Monday, 6 July 2009

Truecrypt 6.2 install guide for Fedora 11

For Truecrypt 6.2, nothing much has changed from the Truecrypt 6.1 install process except for the line numbers that need to be modified to make the source compile correctly.

1. Download the TrueCrypt 6.2 source tarball from www.truecrypt.org
2. Untar the source
tar xvf TrueCrypt\ 6.2a\ Source.tar.gz
3. Install required libraries
sudo yum install nss-pkcs11-devel fuse-devel wxGTK wxGTK-devel
You might also need the following packages if you haven't installed them already.
sudo yum install gnome-keyring-devel gcc-c++
4. Export the Cryptoki include folder
export PKCS11_INC=/usr/include/gp11
5. Run make
make
You may get the following error messages:
../Common/SecurityToken.cpp:660: error: ‘CKR_NEW_PIN_MODE’ was not declared in this scope
../Common/SecurityToken.cpp:661: error: ‘CKR_NEXT_OTP’ was not declared in this scope

5.1 Open Common/SecurityToken.cpp in your favourite editor.
5.2 Scroll to line 660
5.3 Comment out line 660 and 661. It should look like this:
//TC_TOKEN_ERR (CKR_NEW_PIN_MODE)
//TC_TOKEN_ERR (CKR_NEXT_OTP)

5.4 Save and exit
5.5 Run make again
[Some people may not like to fiddle with code like this. But these two lines are only used to generate error messages. At the very worst, you will end up getting a generic error message instead of a more focussed one. ]
6. TrueCrypt is now compiled. You can find the executable inside the folder titled 'Main'. You might want to make it available from your bin directory for easy access.
sudo cp Main/truecrypt /usr/share/bin

All done!

32 comments:

Anonymous said...

Thanks man - works good.

Anonymous said...

I can mount a file, type in the admin password, but then I get the message "Bad file descriptor". Any idea where this might be coming from? I even created a new TrueCrypt file, which worked fine, but I couldn't open it...same error message. Thanks for the help.

Anonymous said...

Thanks for the helpful post -- you saved me hours of work.

Anonymous said...

BRILLIANT! Generous people like you are what make Linux possible for newbies like me -- THANK YOU.

One small suggestion - the last instruction you suggest is:
sudo cp Main/truecrypt /usr/share/bin

for Fedora 11 this might be better:
sudo cp Main/truecrypt /usr/local/bin

JanuZ said...

Thanks for the comments. I was moving houses so couldn't get online for a while to answer any questions. Sorry about that.

@Anonymous with Bad file descriptor error.
I am not sure what's causing this TBH. When you created the TrueCrypt container, which file system did you use to format it ? I think this problem is caused by you not having the right fuse drivers for the file system you created. Can't say more without knowing more about your setup. Sorry.

Anonymous said...

Preface: I've developed s/w on both Windows and Linux for about 10 year now.

However.

This is a contributing factor on why Linux will never catch up to ms: on ms (XP), I dl Truecrypt, install it, and run it - simple and clean, no caffeine; on Linux (Fedora 11), I follow these instructions and get a boatload of SecurityToken.h problems. I have to search to find the trouble source: a site mentions I have to: "Download RSA Security Inc. PKCS #11 Cryptographic Token Interface files" (aka, header files). Fantastic. Btw, on Ubuntu, with an additional source list entry, installation was successful.

I've been a supporter of Linux for quite a while now but this type of scenario is all too common: either the documentation (seemingly course par for open source s/w) is woefully lacking (read: we'll publish a book to make some coin) or the install requires jumping thru hoops 1, 2, 3 and possibly 4 (and maybe 5 if you're unfortunate).

As much as the open source world of operating systems clouts, so too often do they cloud they're own path of adoption.

internetbummer said...

@anonymous S/W developer:

Stop whining and help fix it.

JanuZ said...

When I first became interested in Linux a few years ago, it took at least a couple of days to install and correctly configure everything to just get a working desktop. Now I just pop the DVD in and in less than half an hour, I have a fully working desktop. No manual intervention required. Now that's progress!

As a programmer, I can understand the philosophy behind Linux. It's a very elegant and simple system if you care enough to look at it objectively. Sure, the usability is less than perfect. But should we really care? Linux does what it's supposed to do very well- that is being a rock solid, efficient and secure OS. So what if I have to edit a couple of config files to get a software working ? I for one welcome the challenge. Life is so boring without a challenge. :)

But to be realistic, yes - the majority of users are not techies AND they have been brain washed in to the Windows way. It would be great if Linux can become a viable alternative for them. BUT should that be the ultimate goal that the Linux community should aim for ? Absolutely not !!

Anonymous said...

Hi, just installed on fedora 11 with only kde (4.3) do you think that may I have problems?

I know that truecrypt it's based on gnome system, is this true?

Thank you.

JanuZ said...

TrueCrypt uses the wxGTK library which provides cross-platform UI widgets. As far as I know, it doesn't depend on Gnome. This FAQ seems to confirm that: http://www.wxwidgets.org/docs/faqgtk.htm

That being said, the only way to find out for sure is to try to install it. :) Please post back here with your findings.

Anonymous said...

ok, infact installed on F11 with only kde (4.3) and all (at the moment) works like a charm.

:)

Anonymous said...

I've just installed on Fedora 11 64bit and it worked as described. Thanks for the guide.

Kyle Gonzales said...
This comment has been removed by the author.
Kyle Gonzales said...

Thank you for these instructions! Using these, I got TrueCrypt working under RHEL5, with a few modifications I outlined here:

Got Truecrypt working for RHEL5

JanuZ said...

Thanks a lot for sharing Kyle :)

harrier6 said...

Thanks for posting the fix!
Installed accordingly on Fedora 11
2.6.30.5-43.fc11.x86_64 #1 SMP Thu Aug 27 21:39:52 EDT 2009 x86_64

sudo cp Main/truecrypt /usr/share/bin
changed to:
sudo cp Main/truecrypt /usr/share

Anonymous said...

Sadly, I can't compile it. I'm getting the following errors:

Warning: No config found to match: /usr/local/bin/wx-config --unicode --cxxflags
in /usr/local/lib/wx/config


and then later, many errors such as

Compiling Application.cpp
System.h:69:25: warning: wx/stdpaths.h: No such file or directory


Now, I looked for stdpaths.h and found it in several places

$ locate stdpaths.h
/usr/include/wx-2.8/wx/stdpaths.h
/usr/include/wx-2.8/wx/unix/stdpaths.h
/usr/local/include/wx-2.8/wx/stdpaths.h
/usr/local/include/wx-2.8/wx/unix/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/mac/corefoundation/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/msw/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/os2/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/palmos/stdpaths.h
/usr/src/wxWidgets-2.8.10/include/wx/unix/stdpaths.h

but, not being an expert, it's not at all obvious how I'm supposed to pick the "right" one to use.

JanuZ said...

Hi,

Try Step 3 from here:http://penguinenclave.blogspot.com/2008/05/installing-truecrypt-in-fedora-9.html

Anonymous said...

Just installed TC 6.2a on F10 (I know this is for F11, but thought it would be helpful) and had a fistful of error messages with the following lines at the beginning:
"Compiling Keyfile.cpp
In file included from Keyfile.cpp:10:
/home/.../truecrypt/Common/SecurityToken.h:43:21: warning: pkcs11.h: No such file or directory"

After a searching my computer, I discoverd that I didn't have pkcs11.h. So, I downloaded pkcs11.h, pkcs11f.h, and pkcs11t.h from:
http://www.rsa.com/RSALABS/node.asp?id=2133
Ran 'Make' and all the errors disappeard and ended up with a working TC app.

Hope this helps someone else.

JanuZ said...

If you install the nss-pkcs11-devel package, the required files will get copied over. Although I am not sure whether that package is available on F10 repos.

Anonymous said...

Thanks for the great installation guide

Francis Pereira said...

Why bother compiling true crypt when there is realcrypt in the rpmfusion-nonfree-updates repo ?

Reacrypt : Based on TrueCrypt, freely available at http://www.truecrypt.org/. Realcrypt is mainly just a rebrand to allow for modifications to take place, functionality remains all the same.


Add the repo and "yum install realcrypt"

Anonymous said...

Just installed on Fedora 12 64-bit. works perfectly! Thanks man, you just saved my day!

Anonymous said...

Works on Fedora 12 (32 Bit). Thanks for the great tutorial!

Anonymous said...

Works on Fedora 12 x64, Thanks a ton!!

Anonymous said...

To Pereira's post above:

What's if RealCrypt is simply a rebrand of TrueCrypt to allow modifications, what is the problem with TrueCrypt? Why not just request a change to TrueCrypt itself?

Anything else just seems like someone wants to make somewhat dubious changes that might not be for the best in a crypto program. I mean, if they can't get their change past the TrueCrypt development team, is it really something that's needed?

Anonymous said...

Really helpful post - works fine for Fedora 12 too.

Nice work :o)

Anonymous said...

This guide works for me. I've installed thruecrypt on Fedora 12. Thanks.

Jan said...

Trying to install on fedora 12, got to "make" with following problem: "# make
make: *** No targets specified and no makefile found. Stop."

Can you help, pls?

JanuZ said...

Hello Jan,

Looks like you are trying to run make from outside the Truecrypt source folder. Make sure you cd in to the folder created by the tar command before you run make.

For example, for Truecrypt 6.2 mentioned in the article, you will need to do:

cd TrueCrypt\ 6.2a\ Source && make

nitram147 said...

i have the same problem with "bad file descriptor" i try and sucessfull try it open with this command :
sudo truecrypt
and near creating a file system i select Ext2 and only in linux , and mounting was sucessfully :) sorry for my english i'm slovak

Kevin said...

The "Bad File Descriptor" seems to only be when there is no Internet connection. Any ideas how to resolve this?