Tails persistence setup - noidcc/tails-group-installer GitHub Wiki

We need to configure persistence in other removable devices than the one Tails has boot of. From documentation:

tails-persistence-setup actually knows how to set up persistence on arbitrary devices, thanks to command-line options. Therefore, brave and advanced users can prepare their store their persistent data wherever they want, but this is not something we will actively support and document beyond the bare minimum (--help and manpage).

Related command line options:

From the man page:

--force
Make some sanity checks non-fatal
--override-liveos-mountpoint Mountpoint of the Tails system image
--override-boot-device The UDI of the physical block device where Tails is installerd, e.g. /org/freedesktop/UDisks/devices/sdb
--override-system-partition The UDI of the partition where Tails is installed, e.g. /org/freedesktop/UDisks/devices/sdb1
--step Specify once per wizard step to run. Steps are: bootstarp, configure, delete.

From de --help command.

--passphrase Unsupported. Developers only.

Possible commad to create persistence in other volumes.

tails-persistence-setup --force --override-boot-device /org/freedesktop/UDisks/devices/sdc --override-system-partition /org/freedesktop/UDisks/devices/sdc1 --passphrase [Passphrase] --step bootsrap

Results:

• Launches Setup
• Asks for Passphrase ignoring passphrase passed in command
• Fails with warning: "Failed org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized"

Solution to freedesktop permission fail.

Actually there're 2 tails-persistence-setup in Tails
/usr/bin/tails-persistence-setup /usr/share/bin/tails-persistence-setup
Second one code is:
#!/bin/sh set -e
RUN_AS_USER=tails-persistence-setup
xhost +SI:localuser:"$RUN_AS_USER"
sudo -u "$RUN_AS_USER" /usr/bin/tails-persistence-setup $@"
xhost -SI:localuser:"$RUN_AS_USER"
Runing as root /usr/bin/tails-persistence-setup solves permission problem.
It should be possiblee to give user tails-persistence-setup permissions on removable devices by editing:
/etc/polkit-1/localauthority/10-vendor.d/org.boum.tails.pkla
Actually containing:
[Modify internal storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.change-system-internal
ResultAny=yes

[Mount internal storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.filesystem-mount-system-internal
ResultAny=yes

[Unlock encrypted storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.luks-unlock
ResultAny=yes

By adding:

[Modify storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.change
ResultAny=yes

[Modify storage devices]
Identity=unix-user:tails-persistence-setup
Action=org.freedesktop.udisks.filesystem-mount
ResultAny=yes

But, no results by now.