On Thu, Dec 12, 2024 at 11:27:35AM +0000, Richard W.M. Jones wrote: > On Thu, Dec 12, 2024 at 03:10:15PM +0400, Denys Ostapenko wrote: > > >>I found it's surprisingly hard to access VeraCrypt partition inside > > >>VHD file. > > > > > >I'm not sure what VeraCrypt is, but I don't think we have support for > > >it in libguestfs, which is going to be a problem. Unless kernel / > > >cryptsetup knows about it somehow. > > > > VeraCrypt is a TrueCrypt fork (disk-encryption software), > > open-source and cross-platform. > > > > >On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote: > > >>Is it possible to expose raw partition from libguestfs (and > > >>guestfish) as a mapper device? Like cryptsetup-open <partition> > > >><mapper>, but without password and decryption at all. > > > > > >I'm not sure what you mean by this. Do you mean, expose the encrypted > > >device as a block device on the host? (ie. guestmount) > > > > I have file.vhd and /dev/sda1 partition (VeraCrypt encrypted) > > inside. This partition is raw; guestfish can not recognize it, > > because without password VeraCrypt partition is indistinguishable > > from random. In Windows, out-of-the-box VHD mount tool creates > > device like \Device\Harddisk2\Partition1, so I can mount it in > > VeraCrypt. I have not found a way to ask guestfish/libguestfs to > > expose such raw partition from inside VHD as host block device. > > Doesn't doing this work? > > $ guestmount [--ro] -a guest.img -m /dev/sda1 /var/tmp/some_mountpoint > > It's not a host block device, but near enough. It'll also be quite > slow because it's using FUSE. > > If VeraCrypt can be taught how to access an NBD endpoint instead of > needing POSIX APIs, then you could do something with qemu-nbd & > nbdkit, although it's a little clunky because of the nested partition > and because qemu-nbd removed support for the '-P' option.
Can you just combine qemu-nbd with kpartx to setup devmapper nodes for each partition: qemu-nbd -c /dev/nbd0 guest.img kpartx -a /dev/nbd0 will give you /dev/mapper/nbd0p1 which you can then access with whatever you need for VeraCrypt on a host blockdev With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ Libguestfs mailing list -- guestfs@lists.libguestfs.org To unsubscribe send an email to guestfs-le...@lists.libguestfs.org
