On Thu, Dec 12, 2024 at 11:31:43AM +0000, Daniel P. Berrangé wrote: > On Thu, Dec 12, 2024 at 11:27:35AM +0000, Richard W.M. Jones wrote: > > On Thu, Dec 12, 2024 at 03:10:15PM +0400, Denys Ostapenko wrote: > > > >>I found it's surprisingly hard to access VeraCrypt partition inside > > > >>VHD file. > > > > > > > >I'm not sure what VeraCrypt is, but I don't think we have support for > > > >it in libguestfs, which is going to be a problem. Unless kernel / > > > >cryptsetup knows about it somehow. > > > > > > VeraCrypt is a TrueCrypt fork (disk-encryption software), > > > open-source and cross-platform. > > > > > > >On Thu, Dec 12, 2024 at 02:45:48AM +0400, Denys Ostapenko wrote: > > > >>Is it possible to expose raw partition from libguestfs (and > > > >>guestfish) as a mapper device? Like cryptsetup-open <partition> > > > >><mapper>, but without password and decryption at all. > > > > > > > >I'm not sure what you mean by this. Do you mean, expose the encrypted > > > >device as a block device on the host? (ie. guestmount) > > > > > > I have file.vhd and /dev/sda1 partition (VeraCrypt encrypted) > > > inside. This partition is raw; guestfish can not recognize it, > > > because without password VeraCrypt partition is indistinguishable > > > from random. In Windows, out-of-the-box VHD mount tool creates > > > device like \Device\Harddisk2\Partition1, so I can mount it in > > > VeraCrypt. I have not found a way to ask guestfish/libguestfs to > > > expose such raw partition from inside VHD as host block device. > > > > Doesn't doing this work? > > > > $ guestmount [--ro] -a guest.img -m /dev/sda1 /var/tmp/some_mountpoint > > > > It's not a host block device, but near enough. It'll also be quite > > slow because it's using FUSE. > > > > If VeraCrypt can be taught how to access an NBD endpoint instead of > > needing POSIX APIs, then you could do something with qemu-nbd & > > nbdkit, although it's a little clunky because of the nested partition > > and because qemu-nbd removed support for the '-P' option. > > Can you just combine qemu-nbd with kpartx to setup devmapper > nodes for each partition: > > qemu-nbd -c /dev/nbd0 guest.img > kpartx -a /dev/nbd0 > > will give you /dev/mapper/nbd0p1 which you can then access > with whatever you need for VeraCrypt on a host blockdev
I suspected that Denys wanted to do all this as non-root, but that certainly works for root. For non-root you can put nbdkit-partition-filter in front of nbdkit-nbd-plugin in front of qemu-nbd, but it's all starting to get very clunky at that point (plus you still have to teach VeraCrypt to use NBD). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html _______________________________________________ Libguestfs mailing list -- guestfs@lists.libguestfs.org To unsubscribe send an email to guestfs-le...@lists.libguestfs.org
