Tuesday, 27 May 2008

Installing TrueCrypt in Fedora 9

[This article has been updated for Fedora 10. Go over to http://penguinenclave.blogspot.com/2008/12/truecrypt-61-install-guide-for-fedora.html to see the new version]
TrueCrypt (http://www.truecrypt.org/) is a popular free on-the-fly disk encryption software that can encrypt files, partitions, whole disks and even a windows installation. It is an extremely useful and important tool if you wish to keep personal and confidential data from being accessed by unauthorized people. TrueCrypt even supports plausible deniability, allowing you to hide an encrypted volume inside another volume. TrueCrypt volumes are indistinguishable from random data, so an adversary cannot prove that you have a TrueCrypt volume hidden inside a dummy encrypted volume.
Unfortunately, the TrueCrypt website only provides binaries for Ubuntu and OpenSuSE, so for those of us running other distros, the only option is to compile from source. The steps below outline the installation procedure on a Fedora 9 machine.

For an advanced encryption utility, TrueCrypt is surprisingly light on size and dependencies. Download the TrueCrypt sources from http://www.truecrypt.org/downloads2.php (Select Mac OS X / Linux (.tar.gz) from the combo box and tick the check box to agree to the license agreement before clicking the Download button) and wxWidget sources from http://sourceforge.net/project/showfiles.php?group_id=9863 (You only need the wxGTK bundle).

Step 1:
Install the fuse libraries.
sudo yum install fuse-devel

Step 2:
Untar the sources.
tar xvf TrueCrypt\ 5.1a\ Source.tar.gz
tar xvf wxGTK-2.8.7.tar.gz


Step 3:
Build the wxWidgets sources for TrueCrypt.
cd truecrypt-5.1a-source/
make WX_ROOT=../wxGTK-2.8.7 wxbuild

Edit:An anonymous commenter pointed out that passing a relative path to WX_ROOT resulted in compilation errors. If you have the same problem, provide the full path to wxGTK.
make WX_ROOT=/home/januz/Downloads/wxGTK-2.8.7 wxbuild


Step 4:
Build TrueCrypt.
gcc 4.3 is very strict during compilation, therefore you will encounter compilation errors with a message similar to "‘memcpy’ was not declared in this scope". The fix is to simply add
#include <cstring> to each of the following files:
  • Platform/Memory.cpp

  • Volume/EncryptionTest.cpp

  • Core/FatFormatter.cpp

I have created a patch file with the above changes which can be found here. To apply the patch, run the following command:
patch -p1 < truecrypt5.1.patch
Once the sources are patched, compile TrueCrypt by typing
make

Step 5:
Once make has finished running, the TrueCrypt executable can be found inside the Main directory. Simply copy it to your bin folder to add it to the executable path.
cp Main/truecrypt ~/bin

That's it ! TrueCrypt is quite intuitive and easy to use. But if you're in doubt, have a look through http://www.truecrypt.org/docs/ which has very detailed instructions on getting started.


30 comments:

Anonymous said...

Mine wanted the full path to the wxGTK when trying to compile the "wxbuild" step.

#make WX_ROOT=../wxGTK-2.8.7 wxbuild

would return errors such as,

Configuring wxWidgets library...
/bin/sh: ../wxGTK-2.8.7/configure: No such file or directory
make: *** [wxbuild] Error 127

What it really needed was,

#make WX_ROOT=/home/downloads/wxGTK-2.8.7 wxbuild

Or wherever the full path of the unzipped wxGTK bundle was.

JanuZ said...

Hmm... intriguing. I honestly can't remember whether I provided the full path or the relative path to WX_ROOT when I built it. (I write the article from memory after I finish installing everything). Anyway, I will change it to full path just to be safe. Thanks for pointing that out.

Anonymous said...

Yes! It worked! (FC9)

For me also a full path was needed.

Ted said...

When I try to compile wxWidgets, I get this error:

[Chuckles@localhost truecrypt-5.1a-source]$ make WX_ROOT=/home/Chuckles/Download/wxGTK-2.8.7 wxbuild
Configuring wxWidgets library...
configure: error: Can't use --enable-std_string without std::wstring or std::basic_string(wchar_t)
make: *** [wxbuild] Error 1

it should be chevrons around wchar_t, it wouldn't accept it otherwise.

JanuZ said...

That's the first time I heard that complaint Ted. Strange indeed. Maybe you're missing a library ? Since the problem seems to be caused by wide chars, I suspect something wrong with the unicode support. Try rpm -qa | grep libicu to see whether you got the unicode libraries in place. Ofcourse I am just taking pot shots here, because I have no way of recreating your situation at my end.

Anonymous said...

Worked like a charm. Thank you ever so much for your excellent instructions.

Cryptor said...

Just installed truecrypt 5.1a on a FC6 system using these instructions. Used the full path to wxwidgets and didn't need the patch either. thanks!

kymnyth said...

I couldn't get the wxbuild target to execute with the wxGTK only. I kept getting errors related to GTK+-2.0. When I ran pkg-config GTK+-2.0 --libs it couldn't find the package. In addition, running gtk-config --version kicked out 1.2.10. However, running rpm -q gtk2-devel I get gtk-2.12.10-2.fc9.i386. I decided to try the full wxWidget tar and executed the wxbuild target and everything worked like a charm.

JanuZ said...

I am not sure why that happened. The only possible explanation I have is that maybe you are running KDE and don't have the Gnome libraries installed.

northernlight said...
This comment has been removed by the author.
Anonymous said...

Thanks for the walkthrough. However, it looks like it is going to work, but when I mount a volume and try to access it, Gnome informs me that "The folder contents could not be displayed.
You do not have the permissions necessary to view the contents of "truecrypt1"."

Grateful for any further help at this stage.
Fedora 9 (Sulphur)
Kernel 2.6.25.9-76.fc9.i686

northernlight said...

Not sure about the step:
cp Main/truecrypt ~/bin

I don't think I have a ~/bin :-(

JanuZ said...

I am puzzled by the permissions problem. Check /etc/udev/rules.d/99-fuse.rules file to make sure the default assigned permisisons are at least 0666. But if you never had any problems using a USB drive, this can't be the issue. If TrueCrypt mounts the volume in /media/truecrypt1, and you only have a problem accessing the folder, try a sudo chown username:group /media/truecrypt1 or sudo chmod 666 /media/truecrypt1. As for ~/bin, I manually created it for my own scripts and programs. You can do the same if you wish, or you can just copy the Truecrypt binary to a folder such as /usr/local/bin

Anonymous said...

This is in /media/:
drwx------ 2 root root 16384 1970-01-01 01:00 truecrypt1

Unfortunately, neither chown nor chmod has any effect on the truecrypt1 directory

Seb said...

Hi,

I am having some trouble as well installing Truecrypt on my newly installed Fedora 9.

First I'm using TrueCrypt 6.0a and wxGTK-2.8.8.

Then, I use the command
# make WX_ROOT=/home/xxx/wxGTK-2.8.8 wxbuild

It goes through with some warnings, and _no errors_. But at the end I cannot find any truecrypt binary in the folders, especially in ./Main. (a find . -name "truecrypt" does not return anything)

Here is the log of the compilation :

-------------------------------------
# make WX_ROOT=/home/xxx/wxGTK-2.8.8 wxbuild
Configuring wxWidgets library...
Building wxWidgets library...
/home/xxx/wxGTK-2.8.8/src/common/datetime.cpp: In member function `wxDateTime::Tm wxDateTime::GetTm(const wxDateTime::TimeZone&) const':
/home/xxx/wxGTK-2.8.8/src/common/datetime.cpp:1768: attention : `tm.wxDateTime::Tm::yday' may be used uninitialized in this function
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp: In member function `virtual size_t wxMBConv_iconv::GetMBNulLen() const':
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp:1960: attention : deprecated conversion from string constant to `wchar_t*'
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp: In member function `virtual size_t wxMBConvUTF16BE::FromWChar(char*, size_t, const wchar_t*, size_t) const':
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp:1223: attention : `cc[1]' may be used uninitialized in this function
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp: In member function `virtual size_t wxMBConvUTF16LE::FromWChar(char*, size_t, const wchar_t*, size_t) const':
/home/xxx/wxGTK-2.8.8/src/common/strconv.cpp:1140: attention : `cc[1]' may be used uninitialized in this function
/home/xxx/wxGTK-2.8.8/src/gtk/bitmap.cpp: In member function `void* wxBitmap::GetRawData(wxPixelDataBase&, int)':
/home/xxx/wxGTK-2.8.8/src/gtk/bitmap.cpp:971: attention : parenthèses suggérées autour de && à l'intérieur de ||
/home/xxx/wxGTK-2.8.8/src/gtk/gsockgtk.cpp:134: attention : `wxDummyGsockVar' defined but not used
#

(sorry, it's a French system... :) )

Does anyone have any idea what's going on ?
Any help greatly appreciated !

Bye,
Seb

JanuZ said...

@seb: You forgot the last step mate. After wxbuild, you have to run make again to compile the actual TrueCrypt sources. You must have missed it because that step is mixed up with the patching details.

@northernlight: No wonder you can't access truecrypt1, only root has permissions. Did you try sudo chown xxx:xxx /media/truecrypt1 ? or su -c "chown xxx:xxx /media/truecrypt1" ? Substitute your username and group in place of xxx:xxx. Usually both are the same.

Seb said...

@JanuZ : Thank you so much for your help, JanuZ. TrueCrypt is now perfectly running.

And my apologies for not reading your tutorial more carefully.

Bye,
Seb

Anonymous said...

Seb, I had the exact same thing and your comment helped my bypass it. So thanks for not reading the tutorial more carefully - because more people don't. :)

northernlight said...

@Januz

Thanks for staying with this one. Here's the problem:
[peter@HP media]$ ls -la
total 28
drwxr-xr-x 3 root root 4096 2008-07-19 17:46 .
drwxr-xr-x 24 root root 4096 2008-07-16 21:43 ..
drwx------ 6 root root 16384 1970-01-01 01:00 truecrypt1
[peter@HP media]$ su
Password:
[root@HP media]# chown peter:peter ./truecrypt1/
chown: changing ownership of `./truecrypt1/': Operation not permitted
[root@HP media]#

Grateful for any further ideas.

JanuZ said...

@northernlight:
I am stumped. The commands you have typed should work !. There are two more things you could try:
1. su -c "chmod 666 /media/truecrypt1"

2. If that doesn't work. Then open up /etc/udev/rules.d/99-fuse.rules. Check whether the MODE is 666, if it is not, change it 666 and save the file. Then restart fuse by typing:
su -c "service fuse restart". Try to mount your truecrypt volume again and see whether you got access now.

I can't imagine why TrueCrypt would mount the volume with only root privileges. If you manage to find out why, please post it here so that others can learn about it too.

In the meantime, if all else fails, you can do the ugly thing to access your files. Run nautilus as root : su -c "nautilus". Then you will be able to browse the truecrypt volume. But please be warned that if you do this, there's a risk that you will unintentionally damage a system file and brick your OS.

northernlight said...

@JanuZ
Thanks again. root can access the contents of the mounted volume, but it seems to be impossible to assign permissions to me as user:
[root@HP media]# pwd
/media
[root@HP media]# ls -la
total 28
drwxr-xr-x 3 root root 4096 2008-07-19 17:46 .
drwxr-xr-x 24 root root 4096 2008-07-20 09:01 ..
drwx------ 6 root root 16384 2008-07-20 10:09 truecrypt1
[root@HP media]# chmod 666 ./truecrypt1/
[root@HP media]# ls -la
total 28
drwxr-xr-x 3 root root 4096 2008-07-19 17:46 .
drwxr-xr-x 24 root root 4096 2008-07-20 09:01 ..
drwx------ 6 root root 16384 2008-07-20 10:09 truecrypt1
[root@HP media]#

I appreciate your efforts, and if I find the cause/solution I'll post here.

Anonymous said...

Regarding the permissions issue: I had the same problem, because I was starting truecrypt as su, and /media/truecrypt1 also got mounted by su.

I installed and configured sudo ( http://fedorasolved.org/post-install-solutions/sudo ), so I could start truecrypt from my account with 'sudo truecrypt'. Then there were no problems with permissions.

JanuZ said...

But you don't need to start truecrypt as root. It works fine when invoked as a normal user. That's how I run it anyway and that's why I am stumped by Northernlight's permission problems.

oversider-kosma said...

I was compiling TrueCrypt on fresh Debian/Lenny system and got the same error what Ted said (so i've found this page).



Then I've tried to configure and make wxWidgets itself. I have found out that there is no g++ installed. =)

Installing g++ have solved the problem.

PS: Sorry for my poor english. I know it is terrible.

JanuZ said...

Thanks oversider-kosma. It never occurred to me that g++ is the culprit. I would have expected a a warning about missing g++ rather than wide chars !

Anonymous said...

Hello everybody. One thing that helped me in addition, was adding arguments to step 2 "make" -> "make WX_CONFIG=/home/me/Downloads/truecrypt-6.1-source/wxrelease/wx-config"

Then make ran succesfully.

JanuZ said...

Thanks for the tip. Much appreciated !

Anonymous said...

from a clean fedora 10 install i had to install these packages (and dependencies) to make it work:

gtk2-devel
gcc-c++

John said...

On a fedora 10 I needed to install also gtk2-devel and gcc, but still I have no luck in compiling.

This is what I'm getting:

In file included from Keyfile.cpp:10:
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:43:21: warning: pkcs11.h: není souborem ani adresářem
In file included from Keyfile.cpp:11:
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:56: error: ‘CK_SLOT_ID’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:57: error: ‘CK_FLAGS’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:77: error: ‘CK_OBJECT_HANDLE’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:80: error: ‘CK_SLOT_ID’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:86: error: expected `)' before ‘errorCode’
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:92: error: expected `)' before ‘errorCode’
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:106: error: ‘CK_RV’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:109: error: ‘CK_RV’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:160: error: ‘CK_SESSION_HANDLE’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:181: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:183: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:186: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:194: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_OBJECT_HANDLE’ was not declared in this scope
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: template argument 1 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: template argument 2 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_ATTRIBUTE_TYPE’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_OBJECT_HANDLE’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_ATTRIBUTE_TYPE’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: ‘CK_SLOT_ID’ was not declared in this scope
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: template argument 1 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: template argument 2 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:198: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:199: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:200: error: ‘CK_SLOT_ID’ has not been declared
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:205: error: ‘CK_FUNCTION_LIST_PTR’ does not name a type
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: ‘CK_SLOT_ID’ was not declared in this scope
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 1 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 3 is invalid
/home/user/tc/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 4 is invalid
make[1]: *** [Keyfile.o] Error 1
make: *** [all] Error 2

Any help, Januz? Thank you in advance.

JanuZ said...

Hi, I updated my guide to installing TrueCrypt on Fedora. Check it out here : http://penguinenclave.blogspot.com/2008/12/truecrypt-61-install-guide-for-fedora.html