Tuesday, 9 December 2008

TrueCrypt 6.1 Install Guide For Fedora 10

Compared to previous versions, installing TrueCrypt 6.1 on Fedora 10 was quite straightforward. Here is a quick list of steps to follow:

1. Download the TrueCrypt 6.1 source tarball from www.truecrypt.org
2. Untar the source
tar xvf TrueCrypt\ 6.1a\ Source.tar.gz
3. Install required libraries
sudo yum install nss-pkcs11-devel fuse-devel wxGTK wxGTK-devel
EDIT: You might also need the following packages if you haven't installed them already. (Thanks Vin).
sudo yum install gnome-keyring-devel gcc-c++
4. Export the Cryptoki include folder
export PKCS11_INC=/usr/include/gp11
5. Run make
make
You may get the following error messages:
../Common/SecurityToken.cpp:654: error: ‘CKR_NEW_PIN_MODE’ was not declared in this scope
../Common/SecurityToken.cpp:655: error: ‘CKR_NEXT_OTP’ was not declared in this scope

5.1 Open Common/SecurityToken.cpp in your favourite editor.
5.2 Scroll to line 654
5.3 Comment out line 654 and 655. It should look like this:
// TC_CASE_STR (CKR_NEW_PIN_MODE);
// TC_CASE_STR (CKR_NEXT_OTP);
5.4 Save and exit
5.5 Run make again
[Some people may not like to fiddle with code like this. But these two lines are only used to generate error messages. At the very worst, you will end up getting a generic error message instead of a more focussed one. ]
6. TrueCrypt is now compiled. You can find the executable inside the folder titled 'Main'. You might want to make it available from your bin directory for easy access.
sudo cp Main/truecrypt /usr/share/bin

All done!

27 comments:

Matt said...

This works great -- thank you so much for the guide!

vin said...

Very handy guide, you didn't mention that couple of packages are required though, namely gcc-c++ & gnome-keyring-devel.

# yum install gnome-keyring-devel gcc-c++

Cheers Matt

JanuZ said...

Thanks Vin. I usually install the development packages by default on my Fedora installations. Didn't realise that many people don't do so.

Derek said...

I am still getting the same errors.

[dmmccall@redrocket truecrypt-6.1a-source]$ make
Compiling Keyfile.cpp
In file included from Keyfile.cpp:10:
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:43:21: warning: pkcs11.h: No such file or directory
In file included from Keyfile.cpp:10:
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:56: error: ‘CK_SLOT_ID’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:57: error: ‘CK_FLAGS’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:77: error: ‘CK_OBJECT_HANDLE’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:80: error: ‘CK_SLOT_ID’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:86: error: expected `)' before ‘errorCode’
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:92: error: expected `)' before ‘errorCode’
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:106: error: ‘CK_RV’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:109: error: ‘CK_RV’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:160: error: ‘CK_SESSION_HANDLE’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:181: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:183: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:186: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:194: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_OBJECT_HANDLE’ was not declared in this scope
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: template argument 1 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: template argument 2 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:195: error: ‘CK_ATTRIBUTE_TYPE’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_OBJECT_HANDLE’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:196: error: ‘CK_ATTRIBUTE_TYPE’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: ‘CK_SLOT_ID’ was not declared in this scope
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: template argument 1 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:197: error: template argument 2 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:198: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:199: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:200: error: ‘CK_SLOT_ID’ has not been declared
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:205: error: ‘CK_FUNCTION_LIST_PTR’ does not name a type
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: ‘CK_SLOT_ID’ was not declared in this scope
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 1 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 3 is invalid
/home/dmmccall/Download/truecrypt-6.1a-source/Common/SecurityToken.h:211: error: template argument 4 is invalid
make[1]: *** [Keyfile.o] Error 1
make: *** [all] Error 2


Any ideas? I installed all the packages listed. I am new to Linux so sorry if I am overlooking the obvious.

Thanks,
Derek

Derek said...

OK, I got past that error. I don't have the /usr/include/gp11 folder. I repointed that to get to the next reound of errors.

Thank you very much for your help!

Thanks,
Derek

Brian, Jill, Ava & Andrew said...

I get through all the steps, but when I type "make" I get this message -

make: *** No targets specified and no makefile found. Stop.

Thanks

JanuZ said...

Hi, after extracting the tarball, you should change directory to the extracted folder "cd truecrypt-6.1a-source" before continuing with the rest of the instructions. Sorry I didn't mention it in the article. I thought it was obvious.

Cheers

Brian, Jill, Ava & Andrew said...

Thanks for the help. One more problem - I'm having the same problem as Derek (4th post). He mentioned later not having the /usr/include/gp11 folder, which I have. Not sure if this is related though. How did he get past this? Thanks again for the help and this tutorial.

JanuZ said...

Well, when you run "sudo yum install nss-pkcs11-devel" it installs the Cryptoki include files in /usr/include/nss3 and /usr/include/gp11. Pointing the PKCS11_INC variable to /usr/include/nss3 didn't work for me but you can give it a try.

I would expect yum to install the include files in the same path on every Fedora installation. So I am stumped by the missing gp11 folder! Just in case I am wrong, run "find / -name pkcs11\* 2>/dev/null" to see whether the pkcs11.h file got installed somewhere else.

Brian, Jill, Ava & Andrew said...

I worded the last post bad, I meant to say I have the /usr/include/gp11 folder. I didn't mean to imply that I had the same issue as Derek with regards to the missing folder.

I ran the find command and here are the results:
[brian@Fedora ~]$ find / -name pkcs11\* 2>/dev/null
/etc/pam_pkcs11/pkcs11_eventmgr.conf
/usr/bin/pkcs11_inspect
/usr/bin/pkcs11_eventmgr
/usr/bin/pkcs11_setup
/usr/include/gp11/pkcs11g.h
/usr/include/gp11/pkcs11.h
/usr/include/gp11/pkcs11n.h
/usr/include/nss3/pkcs11f.h
/usr/include/nss3/pkcs11u.h
/usr/include/nss3/pkcs11t.h
/usr/include/nss3/pkcs11.h
/usr/include/nss3/pkcs11n.h
/usr/include/nss3/pkcs11p.h
/usr/include/xulrunner-sdk-1.9/system_wrappers/pkcs11t.h
/usr/share/pam_pkcs11/pkcs11_eventmgr.conf.example
/usr/share/man/man1/pkcs11_inspect.1.gz
/usr/share/man/man1/pkcs11_eventmgr.1.gz
/usr/lib/pkcs11

So it looks like they were installed in the same locations as you stated.
Thanks again for the help.

JanuZ said...

Sorry I got carried away :). So you indeed have the necessary files. Is the PKCS11_INC variable set correctly ? Try to do "echo $PKCS11_INC and see if it still contains the value /usr/include/gp11. If it is set correctly, then you shouldn't have any problems!

Good luck !

Brian, Jill, Ava & Andrew said...

I entered what you sent and got nothing back.

[brian@Fedora ~]$ echo $PKCS11_INC

[brian@Fedora ~]$

I'm assuming this means the variable is not set correctly, but I'm not sure how to set it.

I appreciate your patience, but if this becomes too much just cut me off. I have already learned a lot more about Fedora than when I started. I know your intention was to show people how to get Truecrypt running and not to teach someone the basics of Linux. I really do appreciate what you have done and your patience with me.

JanuZ said...

No worries mate. That variable should not be empty. That's why you kept getting those errors. Run "export PKCS11_INC=/usr/include/gp11" and then try to run "make" again. That should solve your problem.

cheers

Brian, Jill, Ava & Andrew said...

It worked! I bet you never thought you would see me post that. Thanks so much for you patience and help.

Anonymous said...

Guys, is is really so difficult to read the ReadMe file?

"Requirements for Building TrueCrypt for Linux and Mac OS X:
-----------------------------------------------------------
(...)
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
located in a standard include path or in a directory defined by the
environment variable 'PKCS11_INC'."

One does not need to modify any sources!

JanuZ said...

To be honest, I didn't try to compile with the sources from the RSA website. Have you noticed that the modification dates for all the source files are in 2003/2004 ? What are the chances that the files in the Fedora repositories are even older than that ?

If you managed to compile TrueCrypt 6.1 on Fedora 10 without modifying the sources, please post your steps. I am sure others will appreciate it.

cheers.

Andrea said...

Thank you sooo much for this. I've been pulling my hair out for days.

Anonymous said...

thanks for the great tutorial.
Maybe you want to copy the file to /usr/local/bin

sudo cp Main/truecrypt /usr/local/bin/

Regars, Zed

Anonymous said...

Works like a charm. Much appreciated.
Pavan

Anonymous said...

Note the make file looks for /usr/local and you need /usr . Edit Makefile and change export PKG_CONFIG_PATH ?= /usr/local/lib/pkgconfig
to
export PKG_CONFIG_PATH ?= /usr/lib/pkgconfig

Anonymous said...

Thank it's work well even with Truecrypt version 6.2a and fedora 10.
Just one change in commenting
// TC_TOKEN_ERR (CKR_NEW_PIN_MODE);
// TC_TOKEN_ERR (CKR_NEXT_OTP);
instead of
// TC_CASE_STR (CKR_NEW_PIN_MODE);
// TC_CASE_STR (CKR_NEXT_OTP);

JanuZ said...

Thanks for the tip Anonymous. :)

Tim said...

Hi there. I've been following your instructions attempting to install TrueCrypt on Fedora Core 11 (i386). I've defined the environment variable PKCS11_INC ok (it shows up on an echo $PKCS11_INC) and the directory /usr/include/gp11 exists etc. When I attempt to build I get:

In file included from ../Common/SecurityToken.h:43,
from ../Common/SecurityToken.cpp:25:
/usr/include/gp11/pkcs11.h:1263:1: warning: "NULL_PTR" redefined
In file included from ../Common/SecurityToken.cpp:25:
../Common/SecurityToken.h:20:1: warning: this is the location of the previous definition
../Common/SecurityToken.cpp: In member function ‘TrueCrypt::Pkcs11Exception::operator std::string() const’:
../Common/SecurityToken.cpp:660: error: ‘CKR_NEW_PIN_MODE’ was not declared in this scope
../Common/SecurityToken.cpp:661: error: ‘CKR_NEXT_OTP’ was not declared in this scope
make[1]: *** [../Common/SecurityToken.o] Error 1
make: *** [all] Error 2

Any ideas?

JanuZ said...

Hi Tim,
I didn't install TrueCrypt on Fedora 11 yet, but the error that you are getting is exactly the same error that I mention in the article. If you read past step 5, you will see what I did to circumvent that error.

Cheers

trutap said...

worked for me
Truecrypt 6.3 on Fedora 11
commented out lines at 260 and 261
Created Volumes ok with GUI
But mounting has to be done from terminal because i get the message "Failed to obtain administrator privileges, Sudo: You must have a tty to run sudo"

so i do (from an old thread at http://fedoraforum.org/forum/printthread.php?t=180643 )

/usr/share/truecrypt ~/Documents/container.tc /media/Truecrypt1

and it seems to work ok

Anonymous said...

Just used this guide for installing TrueCrypt 6.3 on Fedora 12. Still works like a charm.

Thx!!!

Anonymous said...

Very nice work. Many thanks for posting this on your blog. Much appreciated and definitely did the trick for my FC10 truecrypt install.