Using truecrypt-installer to help install Truecrypt for Debian

Posted by jaalto on Fri 9 Mar 2007 at 13:56

Update: The project page hub for latest utilities is at Freshmeat. Report bugs to Launchpad. Note: the utilities are for version 4.3a. No other version can be supported because in later versions the original software was rewritten to use different kernel interaction.

Truecrypt(R) is an Open Source disk encryption software which uses a concept of containers to store encrypted data. The nice thing about it is that the containers (or volumes) can be read transparently under Linux and Windows. Here are step by step instructions how to get the encryption software running with minimum of effort.

Last time we talked about a patch to make truecrypt 4.2a to support later kernel versions. The follow-up article guided you through manual process of converting Truecrypt sources into *.deb packages.

But we can do even better.

The original software's v4.3a license does not seem to comply with the Debian Free Software Guidelines (DFSG, see keyword free), so it cannot be directly packaged for Debian or distributed by official Debian repositories. To help this, I wrote couple of utilities to take care of downloading the sources, assembling build structure with bzr and producing the packages.

Instead of manually creating Debian packages here we see how couple of utilities can simplify things.

PREPARATIONS FOR THE BUILD PROCESS

At the time of writing (2007-03-07) the utilities did not try to handle kernel source install or configuring kernel sources, so few preparation steps were necessary. The latest utilities at Freshmeat project handle package dependencies better and these steps are not needed.

1) Install linux-source-* and linux-kbuild-* packages that match currently running kernel.

$ apt-cache search 'linux-source|linux-kbuild'
$ KVER=$(uname -r | sed 's/-.*//')             # 2.6.NN
$ apt-get install linux-source-$KVER linux-kbuild-$KVER

2) Prepare the Linux kernel. Copy the existing .config file to the kernel directory.

$ cd /usr/src
$ tar -jxf linux-source-$KVER*.bz2
$ cd /usr/src/linux-source-$KVER
$ cp /boot/config-$(uname -r) .
$ make oldconfig prepare scripts

USING THE UTILITIES

After completing preparations above, install the tc-installer package from Launchpad project. The first command satisfies the dependencies and in case of problems, it asks helps with -f option. You could also use the now recommended aptitude command in place of apt-get.

$ apt-get install bzr python-celementtree libncurses5-dev gcc-4.1 debhelper devscripts dpatch ||
  apt-get -f install
$ dpkg -i tc-installer*.deb

Start the source downloader:

$ tc-download

3) Build the Debian packages:

$ tc-dpkg --auto [--install]

4) In case --install option was not used, install the packages by hand. The order is important, kernel module first, and the rest after that:

 $ dpkg -i /usr/src/tc-{modules-linux,modules-modprobe,doc,cli}*.deb

The *modules-modprobe*.deb package takes care of configuring kernel module to be loaded at boot by modifying /etc/modules. It also activates the module immediately. You can check the current status with lsmod. As long as you see truecrypt everything is good, the other modules that are listed vary from kernel to kernel:

$ lsmod | grep truecrypt
truecrypt             148452  0
dm_mod                 50232  4 truecrypt,dm_snapshot,dm_mirror,dm_crypt

UPGRADES

After performing a kernel upgrade, the steps to repeat are:

  • Install new kernel, boot to it.
  • Get kernel sources and prepare them (repeat steps 1 and 2). The tc-dpkg option --auto will do this for you.
  • Build new *.deb packages (step 3)
  • Install new *.deb packages for the kernel (step 4). The tc-dpkg option --install will do this for you.

THE ENCRYPTED CONTAINERS

Update: In latest utilities the commands below have been implemented in separate program. You can simply run tc-create [--size SIZE[KMG]] <container name>.tc. Command tc-fsck can be used to check container's filesystem.

The following is just a crash course and you should read the manual to understand what all the options and commands do.

We make ext3 filesystem inside the container, because it preserves file attributes and gives portability to windows. If you only store data and do not care about proper permissions, the FAT might be easier route (you can skip 2).

1) Create 500M container which fits on standard CD-RW. The twofish is relatively fast compared to AES-256; on the other hand AES is relatively stronger -- but then again a proper password will compensate this. As encryption is quite CPU intensive, the AES would require more muscles to crunch bits.

$ truecrypt --encryption Twofish \
  --hash RIPEMD-160 \
  --type normal \
  --keyfile "" \
  --size 500M \
  --create test.tc

Filesystem:
     1) FAT
     2) None
     Select [1]: 2

2) Create filesystem inside the container. You Must be ROOT to create filesystem. Basicly the commands map the container through devmapper temporarily and then release it when filesystem has been made.

$ su - root
$ truecrypt -N 9 test.tc      # Pick free number: ls -1 /dev/mapper/
$ ls -l /dev/mapper/true*     # You see truecrypt9
$ mkfs -t ext3 /dev/mapper/truecrypt9
$ truecrypt --dismount /dev/mapper/truecrypt9

3) Mount the container and use it as usual and enjoy the encryption software which keeps your data safe.

$ mkdir mountpoint
$ truecrypt test.tc mountpoint
Password: .......

DISCLAIMER

acronym: R = Registered Trademark

Truecrypt is registered trademark of David Tesarik (Czech Republic, Parague); See World Intellectual Property Organization registration number: IRN/925625 http://www.wipo.int/ipdl/en. This page or presented tc-* programs are not sponsored by and have no association with The Truecrypt Foundation which is the legal entity of the Truecrypt disk encryption software.

 

 


Posted by marsbiker (217.229.xx.xx) on Sat 10 Mar 2007 at 08:38
hm, i get a

./truecrypt-dpkg: line 154: cd: /usr/src/truecrypt-4.2a/debian: No such file or directory
wait, getting debin/ control directory (bzr)
bzr: ERROR: Target directory "debian" already exists.

it's not my first try, so the "already exists"-error is probably nothing. but there is no dir "/usr/src/truecrypt-4.2a/debian" - however one was created in my working directory - if my working dir ist /usr/src/truecrypt-4.2a/ it works

[ Parent | Reply to this comment ]

Posted by jaalto (64.26.xx.xx) on Sat 10 Mar 2007 at 10:57
Thanks, I've updated the installer. Please visit http://debian.cante.net/truecrypt-installer and install newest *.deb that contains the utilities

[ Parent | Reply to this comment ]

Posted by boudrant (82.247.xx.xx) on Sat 10 Mar 2007 at 15:38
Hi,

In spite of all my efforts, i get the following errors debug when trying 'truecrypt-dpkg'.
I went through all first steps of the tutorial with success.

I have set on my computer :
debian 31r5 Etch
+ linux-source-2.6.18
+ linux-kbuild-2.6.18
+ linux-headers-2.6.18-4-486
+ [kernel-package, build-essential...]

Is my kernel non compliant ?

Thank you.

multivers:/usr/src# truecrypt-dpkg
Skipped, already unpacked in /usr/src/truecrypt-4.2a
Updating build process in /usr/src/truecrypt-4.2a/debian
Using saved location: http://debian.cante.net/truecrypt-bzr/debian/
0 revision(s) pulled.
This may take a while. Starting *.deb building process in /usr/src/truecrypt-4.2a
debian/rules clean
sed -e "s/_KVERM_/2.6.18/g" \
-e "s/_KVER_/2.6.18-4-486/g"\
-e "s/_TRVER_/4.2a/g"\
debian/control.in > debian/control
cd debian && \
cp truecrypt-modules.postinst.in \
truecrypt-modules-4.2a-2.6.18-4-486.postinst
cd debian && \
cp truecrypt-modules.postrm.in \
truecrypt-modules-4.2a-2.6.18-4-486.postrm
dpatch deapply-all
20_Cli.c--version-and-unofficial-notice not applied to ./ .
10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2.6.19 not applied to ./ .
rm -rf patch-stamp patch-stampT debian/patched
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
rm -f Linux/Cli/*.o Linux/Kernel/*o Linux/Cli/truecrypt
rm -f Linux/Common/*.o Linux/Common/platform Crypto/*.o Crypto/.*.o
rm -f Common/*.o Common/platform
rm -rf /usr/src/truecrypt-4.2a/debian/truecrypt*/
# Add here commands to clean up after the build process.
/usr/bin/make clean
make[1]: entrant dans le répertoire « /usr/src/truecrypt-4.2a »
make[1]: *** Pas de règle pour fabriquer la cible « clean ». Arrêt.
make[1]: quittant le répertoire « /usr/src/truecrypt-4.2a »
make: [clean] Erreur 2 (ignorée)
dh_clean
dpkg-source -i.bzr -b truecrypt-4.2a
dpkg-source : construction de truecrypt à partir de truecrypt_4.2a.orig.tar.gz
dpkg-source : construction de truecrypt dans truecrypt_4.2a-1.diff.gz
dpkg-source : avertissement : exécutable mode 0755 de debian/patches/10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2 .6.19.dpatch ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/patches/20_Cli.c--version-and-unofficial-notice.dpatch ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-doc.postinst ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-doc.prerm ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules-modprobe.postinst ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules-modprobe.postrm ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules.postinst.in ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules.postrm.in ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules-4.2a-2.6.18-4-486.postinst ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : avertissement : exécutable mode 0755 de debian/truecrypt-modules-4.2a-2.6.18-4-486.postrm ne sera pas représent&At ilde;ƒÆ’© dans le diff
dpkg-source : construction de truecrypt dans truecrypt_4.2a-1.dsc
debian/rules build
dh_testdir
# Add here commands to configure the package.
touch configure-stamp
if ! dpkg --compare-versions "4.2a" le "4.2a" ; then \
echo "Not a supported truecrypt version. 4.2a > 4.2a" >&2; \
return 4; \
fi
if ! dpkg --compare-versions 2.6.18-4-486 le 2.6.19 ; then \
echo "Not a supported kernel version. 2.6.18-4-486 > 2.6.19" >&2; \
return 4; \
fi
if [ ! -d /usr/src/linux-source-2.6.18 ]; then \
echo "Kernel src not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 1; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/Kbuild ]; then \
echo "Kernel kbuild not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 2; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/.config ]; then \
echo "Kernel not configured. Run make menuconfig in /usr/src/linux-source-2.6.18" >&2; \
return 3; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/scripts/mod/modpost ]; then \
echo "Kernel sources are incomplete. Please install linux-kbuild-2.6.18" >&2 ; \
return 4; \
fi
Kernel sources are incomplete. Please install linux-kbuild-2.6.18
/bin/sh: line 2: return: can only `return' from a function or sourced script
make: *** [kernel-check] Erreur 1
debuild: fatal error at line 1228:
debian/rules build failed


Stephane.

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sat 10 Mar 2007 at 17:59
Thanks, the build process lacked some error checking, whcih I believe is now corrected in the bzr version control repository. No actions are needed from your part other than repeating the build command:

$ truecrypt-dpkg

It will automatically check and install new updates to the build process

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by boudrant (82.247.xx.xx) on Sat 10 Mar 2007 at 22:47
It worked,

Thanks a lot!

Stephane

[ Parent | Reply to this comment ]

Posted by Steve (62.30.xx.xx) on Sun 11 Mar 2007 at 15:27
[ View Steve's Scratchpad | View Weblogs ]

Isn't it great how many things get fixed after you get more users?!

Steve

[ Parent | Reply to this comment ]

Posted by boudrant (82.247.xx.xx) on Sun 11 Mar 2007 at 23:07
Thanks a lot for your concern.

I finally succeeded in installing TrueCrypt by following your reply to my post.

Unfortunately (strangely?), when i try to access an encrypted file.tc, it says "kernel module not loaded"; so i 'lsmod', and i realize that modules have gone ??? I 'modprobe' them, check that everything's fine, and try again the mounting of the encrypted file : same error.

In fact, modules dies after every try to mount a .tc file.

Stephane

[ Parent | Reply to this comment ]

Posted by sp200606 (82.234.xx.xx) on Mon 12 Mar 2007 at 15:41
Hi Jari, and thanks for your quick replies.

So I've followed the steps you describe in the article 506 - very carefully.
It's starts to work OK -ie, I can go as far as building the 4 .deb packages.

But when I try:
"dpkg -i truecrypt-modules-modprobes_4.2a-1_i386.deb"
then I get the error:
"FATAL: Module truecrypt not found"

By the way, while going through the step "truecrypt-dpkg", I get warnings:
"WARNING: Symbol version dump /usr/src/linux-source-2.6.18/Module.symvers is missing; modules will have no dependencies and modversions."

I suppose it has something to do with the above-mentionned error???

Thanks in advance for you help

Stephane POGGI

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Mon 12 Mar 2007 at 15:52
There is an order to install the *.deb files:

1) Kernel module
2) modprobe module
3) ...and the rest

A message has been added to clarify this in the latest release. In addition The currect truecrypt-installer includes new option --auto and --install, which completely eliminate the "preparation steps".

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by sp200606 (82.234.xx.xx) on Mon 12 Mar 2007 at 16:14
Hi again,

It finally works after I've gone through the steps you described earlier
http://www.debian-administration.org/articles/475

now, I'll start using it!

Thanks a lot

Stephane POGGI

[ Parent | Reply to this comment ]

Posted by sp200606 (82.234.xx.xx) on Tue 13 Mar 2007 at 10:52
Hi (again)

Is there a way to mount a tc volume (vfat formatted) as an ordinary user?
When I try to mount it (truecrypt /myvol.tc /mypath) is says
"truecrypt: Administrator (root) privileges required"

Same problem with a volume created under linux, ext3 (following your direction in this article)

is now I mount it as root, it's read-only to users...

Thanks

Stephane POGGI

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Tue 13 Mar 2007 at 17:14
The binary must be suid. For security reasons, this not the set by default in the generated truecrypt-cli*.deb package. A note is now included in the latest truecrypt-dpkg(1) manual page.

# chmod 4755 $(which truecrypt)

[ Parent | Reply to this comment ]

Posted by sp200606 (82.234.xx.xx) on Tue 13 Mar 2007 at 21:52
Hi Jari,

That's great! Everything works fine now.

We just need to remember to mount the volumes with the "-u" option, and then I can write also on vfat volumes.

So thanks again!

Stephane POGGI

[ Parent | Reply to this comment ]

Posted by Anonymous (203.28.xx.xx) on Sun 18 Mar 2007 at 03:26
There's also LUKS, its supported in the Debian etch installer so encrypting /home is trivial. http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS

To access it in windows, aside from making sure you use a fs windows can read, one can use http://www.freeotfe.org/

[ Parent | Reply to this comment ]

Posted by polrbear (87.209.xx.xx) on Sun 22 Apr 2007 at 16:33
Looks like most of the action on this topic was about a month ago. I hope you are still keeping tabs on this, Jaari. I tried to send you an email to the contact email listed at the bottom of your web site pages, but no luck.

I got to the point #3 where I attempted to build the package (truecryp=
t-dpkg), but it won't build. Here are the error messages it lists before i=
t fails:

# Prepare kernel if necessary.
if [ -d /usr/src/linux-source-2.6.18 ]; then \
if [ ! -f /usr/src/linux-source-2.6.18/.config ]; then \
echo "" >&2; \
echo "*****************************************************=
**************" >&2; \
echo "[NOTE] Kernel sources unconfigured: no .config. Runni=
ng oldfconfig." >&2; \
echo "*****************************************************=
**************" >&2; \
echo "Press RETURN to continue and for all subsequent quest=
ions."; >&2; \
read dummy_answer; \
make -C /usr/src/linux-source-2.6.18 oldconfig; \
cp /usr/src/linux-source-2.6.18/.config /usr/src/linux-sour=
ce-2.6.18/.config.oldconfig; \
fi; \
if ! grep -qE 'CONFIG_BLK_DEV_DM' /usr/src/linux-source-2.6.18/=
.config ; then \
echo "[WARN] CONFIG_BLK_DEV_DM is not enabled. Trying to fi=
x." >&2; \
echo "#CONFIG_BLK_DEV_DM=3Dy" >> /usr/src/linux-source-2.6.=
18/.config; \
fi; \
if [ ! -h /usr/src/linux-source-2.6.18/include/asm ]; then \
echo "[NOTE] Kernel sources not prepared. Running it now" ;=
\
make -C /usr/src/linux-source-2.6.18 CC=3Dgcc prepare scrip=
ts; \
fi; \
fi
# Check that the build structure is in place
if [ ! -d /usr/src/linux-source-2.6.18 ]; then \
echo "[ERROR] Kernel src not found. Please install /usr/src/lin=
ux-source-2.6.18" >&2; \
return 1; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/.config ]; then \
echo "[ERROR] Kernel not configured. Run make menuconfig in /us=
r/src/linux-source-2.6.18" >&2; \
return 2; \
fi
if [ ! -h /usr/src/linux-source-2.6.18/include/asm ]; then \
echo "[ERROR] Kernel not prepared. Please run 'make prepare' in=
/usr/src/linux-source-2.6.18" >&2; \
return 3; \
fi
if [ ! -x /usr/src/linux-source-2.6.18/scripts/mod/modpost ]; then \
echo "[ERROR] Kernel not prepared. Please run 'make scripts' in=
/usr/src/linux-source-2.6.18" >&2 ; \
return 4; \
fi
if [ ! -d /usr/src/linux-headers-2.6.18-3-686 ]; then \
echo "[ERROR] Kernel headers no found. Please install linux-hea=
ders-2.6.18-3-686" >&2; \
return 10; \
fi
[ERROR] Kernel headers no found. Please install linux-headers-2.6.18-3-686
/bin/sh: line 2: return: can only `return' from a function or sourced script
make: *** [kernel-check-src] Error 1
debuild: fatal error at line 1228:
debian/rules build failed


A apt-get install linux-headers-2.6.18-3-686 doesn't work as that particula=
r version cannot be found anywhere anymore. The linux-headers-2.6.18-4-686=
is the current one out there. I installed 4-686 but when I re-run the tru=
ecrypt-dpkg command it doesn't change anything. I found a forum thread whe=
re someone had a similar problem compiling the source code for a driver and=
installing linux-headers-2.6-686 did the trick for him. I tried installin=
g that, but no change at all to the error messages. It just really wants l=
inux-headers-2.6.18-3-686, but I can't give it what it wants.

Any suggestions? It's completely possible there is something simple I'm missing here. I'm about a week into Linux and learning as I go.

Thanks in advance for your help.

Carl

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Wed 25 Apr 2007 at 13:24
Hm. according to your description:

1) the running kernel is 2.6.18-3-686
2) but no header for that particulat kernel no longer can be downloaded.

To remedy:

1) install new kernel
2) install new kernel headers
3) boot to new kernel
... and build as usual:

# truecrypt-dpkg -a
This is similar situation as what the topic "UPGRADES" describes in the article. The running kernel must match the headers in order to truecrypt compilation to succeed.

Thanks, I'll try to clarify the error message in next revision

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (86.61.xx.xx) on Sun 29 Apr 2007 at 00:17
Imho ext3 (or any other journaling file system) isn't a good choice, because if the ordered mode flag isn't used while mounting (or even if it is?), a power failure can more probably result in data loss. So I think it is better to use plain FAT32 or EXT2, without an underlying buffered layer (another fs or loopback device).
Does anyone have a lot of experience with fs problems on power failures when using a "complex mounting scheme" (mounted files as fs, using multiple layers of device mapper)?

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Apr 2007 at 22:11
You're right that a non-journaling file system is safer.

Then again using encrypted partitions of size of several 100G's; the only practical file system is a journaled one.

Having said that, I use ext3 everywhere and have had need for several hard resets (pushing the reset button). So far no data loss. This doesn't mean that it couldn't happen, but I have began to build solid confidence towards ext3.

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by MG (72.204.xx.xx) on Sat 30 Jun 2007 at 22:26
XFS TrueCrypt volumes give astounding robustness with barrier set. We've crashed frequently from flaky utility power and yanked USB cables, but never lost data. Ext3 gave us regular data loss even in plain use so we dropped it.


Shell aliases, note trailing whitespace:

# XFS
alias truex='truecrypt --update-time --filesystem xfs
--mount-options rw,users,noatime,nodiratime,barrier '

# Microsoft FAT
# (only use utf8 option if FAT filesystem is Unicode)
alias truec='truecrypt --mount-options "rw,sync,dirsync,users,
uid=1000,gid=users,umask=077,utf8" '


Usage:

$ truex -i
or
$ truex /dev/xyz /mnt/abc


When mounted, do XFS repair work like so:

$ umount /mnt/abc
$ xfs_repair /dev/mapper/truecrypt0
$ mount /dev/mapper/truecrypt0 /mnt/abc

[ Parent | Reply to this comment ]

Posted by Anonymous (138.130.xx.xx) on Fri 4 May 2007 at 10:03
Change the arch type to all instead of i386 for the installer stuff

[ Parent | Reply to this comment ]

Posted by Anonymous (202.7.xx.xx) on Fri 4 May 2007 at 10:46
Hi found another problem when trying to do it on amd64, you check for the gcc version looks through /proc/kcore - on amd64 thats very large
-r-------- 1 root root 282T 2007-05-04 19:46 /proc/kcore

maybe use
/proc/version

cat /proc/version
Linux version 2.6.20-1-amd64 (Debian 2.6.20-2) (waldi@debian.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sun Apr 15 20:25:49 UTC 2007

[ Parent | Reply to this comment ]

Posted by Anonymous (202.7.xx.xx) on Fri 4 May 2007 at 11:11
had to edit the debian/rules files on the fly and it all worked. mounted up my encrypted filesystem

thanks

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Tue 22 May 2007 at 07:33
Fixed in latest version, thanks.

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (68.62.xx.xx) on Fri 18 May 2007 at 04:00
Great tool! One question though - Is anyone else getting a 404 when running the truecrypt-download?

[ Parent | Reply to this comment ]

Posted by Anonymous (81.64.xx.xx) on Sun 20 May 2007 at 22:04
yup, sadly the script is not working properly with truecrypt 4.3a.

[ Parent | Reply to this comment ]

Posted by Anonymous (217.19.xx.xx) on Mon 21 May 2007 at 13:02
The "a" in 4.3 is the only difference for the current download (may 21st 2007).

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Tue 22 May 2007 at 07:35
The installer utilities have been updated to 4.3a, thanks.

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (74.12.xx.xx) on Mon 28 May 2007 at 23:54
installer still doesn't download 4.3a... and ... i continue to get this error when running truecrypt-dpkg...

[ERROR] Incomplete kernel sources: 'Kbuild' script not found
/bin/sh: line 4: return: can only `return' from a function or sourced script
make: *** [kernel-check-src] Error 1
debuild: fatal error at line 1228:
debian/rules build failed

linux-kbuild is installed.

any help is appreciated.

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Jul 2007 at 19:23
The check has been redesigned and hsould now work better. Nothing needs to be donwloaded, just run the installer again and it fetches fixes. -- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (80.230.xx.xx) on Mon 11 Jun 2007 at 18:31
hi,
I am struggling with the installation of truecrypt on my etch system. I am running kernel 2.6.18-4-686 and I managed to install
truecrypt-installer_20070425-1_i386
and to successfully run
truecrypt-download
and then also
truecrypt-dpkg
the deb files are created but when I try to install
truecrypt-modules-modprobe 4.3a-1
i get
FATAL: Error inserting truecrypt (/lib/modules/2.6.18-4-686/extra/truecrypt.ko): Unknown symbol in module, or unknown parameter (see dmesg)

all i get from dmesg is
truecrypt: Unknown symbol destroy_workqueue
truecrypt: Unknown symbol __create_workqueue
truecrypt: Unknown symbol queue_work


I have removed the config file for the kernel as suggested in the man file and
recompiled but I get the same thing.

any help would be appreciated.

[ Parent | Reply to this comment ]

Posted by Anonymous (81.186.xx.xx) on Mon 16 Jul 2007 at 09:12
Hi,

I've got exactly the same situation:
# dpkg -i truecrypt-modules-modprobe_4.3a-1_i386.deb
(Reading database ... 131848 files and directories currently installed.)
Preparing to replace truecrypt-modules-modprobe 4.3a-1 (using truecrypt-modules-modprobe_4.3a-1_i386.deb) ...
Unpacking replacement truecrypt-modules-modprobe ...
Setting up truecrypt-modules-modprobe (4.3a-1) ...
FATAL: Error inserting truecrypt (/lib/modules/2.6.18-4-686/extra/truecrypt.ko): Unknown symbol in module, or unknown pa
rameter (see dmesg)
dpkg: error processing truecrypt-modules-modprobe (--install):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
truecrypt-modules-modprobe
# dmesg |tail
...
truecrypt: Unknown symbol destroy_workqueue
truecrypt: Unknown symbol __create_workqueue
truecrypt: Unknown symbol queue_work

Has anyone solved this problem or got a clue what could be wrong? I also copied the config file from /boot to /usr/src/linux-source-2.6.18 but it didn't work either.

/Volker

[ Parent | Reply to this comment ]

Posted by ganainm (194.8.xx.xx) on Fri 27 Jul 2007 at 20:47
Hello,

same problem on my system (2.6.18-4-k7).

I guess it's because the truecrypt module does not have a GPL license declared using the MODULE_LICENSE macro.

In patch 20_truecrypt-4.3-Dm-target.c--module-licence-fix.dpatch the string is altered from "GPL and additional rights" to "TrueCrypt Collective License Version 1.1 / TrueCrypt License 2.2".

However, all symbols from the dmesg output are EXPORT_SYMBOL_GPLd, so they are invisible to the truecrypt module.

I did not yet test if reverting to the GPL license string will remedy the issue.

Cheers

Gan Ainm

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Jul 2007 at 19:00
Fixed in latest revision. Nothing needs to be downloaded to get this fix. The build script will install the latest bzr debian control sources.
truecrypt: Unknown symbol destroy_workqueue

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by GasPipe (86.60.xx.xx) on Thu 14 Jun 2007 at 07:51
Hi! I just installed Debian Etch 4.0 and I want to install TrueCrypt.

OK, i got this error when I'm trying to run this command: sudo truecrypt-dpkg

and I got this: dpkg: dependency problems prevent configuration of truecrypt-cli:
truecrypt-cli depends on dmsetup; however:
Package dmsetup is not installed.
truecrypt-cli depends on truecrypt-modules-linux; however:
Package truecrypt-modules-linux is not installed.
truecrypt-cli depends on truecrypt-modules-modprobe; however:
Package truecrypt-modules-modprobe is not configured yet.
dpkg: error processing truecrypt-cli (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
/usr/src/truecrypt-modules-2*.deb
truecrypt-modules-modprobe
truecrypt-cli

And it claims, that there isn't configured kernel and it uses old config. What should I do?

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Jul 2007 at 19:18
Please try installing the missing package as the message indicate:
dmsetup
The order of the installation of the produced *.deb packages was shown in the messages at the screen after successful compilation, namely:
modules-linux, modules-modprobe, cli, doc
-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (134.225.xx.xx) on Sun 15 Jul 2007 at 01:34
Hi:

I am following the instruction, and using the latest source code.
my system stopped after I did the following:

truecrypt-dpkg
Wait, unpacking /usr/src/truecrypt-4.3a-source-code.tar.gz
Wait, getting 'debian' control directory via bzr

How long does it supports to take? Everything before that works fine.

Any idea how to fix?

Regards

[ Parent | Reply to this comment ]

Posted by cocoa117 (134.225.xx.xx) on Sun 15 Jul 2007 at 15:31
few more thing to ask, does bzr requires internet access at that point? I am behind university proxy server which requires user login and password. Maybe that is the reason it halt?

I am using Debian testing (lenny) on i686.

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Mon 30 Jul 2007 at 20:48
Internet connection is needed. Please try, if setting environment variable helps:
http_proxy=http://user:password@host:port
-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (80.94.xx.xx) on Tue 24 Jul 2007 at 08:41
[WARN] Not a supported kernel version.  2.6.21-2-k7 > 2.6.20
/bin/sh: line 3: return: can only `return' from a function or sourced script
make: *** [kernel-version] Error 1
debuild: fatal error at line 1228:
debian/rules build failed

What should I do?

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Jul 2007 at 19:11
The kernel version against where truecrypt compilation was teststed was max 2.6.20. Yours was newer. I'm happy to announce that the truecrypt sources have now been tested up to kernel 2.6.22. No download is needed. Just run the installer again and it gets fixes.
truecrypt-installer --auto

[ Parent | Reply to this comment ]

Posted by jaalto (81.197.xx.xx) on Sun 29 Jul 2007 at 23:38
Correction, make that:
truecrypt-dpkg --auto

[ Parent | Reply to this comment ]

Posted by Anonymous (217.232.xx.xx) on Tue 7 Aug 2007 at 03:11
debian.cante.net is dead.

[ Parent | Reply to this comment ]

Posted by jaalto (91.155.xx.xx) on Sun 6 Jul 2008 at 19:37
The project hub is now at http://freshmeat.net/projects/truecrypt-installer The debian.cante.net no longer hosts the files.

[ Parent | Reply to this comment ]

Posted by Anonymous (58.173.xx.xx) on Tue 11 Sep 2007 at 23:52
Any chance of making a amd64 friendly version of the script ?

[ Parent | Reply to this comment ]

Posted by jaalto (91.155.xx.xx) on Sun 6 Jul 2008 at 19:39
To best of my knowledge there are no problems with AMD64.

[ Parent | Reply to this comment ]

Posted by Anonymous (195.144.xx.xx) on Tue 25 Sep 2007 at 12:23
you should not use SHA-1 hasing any longer, duplicates are found too easily, use RIPEMD-160 instead.

[ Parent | Reply to this comment ]

Posted by paullanders (66.230.xx.xx) on Thu 27 Dec 2007 at 17:28
Hi. When I run truecrypt-dpkg --auto on Debian Etch (kernel 2.6.18-5-686) I receive the following error. I've confirmed that the linux-kebuild-2.6.18 package is already installed.


[ERROR] Kernel kbuild not found. Please install linux-kbuild-2.6.18
/bin/sh: line 3: return: can only `return' from a function or sourced script
make: *** [kernel-check-src] Error 1
debuild: fatal error at line 1228:
debian/rules build failed

Thank you in advance for your help!

[ Parent | Reply to this comment ]

Posted by Anonymous (89.137.xx.xx) on Sun 6 Apr 2008 at 13:20
NOTE 2008-02-12: Truecrypt 5.0 is a complete rewrite and
shares nothing common to previous releases. This utility is
based on the previous version 4.3a, which uses separate kernel
module. There are no plans to support the new Truecrypt
implementation, due to its rewrite.

[ Parent | Reply to this comment ]

Posted by Anonymous (77.253.xx.xx) on Thu 3 Jul 2008 at 20:59
hi, I have problem with truecrypt-dpkg and I do not know how to manage with it. I use Debian Unstable, with standard kernel (now 2.6.25-2-686)

TRVER 4.3a - Truecrypt sources
TRVERMIN 4.1 - Supported Truecrypt version
TRVERMAX 4.3a - Supported Truecrypt version
ISPATCHED yes
KCFG /usr/src/linux-source-2.6.25/.config
KCFG_BOOT /boot/config-2.6.25-2-686 - .config file in /boot
KPATCH - Needs kernel patch?
ISOLDKCFG - Do we have .oldconfig?
ISDEBIAN yes
ISUBUNTU
KCCVER 4.1.3 - Gcc used to build running kernel
/bin/sh: -c: line 0: syntax error near unexpected token `)'
/bin/sh: -c: line 0: `echo GCCVER 4.3.1-4) - Gcc now'
make: *** [selfcheck] Error 2
dpkg-buildpackage: failure: debian/rules build gave error exit status 2
debuild: fatal error at line 1319:
dpkg-buildpackage -rfakeroot -D -us -uc -b -i failed

[ Parent | Reply to this comment ]

Posted by jaalto (91.155.xx.xx) on Sun 6 Jul 2008 at 18:31
Thank you for the report. The fix will be downloaded automatically after re-running:

tc-dpkg --auto

(The names of the binaries have changed in recent releases from truecrypt-* to tc-*). In future, please report problems to:

https://bugs.launchpad.net/truecrypt-installer/

The current project page (hub) is at:

http://freshmeat.net/projects/truecrypt-installer

Jari

[ Parent | Reply to this comment ]

Posted by Anonymous (79.97.xx.xx) on Tue 12 Aug 2008 at 22:40
Hi, am having problems compiling this on Etch 2.6.25

Here are the last few lines and the errors messages I am getting:

if [ -d /usr/src/linux-source-2.6.25 ]; then \
if [ ! -f /usr/src/linux-source-2.6.25/.config ]; then \
echo "" >&2; \
echo "*************************************************" >&2; \
echo "[NOTE] Kernel has no .config file." >&2; \
echo "*************************************************" >&2; \
echo "Press RETURN to continue and for" \
"all subsequent questions."; >&2; \
if [ -f /boot/config-2.6.25-2-amd64 ]; then \
cp /boot/config-2.6.25-2-amd64 /usr/src/linux-source-2.6.25/.config; \
else \
make -C /usr/src/linux-source-2.6.25 oldconfig; \
fi; \
if ! grep -qE 'CONFIG_BLK_DEV_DM' /usr/src/linux-source-2.6.25/.config ; then \
echo "[WARN] CONFIG_BLK_DEV_DM is not enabled." \
" Trying to fix." >&2; \
echo "CONFIG_BLK_DEV_DM=y" >> /usr/src/linux-source-2.6.25/.config; \
fi; \
cp /usr/src/linux-source-2.6.25/.config /usr/src/linux-source-2.6.25/.config.oldconfig; \
fi; \
if [ ! -h /usr/src/linux-source-2.6.25/include/asm ]; then \
echo "[NOTE] Kernel sources not prepared; doing it now." ; \
make -C /usr/src/linux-source-2.6.25 CC=gcc prepare scripts; \
fi; \
fi
[NOTE] Kernel sources not prepared; doing it now.
make[1]: Entering directory `/usr/src/linux-source-2.6.25'
scripts/kconfig/conf -s arch/x86/Kconfig
*
* Restart config...
*
*
* SCSI low-level drivers
*
SCSI low-level drivers (SCSI_LOWLEVEL) [Y/n] y
iSCSI Initiator over TCP/IP (ISCSI_TCP) [M/n/?] m
3ware 5/6/7/8xxx ATA-RAID support (BLK_DEV_3W_XXXX_RAID) [M/n/?] m
3ware 9xxx SATA-RAID support (SCSI_3W_9XXX) [M/n/?] m
ACARD SCSI support (SCSI_ACARD) [N/m/?] (NEW) aborted!

Console input/output is redirected. Run 'make oldconfig' to update configuration.

make[3]: *** [silentoldconfig] Error 1
make[2]: *** [silentoldconfig] Error 2
make[1]: *** No rule to make target `include/config/auto.conf', needed by `include/config/kernel.release'. Stop.
make[1]: Leaving directory `/usr/src/linux-source-2.6.25'
make: *** [kernel-prepare] Error 2
debuild: fatal error at line 1228:

Any advice?
debian/rules build failed

[ Parent | Reply to this comment ]

Posted by jaalto (91.155.xx.xx) on Wed 13 Aug 2008 at 08:16
Kindly report bugs to development place https://bugs.launchpad.net/truecrypt-installer/ as this site is not monitored regularly.

Further correspondence in continued in https://bugs.launchpad.net/truecrypt-installer/+bug/257513

-- Jari Aalto

[ Parent | Reply to this comment ]

Posted by Anonymous (91.182.xx.xx) on Fri 21 May 2010 at 19:00
Hi
I've used succefully your tutorial on debian lenny. Thanks for your good explanation. My problem now is how to read a file stored in a encrypted directory?

Geatings.

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

What do you use for configuration management?








( 669 votes ~ 10 comments )