while it should not.

#4 Updated by anonym 2016-05-08 05:10:30

  • Target version changed from Tails_2.3 to Tails_2.4

#5 Updated by kurono 2016-05-20 15:09:28

  • Assignee deleted (kurono)
  • QA Check set to Ready for QA
  • Feature Branch set to kurono/bug/10731-lists-non-removable-devices

#6 Updated by intrigeri 2016-05-21 18:19:40

Code review passes at commit 185e11ae20533882562617d945cfd2e8122e8eb7.

#7 Updated by intrigeri 2016-05-21 18:22:55

  • Status changed from Confirmed to In Progress
  • Assignee set to intrigeri
  • % Done changed from 0 to 50

anonym is swamped with reviews, and I can easily handle this one, so I will.

#8 Updated by intrigeri 2016-05-21 18:34:00

  • Assignee changed from intrigeri to kurono
  • Target version changed from Tails_2.4 to Tails_2.5
  • QA Check changed from Ready for QA to Dev Needed

It works! But IMO we need a user-visible warning, just like what we do in “Check for devices that are too small”: being told “Please plug a USB flash drive or SD card of at least 3.5 GB”, while one did exactly that, can be a bit frustrating without any further explanation. I think we should explain the user that it’s useless to install to a “non-removable” drive, because Tails won’t start from it, and perhaps point to the place, on our known issues page, where we explain what’s the deal with “non-removable” USB sticks. What do you think?

#9 Updated by kurono 2016-05-23 16:04:49

  • Assignee deleted (kurono)
  • QA Check changed from Dev Needed to Ready for QA

intrigeri wrote:
> It works! But IMO we need a user-visible warning, just like what we do in “Check for devices that are too small”: being told “Please plug a USB flash drive or SD card of at least 3.5 GB”, while one did exactly that, can be a bit frustrating without any further explanation. I think we should explain the user that it’s useless to install to a “non-removable” drive, because Tails won’t start from it, and perhaps point to the place, on our known issues page, where we explain what’s the deal with “non-removable” USB sticks. What do you think?

Ok, I have added a message to let the user know that the device has the non-removable bit enabled, so he/she won’t be able to boot Tails from there. I took a look of *https://tails.boum.org/support/known_issues/*, and IMHO it doesn’t state why Tails won’t boot from these kind of devices, it only gives an example of one commercial brand with problems, so I guess not very useful for the user.

#10 Updated by sajolida 2016-05-23 17:45:11

  • Assignee set to sajolida

#11 Updated by sajolida 2016-07-05 10:57:36

  • Assignee changed from sajolida to kurono

So I improved the known issues to handle better this new scenario.

And I propose the following error message for Tails Installer:

« The USB stick "%(pretty_name)s" is configured as non-removable by its
manufacturer and Tails will fail to start on it.

Please refer to our [[list of problematic USB
sticks|support/known_issues#non-removable]] and try installing on a different
model. »

So kurono, please review my documentation branch bug/10731-lists-non-removable-devices in the main repo. I cannot see the error message myself, so if that’s easy for you make sure that it’s exactly the same as displayed.

#12 Updated by sajolida 2016-07-05 10:58:27

  • Tracker changed from Bug to Feature
  • Subject changed from Tails Installer lists non-removable devices it won't be able to use to Tails Installer should not allow installing on non-removable USB sticks

#13 Updated by intrigeri 2016-07-30 15:51:41

kurono, ping? It seems that this bugfix is almost done, and is now only blocked by some strings and doc review, right? Let’s try to get it done for 2.6 — but if you can’t, no problem: just let us know :)

#14 Updated by intrigeri 2016-08-02 09:31:56

  • Target version changed from Tails_2.5 to Tails_2.6

#15 Updated by anonym 2016-09-20 16:54:02

  • Target version changed from Tails_2.6 to Tails_2.7

#16 Updated by bertagaz 2016-11-17 17:38:35

  • Target version changed from Tails_2.7 to Tails_2.9.1

#17 Updated by kurono 2016-11-17 17:45:45

intrigeri wrote:
> kurono, ping? It seems that this bugfix is almost done, and is now only blocked by some strings and doc review, right? Let’s try to get it done for 2.6 — but if you can’t, no problem: just let us know :)

Wow sorry! I completely had lost track of this ticket, I will do it asap :/

#18 Updated by kurono 2016-11-24 08:46:11

  • Assignee changed from kurono to sajolida
  • QA Check changed from Ready for QA to Info Needed

sajolida wrote:
> So I improved the known issues to handle better this new scenario.
>
> And I propose the following error message for Tails Installer:
>
> […]
>
> So kurono, please review my documentation branch bug/10731-lists-non-removable-devices in the main repo. I cannot see the error message myself, so if that’s easy for you make sure that it’s exactly the same as displayed.

I have checked the message, and it is shown as expected :)
However I have a question, is [[list of problematic USB
sticks|support/known_issues#non-removable]] a hyperlink?
I guess it is possible to put one in the TextViewer, but it makes
things a little more complicated. I can try anyway if you consider it really useful.

#19 Updated by sajolida 2016-12-12 18:34:47

  • Target version deleted (Tails_2.9.1)

#20 Updated by sajolida 2016-12-28 19:47:40

  • Assignee changed from sajolida to kurono
  • QA Check changed from Info Needed to Dev Needed

Sorry for taking so long to answer such a short question. Yes, my original intent was to provide a hyperlink to the list in our known issues.

If that’s complicated, we can write instead:

« The USB stick “%(pretty_name)s” is configured as non-removable by its
manufacturer and Tails will fail to start on it.

Please try installing on a different model. »

I think it would be no big deal given that SanDisk seems to have stop distributing such USB sticks and I expect them to be very rare nowadays.

#21 Updated by kurono 2017-02-02 16:23:24

  • Assignee changed from kurono to sajolida
  • QA Check changed from Dev Needed to Ready for QA

sajolida wrote:
> Sorry for taking so long to answer such a short question. Yes, my original intent was to provide a hyperlink to the list in our known issues.
>
> If that’s complicated, we can write instead:
>
> « The USB stick “%(pretty_name)s” is configured as non-removable by its
> manufacturer and Tails will fail to start on it.
>
> Please try installing on a different model. »
>
> I think it would be no big deal given that SanDisk seems to have stop distributing such USB sticks and I expect them to be very rare nowadays.

Ok, I have used the suggested message.

#22 Updated by sajolida 2017-04-07 15:20:37

#23 Updated by sajolida 2017-05-23 17:41:42

  • Assignee changed from sajolida to intrigeri

Fine with me. Reassigning to the foundations team for the final code review and merge.

#24 Updated by intrigeri 2017-05-24 06:14:02

  • Target version set to Tails_3.0

#25 Updated by intrigeri 2017-05-24 10:55:58

  • % Done changed from 50 to 60

Quick code review passes. I’ll test in a VM as I have no non-removable USB stick available.

#26 Updated by intrigeri 2017-05-24 15:20:08

  • % Done changed from 60 to 70
  • Feature Branch changed from kurono/bug/10731-lists-non-removable-devices to bug/10731-lists-non-removable-devices

Tested with a removable USB stick and a non-removable one: works as advertised. Will push a branch that builds an ISO with this patch applied so we can see how it fares in our test suite.

#27 Updated by intrigeri 2017-05-24 15:27:49

  • Feature Branch changed from bug/10731-lists-non-removable-devices to bugfix/10731-lists-non-removable-devices

#28 Updated by intrigeri 2017-05-25 05:32:02

  • Status changed from In Progress to Fix committed
  • % Done changed from 70 to 100

Applied in changeset commit:93f5ca8febe02e9f8fffff03820518c4582b196c.

#29 Updated by intrigeri 2017-05-25 05:32:35

  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass

Merged, thanks!

#30 Updated by intrigeri 2017-06-12 16:07:41

  • Status changed from Fix committed to Resolved

#31 Updated by goupille 2017-06-14 08:29:39

  • related to Bug #12696: Tails Installer rejects working USB drives, pretending they're not "removable" added

#32 Updated by intrigeri 2017-06-23 10:43:39

  • Status changed from Resolved to In Progress
  • Assignee set to kurono
  • Target version deleted (Tails_3.0)
  • % Done changed from 100 to 10
  • QA Check deleted (Pass)
  • Feature Branch deleted (bugfix/10731-lists-non-removable-devices)

As explained on Bug #12696#note-12 I’m reopening this, as next Tails Installer release will essentially revert what the branch we merged here does. I’ll now explain how I understand the problem at hand.

We are trying to solve two different problems here:

  1. installation failure (as explained in the description of this ticket), if we try to install on a device that udev/polkit don’t grant us write access to
  2. boot failure, if we successfully install on a device that live-boot’s live-media=removable will reject

And there are many different definitions of “removable” at play here:

  • udev/polkit’s
  • UDisks2’s
  • live-boot’s

The fact these definitions are all different is the root of the problem at hand, and what makes it non-trivial to fix.

To fix the first problem, we need to take into account udev/polkit’s definition of “removable”, i.e. filter out devices that udev/polkit won’t give us write access to. According to /etc/udev/rules.d/99-make-removable-devices-user-writable.rules, in Tails we have write access to any USB and MMC device, so I don’t know how the problem in the ticket description can occur. I suspect it can only be reproduced on Debian, that lacks this udev rule. I think the correct solution to this problem is to have Tails Installer use exactly the same heuristics as the code that grants/denies permission.

And to fix the second problem, we need to take into account live-boot’s own definition of “removable”, i.e. currently what’s in /sys/block/$DEVICE/removable, but as explained in Feature #6397#note-42, a live-boot fork has code to change this definition in a way that makes it closer to what udev, polkit and UDisks2 use. Fixing live-boot is probably better than adding workarounds for its problems in Tails Installer.

kurono, are you still interested in working on this, now that it’s become clear that the problem is larger than initially expected, and pieces of the solution will likely need to be implemented in live-boot and Tails Installer?

#33 Updated by sajolida 2017-07-05 19:09:18

#34 Updated by intrigeri 2017-08-24 16:21:44

  • related to Bug #14446: Tails installer proposes to install in laptop's eMMC internal storage added

#35 Updated by Anonymous 2018-08-18 10:01:12

#36 Updated by Anonymous 2018-08-18 10:02:35

  • related to Feature #15742: Test running Tails from an external hard disk added

#37 Updated by Anonymous 2018-08-18 10:03:47

@kurono: do you still plan to work on this?

#38 Updated by intrigeri 2018-10-09 09:30:20

  • related to Bug #15989: Update our plans to remove removable flag requirement added

#39 Updated by sajolida 2019-07-22 16:30:24

  • Status changed from In Progress to Confirmed
  • Assignee deleted (kurono)
  • Start date deleted (2015-12-09)
  • % Done changed from 10 to 0

No news from kurono in 2 years after intrigeri reframed the problem → unassigning.

#40 Updated by intrigeri 2020-03-09 19:39:32

  • Status changed from Confirmed to Rejected

So, this did not get much traction after we understood how complex the problem was.

Recently, via Feature #16926 we dropped special casing of non-removable USB sticks in our doc, under the assumption that they’re not common anymore. If these drives are not common enough to be worth documenting how to boot from them, I don’t think we should worry about installing to them.

Also, elsewhere we discovered that some users try to install Tails on external hard drives, some of those being exposed as non-removable. And there’s renewed interest in supporting internal hard drives too (Feature #8422 and subtasks). If we implement that, we’ll end up having to revert whatever work is done here, because we’ll need to support installing on non-removable drives (and then we’ll need to fix the permission issues that prompted me to create this ticket in the first place, but that’s another matter).

Finally, Tails Installer is not the primary way to install Tails these days. It’s one of the main ways to upgrade Tails, but then the problem on this ticket is less likely to happen.

None of these reasons would be sufficient in itself to make me dare rejecting these ticket, but once they’re combined, oh well, I think it makes more sense that we work on something else.

If you disagree with my conclusion, let’s talk!