Tails persistence setup - noidcc/tails-group-installer GitHub Wiki
We need to configure persistence in other removable devices than the one Tails has boot of. From documentation:
tails-persistence-setup actually knows how to set up persistence on arbitrary devices, thanks to command-line options. Therefore, brave and advanced users can prepare their store their persistent data wherever they want, but this is not something we will actively support and document beyond the bare minimum (--help and manpage).
Related command line options:
From the man page:
--force
Make some sanity checks non-fatal
--override-liveos-mountpoint
Mountpoint of the Tails system image
--override-boot-device
The UDI of the physical block device where Tails is installerd, e.g. /org/freedesktop/UDisks/devices/sdb
--override-system-partition
The UDI of the partition where Tails is installed, e.g. /org/freedesktop/UDisks/devices/sdb1
--step
Specify once per wizard step to run. Steps are: bootstarp, configure, delete.
From de --help command.
--passphrase
Unsupported. Developers only.
Possible commad to create persistence in other volumes.
tails-persistence-setup --force --override-boot-device /org/freedesktop/UDisks/devices/sdc --override-system-partition /org/freedesktop/UDisks/devices/sdc1 --passphrase [Passphrase] --step bootsrap
Results:
- Launches Setup
- Asks for Passphrase ignoring passphrase passed in command
- Fails with warning: "Failed org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized"
Solution to freedesktop permission fail.
Actually there're 2 tails-persistence-setup in Tails
/usr/bin/tails-persistence-setup
/usr/share/bin/tails-persistence-setup
Second one code is:
#!/bin/sh
set -e
RUN_AS_USER=tails-persistence-setup
xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup $@"
xhost -SI:localuser:"$RUN_AS_USER"
Runing as root /usr/bin/tails-persistence-setup
solves permission problem.
It should be possiblee to give user tails-persistence-setup
permissions on removable devices by editing:
/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
Actually containing:
[Modify internal storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.change-system-internal
ResultAny=yes
[Mount internal storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.filesystem-mount-system-internal
ResultAny=yes
[Unlock encrypted storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.luks-unlock
ResultAny=yes
By adding:
[Modify storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.change
ResultAny=yes
[Modify storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.filesystem-mount
ResultAny=yes
But, no results by now.