2024-12-12 15:31, Daniel P. Berrangé пишет:
On Thu, Dec 12, 2024 at 11:27:35AM +0000, Richard W.M. Jones wrote:
On Thu, Dec 12, 2024 at 03:10:15PM +0400, Denys Ostapenko wrote:
I found it's surprisingly hard to access VeraCrypt partition inside
VHD file.
I'm not sure what VeraCrypt is, but I don't think we have support for
it in libguestfs, which is going to be a problem. Unless kernel /
cryptsetup knows about it somehow.
VeraCrypt is a TrueCrypt fork (disk-encryption software),
open-source and cross-platform.
On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote:
Is it possible to expose raw partition from libguestfs (and
guestfish) as a mapper device? Like cryptsetup-open <partition>
<mapper>, but without password and decryption at all.
I'm not sure what you mean by this. Do you mean, expose the encrypted
device as a block device on the host? (ie. guestmount)
I have file.vhd and /dev/sda1 partition (VeraCrypt encrypted)
inside. This partition is raw; guestfish can not recognize it,
because without password VeraCrypt partition is indistinguishable
from random. In Windows, out-of-the-box VHD mount tool creates
device like \Device\Harddisk2\Partition1, so I can mount it in
VeraCrypt. I have not found a way to ask guestfish/libguestfs to
expose such raw partition from inside VHD as host block device.
Doesn't doing this work?
$ guestmount [--ro] -a guest.img -m /dev/sda1 /var/tmp/some_mountpoint
It's not a host block device, but near enough. It'll also be quite
slow because it's using FUSE.
If VeraCrypt can be taught how to access an NBD endpoint instead of
needing POSIX APIs, then you could do something with qemu-nbd &
nbdkit, although it's a little clunky because of the nested partition
and because qemu-nbd removed support for the '-P' option.
Can you just combine qemu-nbd with kpartx to setup devmapper
nodes for each partition:
qemu-nbd -c /dev/nbd0 guest.img
kpartx -a /dev/nbd0
will give you /dev/mapper/nbd0p1 which you can then access
with whatever you need for VeraCrypt on a host blockdev
Thank you very much, qemu-nbd works
sudo apt install nbd-client -y
sudo modprobe nbd
sudo qemu-nbd --read-only --connect=/dev/nbd0 /media/disk/file.vhd
sudo kpartx -a /dev/nbd0
sudo mkdir /media/file-vhd
sudo veracrypt -m=nokernelcrypto /dev/nbd0p1 /media/file-vhd
Option -m=nokernelcrypto is required, without it VeraCrypt outputs
Error: device-mapper: reload ioctl on veracrypt1 failed: Device or
resource busy
Looks like there is already VeraCrypt support in cryptsetup,
--type=tcrypt-veracrypt, is there some way to pass this option through
guestfish?
Is it worth to be added in FAQ?
_______________________________________________
Libguestfs mailing list -- guestfs@lists.libguestfs.org
To unsubscribe send an email to guestfs-le...@lists.libguestfs.org
