Veracrypt - No official package - Experimental or Community?

Hi there,

Noticed there is no official package for veracrypt.
Is it better to go with the experimental package filed in “security”, or one of the many community packages (preferably from a known and trusted packager)?

Kind regards. Jbt

1 Like

There is a “gostcrypt” package in the packman repo. I have no experience and make no recommendation about it.

Here, I use LUKS disk encryption, because that is natively supported in linux.

Looks like Veracrypt themselves built an openSUSE 15 package, I haven’t tried it but it looks like a good bet.

https://www.veracrypt.fr/en/Downloads.html

In certain situations like recent exploits discovered that attack hardware based encryption, encryption that stores keys on the disk may be advisable.

TSU

1 Like

cheers, both.

would an .rpm rolled for suse15 work on a recent tumbleweed?

Reading the build requirements (if one was to build from source) from the Veracrypt github source,
I could speculate that there shouldn’t be a problem running the RPM targeting 15 on a TW only because I don’t notice any red flags, but that’s purely guessing.

If the RPM doesn’t work, it also looks pretty easy to compile from source, and if you go down this path, it’s one way to ensure support and use of the encryption installed in your system.

I’m hesitant to fully endorse using an RPM built for 15 to be used on TW for disk encryption generally… and particularly if you intend to implement full disk encryption, you might end up one day unable to boot. Of course, to a certain extent you’d always have that risk to some degree by just implementing full disk encryption so in any case you should have full, regular backups made anyway. If you only intended to encrypt a portion of your disk like your /home, then I’d consider your risk considerably less (because you should be able to boot even without a /home) and have a decent chance of troubleshooting if you were otherwise locked out.

TSU

Do NOT install Leap 15.x packages on TW. The versioning of f.e. deps and libs are way apart. If it works today, it may not tomorrow… which in cases like this leads to huge problems.

1 Like

Hi
Took the liberty to update veracrypt in the Security repository to the latest released version, once accepted, suggested you grab from there.

Update ref: Request 745564: Submit veracrypt - openSUSE Build Service

1 Like

Very nice, Malcolm.
Veracrypt is an important method of encryption, perhaps one of “the” recommended encryption methods for those who don’t trust TPM because of recently discovered flaws.

I took a little time to test the RPM from the Veracrypt website in a TW…
Although I won’t recommend it when Malcolm’s build incorporates a desirable hotfix and targets all current openSUSE versions(except ARM which is pending as of this post), I found no problems at the moment running the package intended for “openSUSE 15” installed on TW…

First,
I found that there is no worry about an unbootable system…
Veracrypt does not support encrypting any Linux system partition.
I therefor ran a little test creating a Veracrypt encrypted volume within a file in my User’s Documents directory, mounted and did stuff in it without a problem.

TSU

1 Like

cheers, all.

I intend it just for mounting containers of data.
veracrypt is valuable for me, as it keeps data portable across OS’es, and easy to backup once dismounted.

thank you, Malcolm.

1 Like

Hi
The update has been accepted into the security repository, enjoy :slight_smile:

1 Like

Hi there,

I had just logged into the suse forums to say I’d spotted it being installed and to offer my thanks.

Kind regards. Jbt

Looks like veracrypt has disappeared again:

https://software.opensuse.org/search?utf8=✓&baseproject=openSUSE%3AFactory&q=veracrypt

Has it disappeared because it ceased to build in response to factory changes?

1 Like

It was never included in factory/Tumbleweed and package still exists (and is built for factory) in the same repository as 2 years ago and the last change is from yesterday.

Hi
You need to get it from the ‘Security’ repository, seems it was fixed earlier today…

Show security / veracrypt - openSUSE Build Service

cheers, both.

has there been a change in the “opensuse search” behaviour with regards to non-factory packages?
i swear i just used to search for the package now (as linked above).

Yes. The attempt to bring openSUSE and SLE closer together has resulted in problems for software search. I think it is being worked on.

1 Like

smashing, makes sense.

@nrickert, it’s still not visible from zypper search though:

RokeJulianLockhart@s1e8h4:~> sudo zypper refresh && zypper search veracrypt
[sudo] password for root: 
Repository 'coolercontrol-coolercontrol' is up to date.                                                                                                                                                                                                                                  
Repository 'coolercontrol-coolercontrol-noarch' is up to date.                                                                                                                                                                                                                           
Repository 'coolercontrol-coolercontrol-source' is up to date.                                                                                                                                                                                                                           
Repository 'Main Repository (NON-OSS)' is up to date.                                                                                                                                                                                                                                    
Repository 'Main Repository (OSS)' is up to date.                                                                                                                                                                                                                                        
Repository 'Main Update Repository' is up to date.                                                                                                                                                                                                                                       
Retrieving repository 'google-chrome' metadata ....................................................................................................................................................................................................................................[done]
Building repository 'google-chrome' cache .........................................................................................................................................................................................................................................[done]
Repository 'openSUSE:Factory' is up to date.                                                                                                                                                                                                                                             
Retrieving repository 'utilities' metadata ........................................................................................................................................................................................................................................[done]
Building repository 'utilities' cache .............................................................................................................................................................................................................................................[done]
Repository 'openSUSE:Tumbleweed' is up to date.                                                                                                                                                                                                                                          
Repository 'openSUSE-20230920-0' is up to date.                                                                                                                                                                                                                                          
Retrieving repository 'Packman' metadata ..........................................................................................................................................................................................................................................[done]
Building repository 'Packman' cache ...............................................................................................................................................................................................................................................[done]
Repository 'Open H.264 Codec (openSUSE Tumbleweed)' is up to date.                                                                                                                                                                                                                       
Repository 'snappy' is up to date.                                                                                                                                                                                                                                                       
Retrieving repository 'vscode' metadata ...........................................................................................................................................................................................................................................[done]
Building repository 'vscode' cache ................................................................................................................................................................................................................................................[done]
All repositories have been refreshed.
Loading repository data...
Reading installed packages...
No matching items found.
RokeJulianLockhart@s1e8h4:~>

Consequently, @malcolmlewis, is

not a trusted source? That’s all that I can conclude from this, yet considering that

is barely a month old, it seems well maintained, and “security” sounds like an official repository.

@rokejulianlockhart Anything not in the distribution is considered untrusted from a generic point of view, it still gets checked with the build tools, but still does not get the official openSUSE stamp of approval and you use at your own risk etc.

There is still an expectation that users on Tumbleweed AND using non standard repositories understand how to fix or debug an issue to report to the maintainers, or better yet, branch, fix and submit (and if necessary upstream the fix).

1 Like

So the Security repository isn’t official, then? Does a random person manage it and just happened to name his repository “Security” first?