Project

General

Profile

Bug #15667

Feature #14468: Add VeraCrypt support to Tails

Upstream VeraCrypt integration in GTK ask-password dialog

Added by sajolida 5 months ago. Updated 14 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
06/18/2018
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

chooser.png View (159 KB) sajolida, 06/18/2018 03:13 PM

audacity with luks.png View (98.7 KB) sajolida, 06/22/2018 05:28 PM

audacity with veracrypt.png View (115 KB) sajolida, 06/22/2018 05:28 PM

History

#1 Updated by segfault 5 months ago

Wow. I'm a bit shocked to see yet another unlock dialog in Tails which I don't recall ever seeing before. I suspect that this is part of Firefox, which also uses udisks via D-Bus. When I click on an encrypted volume in the file chooser of the archive manager, it opens the GNOME Shell dialog instead (as expected). Also, unlocking TCRYPT volumes which only require a passphrase works in this new dialog. So I think this is not top priority and I will investigate further when I'm done with the more urgent tasks.

#2 Updated by sajolida 5 months ago

I found the same dialog in Audacity, see screenshot. So I don't think it's part of Firefox.

In Audacity in your VeraCrypt branch I could actually unlock a file container from there and part of the message is ours. But it doesn't show the additional VeraCrypt parameters.

I think you should investigate in which cases does this dialog show up and when it does not because maybe there's a good reason for having an alternative to GVfs monitor in some cases.

  • If there's no good reason, maybe it's an inconsistency that we should report upstream. I bet that GNOME would be interested in having a more consistent experience for LUKS as well, and make all application use the same file chooser.
  • If there's is a good reason, and since part of your GVfs dialog is reused already ("might be a VeraCrypt volume"), maybe it's possible to fix that.

#3 Updated by segfault 5 months ago

sajolida wrote:

I found the same dialog in Audacity, see screenshot. So I don't think it's part of Firefox.

In Audacity in your VeraCrypt branch I could actually unlock a file container from there and part of the message is ours. But it doesn't show the additional VeraCrypt parameters.

Ok, thanks for investigating. I think what you mean with "our message" comes from udisks (i.e. from our udisks patches).

I think you should investigate in which cases does this dialog show up and when it does not because maybe there's a good reason for having an alternative to GVfs monitor in some cases.

Yes, I will investigate this after the more urgent things (VeraCrypt Mounter) are done.

  • If there's no good reason, maybe it's an inconsistency that we should report upstream. I bet that GNOME would be interested in having a more consistent experience for LUKS as well, and make all application use the same file chooser.
  • If there's is a good reason, and since part of your GVfs dialog is reused already ("might be a VeraCrypt volume"), maybe it's possible to fix that.

"might be a VeraCrypt volume" comes from udisks, not the GVfs dialog.

#4 Updated by segfault 5 months ago

This dialog is part of GtkMountOperation. If I understand the code correctly, it should only be used instead of the GNOME Shell dialog if the mount operation requires to get a domain or username from the user, or if it can't use the org.gtk.MountOperationHandler D-Bus interface. I think the last condition might be true for Tor Browser (and Audacity?). I tested it with Firefox 60, and there the GNOME Shell dialog is used.

So, in any case, I think patching this dialog too would be good. But it seems like at least Tor Browser is statically linked with GTK, because it does not use any patched GTK I install. So even if I patch this dialog, we won't have it in Tails until it's merged upstream and released and Firefox is built with it.

So I would still like to do this with low priority, and probably not as a deliverable for SponsorW.

#5 Updated by segfault 4 months ago

  • Subject changed from No VeraCrypt integration in file chooser to No VeraCrypt integration in GTK ask-password dialog
  • Description updated (diff)

I created a patch to add the TCRYPT options to the GTK ask-password dialog. See the merge requests in the description.

#6 Updated by intrigeri 4 months ago

If this is now considered to be part of the sponsor deliverable, please set the "Deliverable for" field accordingly :)

#7 Updated by intrigeri 3 months ago

If this is now considered to be part of the sponsor deliverable, please set the "Deliverable for" field accordingly :)

Given you've mentioned one of these MRs on https://tails.boum.org/blueprint/SponsorW/2018_07/, I'll assume you see it as a sponsor deliverable.

#8 Updated by intrigeri 3 months ago

  • Tracker changed from Feature to Bug
  • Status changed from Confirmed to In Progress
  • Target version set to Tails_3.9

#9 Updated by intrigeri 3 months ago

  • Priority changed from Normal to High

Please include these patches when you'll do #15521 before we merge the branch in time for the RC.

#10 Updated by segfault 3 months ago

  • Priority changed from High to Normal

intrigeri wrote:

Please include these patches when you'll do #15521 before we merge the branch in time for the RC.

Done. I'm resetting the priority to normal, because this is not a blocker for merging into devel anymore, but only tracks the progress of upstreaming.

#11 Updated by segfault 2 months ago

  • Target version changed from Tails_3.9 to Tails_3.10.1

#12 Updated by segfault 2 months ago

  • Subject changed from No VeraCrypt integration in GTK ask-password dialog to Upstream VeraCrypt integration in GTK ask-password dialog

#13 Updated by segfault 22 days ago

  • Target version changed from Tails_3.10.1 to Tails_3.11

#14 Updated by intrigeri 14 days ago

  • Parent task changed from #14480 to #14468

Also available in: Atom PDF