How to make *.deb packages from Truecrypt sources
Posted by jaalto on Fri 19 Jan 2007 at 10:40
Truecrypt is Open Source disk encryption software which uses concept of containers to store encrypted data. If you have several workstations, manual install of Truecrypt is quite tedious, It would be nice to have ready binary packages for the workstations' CPU architectures and manage the installation standard Debian packaging. Here are step by step instructions how to convert Truecrypt sources into such packages.
At the time of writing (2007-01-06) the Truecrypt site[1] provided only few *.deb binary packages geared towards Ubuntu releases: e.g. truecrypt-4.2a-ubuntu-6.10-x86.tar.gz is a double package containing a binary *.deb. Unfortunately no Debian source packages are provided to replicate this process for different CPU architectures or kernels.
The following instructions can be used to convert Truecrypt source into Debian packages. If you want hassle free install of Truecrypt, distribute Truecrypt from your personal Debian archive to your servers (e.g. by using approx) or if want to store the 3rd party install files for backup purposes, the *.deb files are ideal.
PREPARATIONS FOR THE BUILD PROCESS
1) Install development software
apt-get install build-essential libncurses5-dev devscripts debhelper dpatch bzr
2) install Linux kernel sources
# Like "2.6.18" KVER=$(uname -r | sed 's/-.*//') apt-get install linux-source-$KVER linux-kbuild-$KVER
3) Prepare kernel. You don't need to compile anything, but let the configuration utility to generate few files that match your architecture.
cd /usr/src tar -jxf linux-source-$KVER*.bz2 cd /usr/src/linux-source-$KVER make menuconfig ... press TAB and select "Exit" Do you wish to save your new kernel configuration? ... Press TAB and select "Yes" to write ".config" file
DOWNLOADING TRUECRYPT SOURCES
Visit http://www.truecrypt.org/downloads.php and under "Linux" pick selection box choice "Other (source code)" and press [download] button. Save archive file e.g. to directory /usr/src/truecrypt/ and unpack truecrypt sources:
cd /usr/src/truecrypt tar -zxf *.gz
MAKING DEBIAN TRUECRYPT PACKAGE(S)
The needed /debian control directory that guides the build process is available from a bzr revision control repository:
cd /usr/src/truecrypt/*4.2a bzr branch http://cante.net/~jaalto/tmp/debian/truecrypt/debian
To later download possible corrections to the build process, run following command. The bzr pull command is similar to the update command used in CVS and SVN revision control softwares.
cd /usr/src/truecrypt/*4.2a/debian
bzr pull
4) Build Debian packages for the current kernel. The options "-uc -us" make packages without cryptographic signing and "-i" option tells to ignore revision control directory (see manual page of dpkg-buildpackage(1) for more information).
cd /usr/src/truecrypt/*4.2a debuild -uc -us -i.bzr
5) Check and install packages that appear in one directory above. To check contents of some *.deb, run it through command dpkg --info.
- The first dpkg command installs the *.ko Kernel module. This package must be generated and installed for every new kernel.
- The second install adds configuration file to load truecrypt module on boot.
- The third installs the /usr/bin/truecrypt command line program.
- The Last one installs User Guide to /usr/share/doc/truecrypt-doc/
cd .. # That's /usr/src/truecrypt ls *.deb dpkg -i truecrypt-modules-2.6*.deb dpkg -i truecrypt-modules-modprobe*.deb dpkg -i truecrypt-cli*.deb dpkg -i truecrypt-doc*.deb
UPGRADES
After kernel upgrade, the steps to repeat are:
- install new kernel, boot to it.
- Get kernel sources and prepare them (repeat steps 2 and 3)
- Build new *.deb packages (step 4)
- Install new *.deb packages for your kernel (step 5)
REFERENCES
[1] Truecrypt Foundation http://www.truecrypt.org
[2] Truecrypt 4.2a and Kernel 2.6.18 and 2.6.19 support
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
I know, FreeOTFE says it supports them, but I have been trying for days to get it to open my luks-container from my USB-pen, without success. (yes, i'm clever enough to make sure i used the correct password, and it's fat formatted, so shoudn't be a problem, right? Wrong. Also, it seems not to make a difference if you use a looped image-file, or directly encrypt the partition) So, basically, I have given up and now try to get truecrypt working in linux, instead of luks in windows.
[ Parent | Reply to this comment ]
Thanks for your instructions.
Unfortunatly, I'm stuck in the process:
debuild -uc -us -i.bzr exit on error code:
"/bin/sh: scripts/mod/modpost: No such file or directory"
I'm not too experienced with Linux, so I don't know what to do. Any idea?
Here is the full dump of that step:
BEGIN ################################################################# #####
debian/rules clean
sed -e "s/_KVER_/2.6.18/g" \
-e "s/_KVERS_/2.6.18-4-686/g"\
-e "s/_TRVER_/4.2a/g"\
debian/control.in > debian/control
cd debian && cp truecrypt-modules.postinst.in truecrypt-modules-2.6.18-4-686.postinst
cd debian && cp truecrypt-modules.postrm.in truecrypt-modules-2.6.18-4-686.postrm
dpatch deapply-all
reverting patch 20_Cli.c--version-and-unofficial-notice from ./ ... ok.
reverting patch 10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2.6.19 from ./ ... ok.
rm -rf patch-stamp patch-stampT debian/patched
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
rm -f Linux/Cli/*.o Linux/Kernel/*o Linux/Cli/truecrypt
rm -f Linux/Common/*.o Linux/Common/platform Crypto/*.o Crypto/.*.o
rm -f Common/*.o Common/platform
rm -rf /usr/src/truecrypt/truecrypt-4.2a/debian/truecrypt*/
# Add here commands to clean up after the build process.
/usr/bin/make clean
make[1]: Entering directory `/usr/src/truecrypt/truecrypt-4.2a'
make[1]: *** No rule to make target `clean'. Stop.
make[1]: Leaving directory `/usr/src/truecrypt/truecrypt-4.2a'
make: [clean] Error 2 (ignored)
dh_clean
dpkg-source -i.bzr -b truecrypt-4.2a
dpkg-source: building truecrypt in truecrypt_4.2a-1.tar.gz
dpkg-source: building truecrypt in truecrypt_4.2a-1.dsc
debian/rules build
dh_testdir
# Add here commands to configure the package.
touch configure-stamp
if ! dpkg --compare-versions "4.2a" le "4.2a" ; then \
echo "Not a supported truecrypt version. 4.2a > 4.2a" >&2; \
return 4; \
fi
if ! dpkg --compare-versions 2.6.18-4-686 le 2.6.19 ; then \
echo "Not a supported kernel version. 2.6.18-4-686 > 2.6.19" >&2; \
return 4; \
fi
if [ ! -d /usr/src/linux-source-2.6.18 ]; then \
echo "Kernel src not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 1; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/Kbuild ]; then \
echo "Kernel kbuild not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 2; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/.config ]; then \
echo "Kernel not configured. Run make menuconfig in /usr/src/linux-source-2.6.18" >&2; \
return 3; \
fi
test -d debian/patched || install -d debian/patched
dpatch apply-all
applying patch 10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2.6.19 to ./ ... ok.
applying patch 20_Cli.c--version-and-unofficial-notice to ./ ... ok.
dpatch cat-all >>patch-stampT
mv -f patch-stampT patch-stamp
dh_testdir
# Add here commands to compile the package.
# /usr/bin/make
#docbook-to-man debian/truecrypt.sgml > truecrypt.1
cd Linux/Kernel && make KERNEL_SRC=/usr/src/linux-source-2.6.18 NO_WARNINGS=1
make[1]: Entering directory `/usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel'
make[2]: Entering directory `/usr/src/linux-source-2.6.18'
WARNING: Symbol version dump /usr/src/linux-source-2.6.18/Module.symvers
is missing; modules will have no dependencies and modversions.
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aescr ypt.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aeske y.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aesta b.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_ec b.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_en c.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_sk ey.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_ecb .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_enc .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_ske y.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Des.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Des_e nc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Ecb3_ enc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Serpe nt.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Set_k ey.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Twofi sh.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Crc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Crypt o.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Endia n.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/GfMul .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Tests .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/Dm-target.o
LD [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/truecrypt.o
Building modules, stage 2.
MODPOST
/bin/sh: scripts/mod/modpost: No such file or directory
make[3]: *** [__modpost] Error 127
make[2]: *** [modules] Error 2
make[2]: Leaving directory `/usr/src/linux-source-2.6.18'
make[1]: *** [truecrypt] Error 2
make[1]: Leaving directory `/usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel'
make: *** [build-stamp] Error 2
END ################################################################# ##########
Thanks again
Stéphane POGGI
[ Parent | Reply to this comment ]
-- Jari
[ Parent | Reply to this comment ]
http://cante.net/~jaalto/tmp/debian/truecrypt/debian .
Would be nice if you'd edit the article according to the way described in
https://launchpad.net/truecrypt-installer .
Cya!
Max
[ Parent | Reply to this comment ]