Project

General

Profile

Bug #15967

udisks doesn't recognize volumes with multiple encryption as unlocked

Added by segfault 3 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Tails_3.10.1
Start date:
09/20/2018
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
feature/14481-TCRYPT-support-beta
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

VeraCrypt supports using multiple encryption (see https://www.veracrypt.fr/en/Cascades.html). When unlocking a volume with multiple encryption, the CryptoBackingDevice property is not set, which seems to be the reason for the volume not being recognized as unlocked (neither in GNOME Disks nor in Unlock VeraCrypt Volumes).

As a result, the timeout for waiting for cleartext object after unlocking is always exceeded (the cleartext object never appears), therefore users using volumes with multiple encryption are also affected by #15733 (and consequently #15757, if they find the cleartext volume in GNOME Disks and try to unlock it).

Upstream merge request: https://github.com/storaged-project/udisks/pull/582 (merged)

Related issues

Related to Tails - Bug #15733: Unlocking TCRYPT volume sometimes shows a confusing error message Resolved 07/16/2018

Associated revisions

Revision ead8d7bf
Added by intrigeri about 2 months ago

Merge branch 'feature/14481-TCRYPT-support-beta' into stable (Fix-committed: #16031, #15967)

History

#1 Updated by segfault 3 months ago

  • Description updated (diff)
  • % Done changed from 0 to 50

Took me quite some time, but I managed to create a patch which fixes this.

#2 Updated by segfault 3 months ago

  • Description updated (diff)
  • Assignee changed from segfault to intrigeri
  • QA Check set to Ready for QA

The patch has been merged in upstream. I backported it and built a new udisks package (2.1.8-1.0tails4) which is ready for review on https://gitlab.com/segfault3/tails-tcrypt-packages.git.

#3 Updated by intrigeri 3 months ago

  • Assignee changed from intrigeri to segfault
  • QA Check changed from Ready for QA to Info Needed

How about you prepare a branch yourself, now that you have the credentials needed to do so? Steps would be:

  1. fork a branch off stable, check it out and push it to the official repo (needed to that its APT overlay suite is created on our custom APT repo)
  2. run ./bin/add-APT-overlay
  3. take note of the name of the added APT overlay, that'll be the target distribution you need to set in debian/changelog (which will then make its way to *.changes, which will eventually tell reprepro to which APT suite the package must be added)
  4. update packaging if needed, build, and upload to that new APT suite
  5. push your updated topic branch (with the new APT overlay enabled) which should trigger builds & tests on Jenkins
  6. send back to me for QA

This is only a rough sketch of the involved steps. For some of them you'll find more detailed doc at the URLs I've sent you a few days ago.

#4 Updated by segfault 2 months ago

  • Feature Branch set to bugfix/15967-veracrypt-multiple-encryption

#5 Updated by segfault 2 months ago

  • Assignee changed from segfault to intrigeri

I don't seem to have access to incoming.deb.tails.boum.org:

Uploading to tails (via scp to incoming.deb.tails.boum.org):
Received disconnect from 198.252.153.59 port 3003:2: Too many authentication failures

#6 Updated by segfault 2 months ago

If I set the IdentitiesOnly ssh option I get this error instead:

reprepro@incoming.deb.tails.boum.org: Permission denied (publickey).

#7 Updated by intrigeri about 2 months ago

  • Assignee changed from intrigeri to segfault
  • QA Check changed from Info Needed to Dev Needed

segfault wrote:

If I set the IdentitiesOnly ssh option I get this error instead:

[...]

Should now be fixed (+ updated our internal checklist about giving commit access to include this step and the 2 SSH host key fingerprints you've been missing).

#8 Updated by segfault about 2 months ago

intrigeri wrote:

Should now be fixed (+ updated our internal checklist about giving commit access to include this step and the 2 SSH host key fingerprints you've been missing).

It works, thanks

#9 Updated by segfault about 2 months ago

  • % Done changed from 50 to 60
  • QA Check deleted (Dev Needed)
  • Feature Branch changed from bugfix/15967-veracrypt-multiple-encryption to feature/14481-TCRYPT-support-beta

When I built the packages, I used the old distribution, so I changed the feature branch to feature/14481-TCRYPT-support-beta to avoid rebuilding the packages.

I tested it and it works, I can now successfully unlock VeraCrypt volumes with multiple encryption.

I just pushed the branch with the APT overlay enabled, now waiting for Jenkins tests.

#10 Updated by segfault about 2 months ago

The Jenkins test job failed, but the failure seems to be unrelated to this branch:

18:59:33 Looks like the node went offline during the build. Check the slave log for the details.
18:59:33 FATAL: channel is already closed

I restarted the job, let's see if it works this time

#11 Updated by segfault about 2 months ago

  • Assignee changed from segfault to intrigeri
  • QA Check set to Ready for QA

The test passed

#12 Updated by intrigeri about 2 months ago

  • Status changed from Confirmed to In Progress

Code review passes.

#13 Updated by intrigeri about 2 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)
  • % Done changed from 60 to 100
  • QA Check changed from Ready for QA to Pass

Test suite passes, merged!

#14 Updated by CyrilBrulebois about 2 months ago

  • Status changed from Fix committed to Resolved

#15 Updated by segfault about 1 month ago

  • Description updated (diff)

#16 Updated by segfault about 1 month ago

  • Related to Bug #15733: Unlocking TCRYPT volume sometimes shows a confusing error message added

Also available in: Atom PDF