Bug #15967
udisks doesn't recognize volumes with multiple encryption as unlocked
100%
Description
VeraCrypt supports using multiple encryption (see https://www.veracrypt.fr/en/Cascades.html). When unlocking a volume with multiple encryption, the CryptoBackingDevice
property is not set, which seems to be the reason for the volume not being recognized as unlocked (neither in GNOME Disks nor in Unlock VeraCrypt Volumes).
As a result, the timeout for waiting for cleartext object after unlocking is always exceeded (the cleartext object never appears), therefore users using volumes with multiple encryption are also affected by Bug #15733 (and consequently Bug #15757, if they find the cleartext volume in GNOME Disks and try to unlock it).
Upstream merge request: https://github.com/storaged-project/udisks/pull/582 (merged)
Subtasks
Related issues
Related to Tails - |
Resolved | 2018-07-16 |
History
#1 Updated by segfault 2018-09-23 22:49:38
- Description updated
- % Done changed from 0 to 50
- Deliverable for set to 299
Took me quite some time, but I managed to create a patch which fixes this.
#2 Updated by segfault 2018-09-26 11:24:24
- Description updated
- Assignee changed from segfault to intrigeri
- QA Check set to Ready for QA
The patch has been merged in upstream. I backported it and built a new udisks package (2.1.8-1.0tails4) which is ready for review on https://gitlab.com/segfault3/tails-tcrypt-packages.git.
#3 Updated by intrigeri 2018-09-28 09:34:17
- Assignee changed from intrigeri to segfault
- QA Check changed from Ready for QA to Info Needed
How about you prepare a branch yourself, now that you have the credentials needed to do so? Steps would be:
- fork a branch off stable, check it out and push it to the official repo (needed to that its APT overlay suite is created on our custom APT repo)
- run
./bin/add-APT-overlay
- take note of the name of the added APT overlay, that’ll be the target distribution you need to set in
debian/changelog
(which will then make its way to*.changes
, which will eventually tell reprepro to which APT suite the package must be added) - update packaging if needed, build, and upload to that new APT suite
- push your updated topic branch (with the new APT overlay enabled) which should trigger builds & tests on Jenkins
- send back to me for QA
This is only a rough sketch of the involved steps. For some of them you’ll find more detailed doc at the URLs I’ve sent you a few days ago.
#4 Updated by segfault 2018-10-13 13:22:06
- Feature Branch set to bugfix/15967-veracrypt-multiple-encryption
#5 Updated by segfault 2018-10-14 10:13:50
- Assignee changed from segfault to intrigeri
I don’t seem to have access to incoming.deb.tails.boum.org:
Uploading to tails (via scp to incoming.deb.tails.boum.org):
Received disconnect from 198.252.153.59 port 3003:2: Too many authentication failures
#6 Updated by segfault 2018-10-14 16:50:50
If I set the IdentitiesOnly
ssh option I get this error instead:
reprepro@incoming.deb.tails.boum.org: Permission denied (publickey).
#7 Updated by intrigeri 2018-10-15 09:06:10
- Assignee changed from intrigeri to segfault
- QA Check changed from Info Needed to Dev Needed
segfault wrote:
> If I set the IdentitiesOnly
ssh option I get this error instead:
>
> […]
Should now be fixed (+ updated our internal checklist about giving commit access to include this step and the 2 SSH host key fingerprints you’ve been missing).
#8 Updated by segfault 2018-10-15 17:52:38
intrigeri wrote:
> Should now be fixed (+ updated our internal checklist about giving commit access to include this step and the 2 SSH host key fingerprints you’ve been missing).
It works, thanks
#9 Updated by segfault 2018-10-16 12:35:20
- % Done changed from 50 to 60
- QA Check deleted (
Dev Needed) - Feature Branch changed from bugfix/15967-veracrypt-multiple-encryption to feature/14481-TCRYPT-support-beta
When I built the packages, I used the old distribution, so I changed the feature branch to feature/14481-TCRYPT-support-beta to avoid rebuilding the packages.
I tested it and it works, I can now successfully unlock VeraCrypt volumes with multiple encryption.
I just pushed the branch with the APT overlay enabled, now waiting for Jenkins tests.
#10 Updated by segfault 2018-10-17 11:34:00
The Jenkins test job failed, but the failure seems to be unrelated to this branch:
18:59:33 Looks like the node went offline during the build. Check the slave log for the details.
18:59:33 FATAL: channel is already closed
I restarted the job, let’s see if it works this time
#11 Updated by segfault 2018-10-17 15:34:14
- Assignee changed from segfault to intrigeri
- QA Check set to Ready for QA
The test passed
#12 Updated by intrigeri 2018-10-18 07:11:30
- Status changed from Confirmed to In Progress
Code review passes.
#13 Updated by intrigeri 2018-10-19 06:52:49
- Status changed from In Progress to Fix committed
- Assignee deleted (
intrigeri) - % Done changed from 60 to 100
- QA Check changed from Ready for QA to Pass
Test suite passes, merged!
#14 Updated by CyrilBrulebois 2018-10-24 11:19:15
- Status changed from Fix committed to Resolved
#15 Updated by segfault 2018-11-06 14:47:33
- Description updated
#16 Updated by segfault 2018-11-06 14:47:45
- related to
Bug #15733: Unlocking TCRYPT volume sometimes shows a confusing error message added