brl/gnome-shell
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

shellMountOperation: Support TCRYPT

Browse Source 
This extends the ShellMountPasswordDialog by widgets which allow
specifying parameters supported by TrueCrypt and VeraCrypt compatible
volumes (TCRYPT). This includes:

 - Whether the volume to be unlocked is hidden.
 - Whether the volume to be unlocked is a system partition.
   Note: TrueCrypt and VeraCrypt only support encrypting Windows
   systems [1], so the label for this option is "Windows System Volume".
 - Whether to use a PIM [2].
 - Whether to use keyfiles. Unfortunately, GMountOperation doesn't
   support TCRYPT keyfiles, so if this checkbox is checked, we tell the
   user that they should unlock the volume with Disks, which supports
   unlocking TCRYPT volumes with keyfiles.

[1] https://www.veracrypt.fr/en/System%20Encryption.html
[2] https://www.veracrypt.fr/en/Header%20Key%20Derivation.html

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/126
This commit is contained in:
segfault
2019-04-07 23:35:07 +02:00
committed by Florian Müllner
parent af26e2b212
commit aa3e64aec3
3 changed files with 157 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
js/ui/components/automountManager.js
View File

@ -5,6 +5,7 @@ const Mainloop = imports.mainloop;
const Params = imports.misc.params;
const GnomeSession = imports.misc.gnomeSession;
const Main = imports.ui.main;
const ShellMountOperation = imports.ui.shellMountOperation;
var GNOME_SESSION_AUTOMOUNT_INHIBIT = 16;
@ -199,12 +200,20 @@ var AutomountManager = class {
// error strings are not unique for the cases in the comments below.
if (e.message.includes('No key available with this passphrase') || // cryptsetup
e.message.includes('No key available to unlock device') || // udisks (no password)
e.message.includes('Error unlocking')) { // udisks (wrong password)
// libblockdev wrong password opening LUKS device
e.message.includes('Failed to activate device: Incorrect passphrase') ||
// cryptsetup returns EINVAL in many cases, including wrong TCRYPT password/parameters
e.message.includes('Failed to load device\'s parameters: Invalid argument')) {
this._reaskPassword(volume);
} else {
if (e.message.includes('Compiled against a version of libcryptsetup that does not support the VeraCrypt PIM setting')) {
Main.notifyError(_("Unable to unlock volume"),
_("The installed udisks version does not support the PIM setting"));
}
if (!e.matches(Gio.IOErrorEnum, Gio.IOErrorEnum.FAILED_HANDLED))
log('Unable to mount volume ' + volume.get_name() + ': ' + e.toString());
this._closeOperation(volume);
}
}