Bug #15967
udisks doesn't recognize volumes with multiple encryption as unlocked
100%
Description
VeraCrypt supports using multiple encryption (see https://www.veracrypt.fr/en/Cascades.html). When unlocking a volume with multiple encryption, the CryptoBackingDevice property is not set, which seems to be the reason for the volume not being recognized as unlocked (neither in GNOME Disks nor in Unlock VeraCrypt Volumes).
As a result, the timeout for waiting for cleartext object after unlocking is always exceeded (the cleartext object never appears), therefore users using volumes with multiple encryption are also affected by #15733 (and consequently #15757, if they find the cleartext volume in GNOME Disks and try to unlock it).
Upstream merge request: https://github.com/storaged-project/udisks/pull/582 (merged)
Related issues
Associated revisions
History
#2 Updated by segfault 9 months ago
- Description updated (diff)
- Assignee changed from segfault to intrigeri
- QA Check set to Ready for QA
The patch has been merged in upstream. I backported it and built a new udisks package (2.1.8-1.0tails4) which is ready for review on https://gitlab.com/segfault3/tails-tcrypt-packages.git.
#3 Updated by intrigeri 9 months ago
- Assignee changed from intrigeri to segfault
- QA Check changed from Ready for QA to Info Needed
How about you prepare a branch yourself, now that you have the credentials needed to do so? Steps would be:
- fork a branch off stable, check it out and push it to the official repo (needed to that its APT overlay suite is created on our custom APT repo)
- run
./bin/add-APT-overlay - take note of the name of the added APT overlay, that'll be the target distribution you need to set in
debian/changelog(which will then make its way to*.changes, which will eventually tell reprepro to which APT suite the package must be added) - update packaging if needed, build, and upload to that new APT suite
- push your updated topic branch (with the new APT overlay enabled) which should trigger builds & tests on Jenkins
- send back to me for QA
This is only a rough sketch of the involved steps. For some of them you'll find more detailed doc at the URLs I've sent you a few days ago.
#7 Updated by intrigeri 8 months ago
- Assignee changed from intrigeri to segfault
- QA Check changed from Info Needed to Dev Needed
segfault wrote:
If I set the
IdentitiesOnlyssh option I get this error instead:[...]
Should now be fixed (+ updated our internal checklist about giving commit access to include this step and the 2 SSH host key fingerprints you've been missing).
#9 Updated by segfault 8 months ago
- % Done changed from 50 to 60
- QA Check deleted (
Dev Needed) - Feature Branch changed from bugfix/15967-veracrypt-multiple-encryption to feature/14481-TCRYPT-support-beta
When I built the packages, I used the old distribution, so I changed the feature branch to feature/14481-TCRYPT-support-beta to avoid rebuilding the packages.
I tested it and it works, I can now successfully unlock VeraCrypt volumes with multiple encryption.
I just pushed the branch with the APT overlay enabled, now waiting for Jenkins tests.
#10 Updated by segfault 8 months ago
The Jenkins test job failed, but the failure seems to be unrelated to this branch:
18:59:33 Looks like the node went offline during the build. Check the slave log for the details. 18:59:33 FATAL: channel is already closed
I restarted the job, let's see if it works this time
#14 Updated by CyrilBrulebois 8 months ago
- Status changed from Fix committed to Resolved
#16 Updated by segfault 8 months ago
- Related to Bug #15733: Unlocking TCRYPT volume sometimes shows a confusing error message added