Bug #15667: Upstream VeraCrypt integration in GTK ask-password dialog

Bug #15667

Upstream VeraCrypt integration in GTK ask-password dialog

Added by sajolida 2018-06-18 15:13:47 . Updated 2019-12-01 18:28:17 .

Status:

Resolved

Priority:

Normal

Assignee:

segfault

Category:

Target version:

Tails_4.1

Start date:

2018-06-18

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

299

Description

See screenshot in attachment.

Merge requests:
https://gitlab.gnome.org/GNOME/gtk/merge_requests/262 (merged)
https://gitlab.gnome.org/GNOME/gtk/merge_requests/263 (merged)

Files

chooser.png (162583 B)	sajolida, 2018-06-18 15:13:46
audacity with luks.png (101113 B)	sajolida, 2018-06-22 17:28:23
audacity with veracrypt.png (117493 B)	sajolida, 2018-06-22 17:28:23

Subtasks

History

#1 Updated by segfault 2018-06-19 20:18:42

Wow. I’m a bit shocked to see yet another unlock dialog in Tails which I don’t recall ever seeing before. I suspect that this is part of Firefox, which also uses udisks via D-Bus. When I click on an encrypted volume in the file chooser of the archive manager, it opens the GNOME Shell dialog instead (as expected). Also, unlocking TCRYPT volumes which only require a passphrase works in this new dialog. So I think this is not top priority and I will investigate further when I’m done with the more urgent tasks.

#2 Updated by sajolida 2018-06-22 17:28:29

File audacity with luks.png added
File audacity with veracrypt.png added

I found the same dialog in Audacity, see screenshot. So I don’t think it’s part of Firefox.

In Audacity in your VeraCrypt branch I could actually unlock a file container from there and part of the message is ours. But it doesn’t show the additional VeraCrypt parameters.

I think you should investigate in which cases does this dialog show up and when it does not because maybe there’s a good reason for having an alternative to GVfs monitor in some cases.

If there’s no good reason, maybe it’s an inconsistency that we should report upstream. I bet that GNOME would be interested in having a more consistent experience for LUKS as well, and make all application use the same file chooser.
If there’s is a good reason, and since part of your GVfs dialog is reused already (“might be a VeraCrypt volume”), maybe it’s possible to fix that.

#3 Updated by segfault 2018-06-22 17:32:53

sajolida wrote:
> I found the same dialog in Audacity, see screenshot. So I don’t think it’s part of Firefox.
>
> In Audacity in your VeraCrypt branch I could actually unlock a file container from there and part of the message is ours. But it doesn’t show the additional VeraCrypt parameters.

Ok, thanks for investigating. I think what you mean with “our message” comes from udisks (i.e. from our udisks patches).

> I think you should investigate in which cases does this dialog show up and when it does not because maybe there’s a good reason for having an alternative to GVfs monitor in some cases.

Yes, I will investigate this after the more urgent things (VeraCrypt Mounter) are done.

> * If there’s no good reason, maybe it’s an inconsistency that we should report upstream. I bet that GNOME would be interested in having a more consistent experience for LUKS as well, and make all application use the same file chooser.
> * If there’s is a good reason, and since part of your GVfs dialog is reused already (“might be a VeraCrypt volume”), maybe it’s possible to fix that.

“might be a VeraCrypt volume” comes from udisks, not the GVfs dialog.

#4 Updated by segfault 2018-06-26 20:25:09

This dialog is part of GtkMountOperation. If I understand the code correctly, it should only be used instead of the GNOME Shell dialog if the mount operation requires to get a domain or username from the user, or if it can’t use the org.gtk.MountOperationHandler D-Bus interface. I think the last condition might be true for Tor Browser (and Audacity?). I tested it with Firefox 60, and there the GNOME Shell dialog is used.

So, in any case, I think patching this dialog too would be good. But it seems like at least Tor Browser is statically linked with GTK, because it does not use any patched GTK I install. So even if I patch this dialog, we won’t have it in Tails until it’s merged upstream and released and Firefox is built with it.

So I would still like to do this with low priority, and probably not as a deliverable for SponsorW.

#5 Updated by segfault 2018-07-22 20:30:11

Subject changed from No VeraCrypt integration in file chooser to No VeraCrypt integration in GTK ask-password dialog
Description updated

I created a patch to add the TCRYPT options to the GTK ask-password dialog. See the merge requests in the description.

#6 Updated by intrigeri 2018-07-23 00:16:06

If this is now considered to be part of the sponsor deliverable, please set the “Deliverable for” field accordingly :)

#7 Updated by intrigeri 2018-08-07 09:57:31

Deliverable for set to 299

> If this is now considered to be part of the sponsor deliverable, please set the “Deliverable for” field accordingly :)

Given you’ve mentioned one of these MRs on https://tails.boum.org/blueprint/SponsorW/2018_07/, I’ll assume you see it as a sponsor deliverable.

#8 Updated by intrigeri 2018-08-09 10:21:35

Tracker changed from Feature to Bug
Status changed from Confirmed to In Progress
Target version set to Tails_3.9

#9 Updated by intrigeri 2018-08-09 10:40:41

Priority changed from Normal to High

Please include these patches when you’ll do ~~Feature #15521~~ before we merge the branch in time for the RC.

#10 Updated by segfault 2018-08-12 21:02:08

Priority changed from High to Normal

intrigeri wrote:
> Please include these patches when you’ll do ~~Feature #15521~~ before we merge the branch in time for the RC.

Done. I’m resetting the priority to normal, because this is not a blocker for merging into devel anymore, but only tracks the progress of upstreaming.