This site is now 100% read-only, and retired.

How to make *.deb packages from Truecrypt sources

Posted by jaalto on Fri 19 Jan 2007 at 10:40

Update: This article is obsolete. It has been superceded by newer article: Using truecrypt-installer to help install Truecrypt for Debian

Truecrypt(R) is Open Source disk encryption software which uses concept of containers to store encrypted data. If you have several workstations, manual install of Truecrypt is quite tedious, It would be nice to have ready binary packages for the workstations' CPU architectures and manage the installation standard Debian packaging. Here are step by step instructions how to convert sources into such packages.

At the time of writing (2007-01-06) the original site[1] provided only few *.deb binary packages geared towards Ubuntu releases: e.g. *-4.2a-ubuntu-6.10-x86.tar.gz is a double package containing a binary *.deb. Unfortunately no Debian source packages are provided to replicate this process for different CPU architectures or kernels.

The following instructions can be used to convert source into Debian packages. If you want hassle free install of the encryption software, distribute it from your personal Debian archive to your own servers (e.g. by using approx) or if want to store the 3rd party install files for backup purposes, the *.deb files are ideal.

PREPARATIONS FOR THE BUILD PROCESS

1) Install development software

apt-get install build-essential libncurses5-dev devscripts debhelper dpatch bzr

2) install Linux kernel sources

# Like "2.6.18"
KVER=$(uname -r | sed 's/-.*//')
apt-get install linux-source-$KVER linux-kbuild-$KVER

3) Prepare kernel. You don't need to compile anything, but let the configuration utility to generate few files that match your architecture.

cd /usr/src
tar -jxf linux-source-$KVER*.bz2
cd /usr/src/linux-source-$KVER
make menuconfig

... press TAB and select "Exit"
Do you wish to save your new kernel configuration?
... Press TAB and select "Yes" to write ".config" file

DOWNLOADING SOURCES

Visit original software site[1] and under "Linux" pick selection box choice "Other (source code)" and press [download] button. Save archive file e.g. to directory /usr/src and unpack sources:

cd /usr/src
tar -zxf .tar.gz

MAKING DEBIAN PACKAGE(S)

The needed /debian control directory that guides the build process is available from a bzr revision control repository:

cd /usr/src/*4.2a
bzr branch http://bazaar.launchpad.net/~jari-aalto/truecrypt-deb/trunk/ debian

To later download possible corrections to the build process, run following command. The bzr pull command is similar to the update command used in CVS and SVN revision control softwares.

cd /usr/src/*4.2a/debian
bzr pull

4) Build Debian packages for the current kernel. The options "-uc -us" make packages without cryptographic signing and "-i" option tells to ignore revision control directory (see manual page of dpkg-buildpackage(1) for more information).

cd /usr/src/*4.2a
debuild -uc -us -i.bzr

5) Check and install packages that appear in one directory above. To check contents of some *.deb, run it through command dpkg --info.

  • The first dpkg command installs the *.ko Kernel module. This package must be generated and installed for every new kernel.
  • The second install adds configuration file to load truecrypt module on boot.
  • The third installs the /usr/bin/truecrypt command line program.
  • The Last one installs the User Guide.
cd ..  # That's /usr/src/*4.2a
ls *.deb

dpkg -i tc-modules-2.6*.deb
dpkg -i tc-modules-modprobe*.deb
dpkg -i tc-cli*.deb
dpkg -i tc-doc*.deb

UPGRADES

After kernel upgrade, the steps to repeat are:

  • install new kernel, boot to it.
  • Get kernel sources and prepare them (repeat steps 2 and 3)
  • Build new *.deb packages (step 4)
  • Install new *.deb packages for your kernel (step 5)
v

DISCLAIMER

acronym: R = Registered Trademark

Truecrypt is registered trademark of David Tesarik (Czech Republic, Parague); See World Intellectual Property Organization registration number: IRN/925625 http://www.wipo.int/ipdl/en. This page is not sponsored by and has no association with The Truecrypt Foundation which is the legal entity of the Truecrypt disk encryption software.

REFERENCES

[1] http://www.truecrypt.org

[2] Truecrypt 4.2a and Kernel 2.6.18 and 2.6.19 support

 

 


Re: How to make *.deb packages from Truecrypt sources
Posted by Anonymous (67.88.xx.xx) on Fri 19 Jan 2007 at 17:28
Great article! I am going to try this first chance I get. I have been looking for a way to distribute file encryption for some time making the deb package is really the way to do it.

[ Parent ]

Why not cryptsetup?
Posted by Anonymous (72.130.xx.xx) on Sat 20 Jan 2007 at 08:32
Why not just use cryptsetup + LUKS if encrypting a GNU/Linux partition? It's much better integrated, already comes standard, is supported by Etch's installer, can be mounted in Windows, and doesn't have a shady past like TrueCrypt.

[ Parent ]

Re: Why not cryptsetup?
Posted by Anonymous (212.152.xx.xx) on Sat 20 Jan 2007 at 11:17
Because unfortunately, mounting luks-images in windows is not as easy as it sounds. For things you only use within Linux, cryptsetup is a must, no second of doubt on that, all my hdd-partitions are encrypted using cryptsetup+luks (except /boot, of course), but if you want to share between OSses, it's more difficult.

I know, FreeOTFE says it supports them, but I have been trying for days to get it to open my luks-container from my USB-pen, without success. (yes, i'm clever enough to make sure i used the correct password, and it's fat formatted, so shoudn't be a problem, right? Wrong. Also, it seems not to make a difference if you use a looped image-file, or directly encrypt the partition) So, basically, I have given up and now try to get truecrypt working in linux, instead of luks in windows.

[ Parent ]

Re: How to make *.deb packages from Truecrypt sources
Posted by sp200606 (82.234.xx.xx) on Sat 3 Mar 2007 at 20:27
Hi,
Thanks for your instructions.
Unfortunatly, I'm stuck in the process:
debuild -uc -us -i.bzr exit on error code:

"/bin/sh: scripts/mod/modpost: No such file or directory"

I'm not too experienced with Linux, so I don't know what to do. Any idea?

Here is the full dump of that step:

BEGIN ################################################################# #####
debian/rules clean
sed -e "s/_KVER_/2.6.18/g" \
-e "s/_KVERS_/2.6.18-4-686/g"\
-e "s/_TRVER_/4.2a/g"\
debian/control.in > debian/control
cd debian && cp truecrypt-modules.postinst.in truecrypt-modules-2.6.18-4-686.postinst
cd debian && cp truecrypt-modules.postrm.in truecrypt-modules-2.6.18-4-686.postrm
dpatch deapply-all
reverting patch 20_Cli.c--version-and-unofficial-notice from ./ ... ok.
reverting patch 10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2.6.19 from ./ ... ok.
rm -rf patch-stamp patch-stampT debian/patched
dh_testdir
dh_testroot
rm -f build-stamp configure-stamp
rm -f Linux/Cli/*.o Linux/Kernel/*o Linux/Cli/truecrypt
rm -f Linux/Common/*.o Linux/Common/platform Crypto/*.o Crypto/.*.o
rm -f Common/*.o Common/platform
rm -rf /usr/src/truecrypt/truecrypt-4.2a/debian/truecrypt*/
# Add here commands to clean up after the build process.
/usr/bin/make clean
make[1]: Entering directory `/usr/src/truecrypt/truecrypt-4.2a'
make[1]: *** No rule to make target `clean'. Stop.
make[1]: Leaving directory `/usr/src/truecrypt/truecrypt-4.2a'
make: [clean] Error 2 (ignored)
dh_clean
dpkg-source -i.bzr -b truecrypt-4.2a
dpkg-source: building truecrypt in truecrypt_4.2a-1.tar.gz
dpkg-source: building truecrypt in truecrypt_4.2a-1.dsc
debian/rules build
dh_testdir
# Add here commands to configure the package.
touch configure-stamp
if ! dpkg --compare-versions "4.2a" le "4.2a" ; then \
echo "Not a supported truecrypt version. 4.2a > 4.2a" >&2; \
return 4; \
fi
if ! dpkg --compare-versions 2.6.18-4-686 le 2.6.19 ; then \
echo "Not a supported kernel version. 2.6.18-4-686 > 2.6.19" >&2; \
return 4; \
fi
if [ ! -d /usr/src/linux-source-2.6.18 ]; then \
echo "Kernel src not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 1; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/Kbuild ]; then \
echo "Kernel kbuild not found. Please install /usr/src/linux-source-2.6.18" >&2; \
return 2; \
fi
if [ ! -f /usr/src/linux-source-2.6.18/.config ]; then \
echo "Kernel not configured. Run make menuconfig in /usr/src/linux-source-2.6.18" >&2; \
return 3; \
fi
test -d debian/patched || install -d debian/patched
dpatch apply-all
applying patch 10_truecrypt-4.2a-Dm-target.c--kernel-2.6.18-and-2.6.19 to ./ ... ok.
applying patch 20_Cli.c--version-and-unofficial-notice to ./ ... ok.
dpatch cat-all >>patch-stampT
mv -f patch-stampT patch-stamp
dh_testdir
# Add here commands to compile the package.
# /usr/bin/make
#docbook-to-man debian/truecrypt.sgml > truecrypt.1
cd Linux/Kernel && make KERNEL_SRC=/usr/src/linux-source-2.6.18 NO_WARNINGS=1
make[1]: Entering directory `/usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel'
make[2]: Entering directory `/usr/src/linux-source-2.6.18'

WARNING: Symbol version dump /usr/src/linux-source-2.6.18/Module.symvers
is missing; modules will have no dependencies and modversions.

CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aescr ypt.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aeske y.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Aesta b.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_ec b.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_en c.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Bf_sk ey.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_ecb .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_enc .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/C_ske y.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Des.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Des_e nc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Ecb3_ enc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Serpe nt.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Set_k ey.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Crypto/Twofi sh.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Crc.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Crypt o.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Endia n.o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/GfMul .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/../../Common/Tests .o
CC [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/Dm-target.o
LD [M] /usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel/truecrypt.o
Building modules, stage 2.
MODPOST
/bin/sh: scripts/mod/modpost: No such file or directory
make[3]: *** [__modpost] Error 127
make[2]: *** [modules] Error 2
make[2]: Leaving directory `/usr/src/linux-source-2.6.18'
make[1]: *** [truecrypt] Error 2
make[1]: Leaving directory `/usr/src/truecrypt/truecrypt-4.2a/Linux/Kernel'
make: *** [build-stamp] Error 2
END ################################################################# ##########

Thanks again

Stéphane POGGI

[ Parent ]

Re: How to make *.deb packages from Truecrypt sources
Posted by jaalto (81.197.xx.xx) on Wed 7 Mar 2007 at 09:26
The Kernel sources are probably incomplete for compilation. Please recheck all of step (2). Especially the kernel-kbuild-*

-- Jari

[ Parent ]

Re: How to make *.deb packages from Truecrypt sources
Posted by Anonymous (80.132.xx.xx) on Fri 28 Sep 2007 at 12:44
The debian control files are no longer available from

http://cante.net/~jaalto/tmp/debian/truecrypt/debian .

Would be nice if you'd edit the article according to the way described in

https://launchpad.net/truecrypt-installer .

Cya!
Max

[ Parent ]

Re: How to make *.deb packages from Truecrypt sources
Posted by jaalto (91.155.xx.xx) on Mon 29 Sep 2008 at 00:39
The kernels and versions presented here has since changed. See at the top of article, where you can find URL to the latest information.

-- Jari Aalto

[ Parent ]