[Tails-dev] Replacing TrueCrypt with cryptsetup 1.6 + docume…

This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
M\sajolida at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] tcplay in tails
Subject: [Tails-dev] Replacing TrueCrypt with cryptsetup 1.6 + documentation? [Was: tcplay in tails]
Hi,

intrigeri wrote (21 Jun 2014 10:34:44 GMT) :
> intrigeri wrote (29 Apr 2014 07:03:02 GMT) :
>> OTOH, it seems to me that most usecases of TC volumes are about
>> interoperability with major non-free OS, so assuming one is
>> comfortable unlocking a TC volume (created in Tails) using one such
>> OS, then why not use it as well to create the volume in the first
>> place. With this in mind, including tcplay could be seen as a mere
>> temporary measure, aimed at addressing #1 only, and valid only until
>> we ship a version of cryptsetup that supports unlocking TC volumes on
>> the command-line (Tails/Jessie, or cryptsetup 1.6+ in
>> wheezy-backports). But then, if we go this way, perhaps it would be
>> worth skipping the tcplay step and jumping directly at a cryptsetup
>> backport attempt.

> Are you interested in trying to backport cryptsetup for Wheezy?

I've given it a quick try, and it was pretty easy. I only had to add
the attached quilt patch, dch --bpo, and it just built. Quickly tried
the resulting binary packages in Tails 1.1 (creating a LUKS volume in
GNOME Disks, unlocking and locking it again), seems to work fine.

Since Tails 0.20 (a year ago), we've been telling TrueCrypt users that
we mean to remove it. Besides, the recent events on the upstream front
make it even more doubtful to go on shipping TC in Tails.

So, I'm starting to think that we should just include cryptsetup
1.6.x, drop TrueCrypt, and document 1. how to get one's documents out
of a TC volume, for those who've just been waiting for when it's too
late; and 2. how to unlock a TC volume on the command-line with
cryptsetup, for those who badly need to interoperate with
non-Linux systems.

The timeline I have in mind is:

1. In Tails 1.1.1, modify the TC wrapper to announce that it'll be
removed in 1.2.
2. In Tails 1.2, do the rest of the plan described above.
3. On the long term, anyone who wants anything better can work on
#6337 ("Add support for TrueCrypt volumes in udisks") and its
logical next steps (Nautilus / GNOME integration).

Thoughts?

Cheers,
--
intrigeri

--- a/configure.ac
+++ b/configure.ac
@@ -17,8 +17,8 @@
# http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html

# For old automake use this
-#AM_INIT_AUTOMAKE(dist-bzip2)
-AM_INIT_AUTOMAKE([dist-bzip2 1.12 serial-tests])
+AM_INIT_AUTOMAKE(dist-bzip2)
+#AM_INIT_AUTOMAKE([dist-bzip2 1.12 serial-tests]) 

 if test "x$prefix" = "xNONE"; then
     sysconfdir=/etc

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Release schedule for Tails 1.1.1Re: [Tails-dev] [review again plz] #7156 Create a donation form to receive fiat currencies->
lists.autistici.org administrated by postmasterLurker (version 2.3)