#34 said:
This bug affects a cryptographic (read: highly sensitive) feature, is 15 months
old, a patch was proposed 12 months ago, but it is still of "Undecided"
importance and still "Unassigned"? Come on! Are the ecryptfs-utils and systemd
packages unmaintained at Ubuntu?
Well, this bug is now over TWO YEARS old, and is still broken in 19.10.
Expecting the systemd devs to care is, frankly, naive. I would have
expected Canonical to at least do SOMETHING by now, even if it was just
to add the keyctl hack to .profile, but that still leaves a ton of
problems like non-root users never being unable to unmount their
encrypted data - especially when you add in the OTHER systemd bugs that
cause it to stay mounted and unencrypted even after logout.
The problem here is that Kirkland was the one who was hot for ecryptfs,
and he left Canonical a long time ago. While he may technically still be
listed as the maintainer of the package, he clearly gives 0 f**ks about
it. (He was still on Ubuntu staff when this bug first surfaced, and
didn't even care THEN when it was literally (part of) his job, so it's
no surprise he still doesn't now).
The package needs to be demoted out of the repos, and the default
behavior for encrypted /home changed to use something else - anything
else, really - if it hasn't been already. In the meantime, the best
thing you can do is just warn people not to use it, because at 2 years
and counting I wouldn't hold my breath waiting for it to ever get sorted
out...
TLDR: use the keyctl hack from #26 to get your data back, then get the
hell off ecryptfs as fast as possible.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1718658
Title:
ecryptfs-mount-private fails to initialize ecryptfs keys
Status in ecryptfs-utils package in Ubuntu:
Confirmed
Status in systemd package in Ubuntu:
Confirmed
Bug description:
ecryptfs-mount-private fails to mount the ecryptfs after the 1st
reboot after creating the ecryptfs by ecryptfs-setup-private.
After the unsucessful attempt dmesg contains:
[ 1265.695388] Could not find key with description: []
[ 1265.695393] process_request_key_err: No key
[ 1265.695394] Could not find valid key in user session keyring for sig
specified in mount option: []
[ 1265.695395] One or more global auth toks could not properly register; rc =
[-2]
[ 1265.695396] Error parsing options; rc = [-2]
Note: The correct key ID has been replaced in the "".
I also accidentally found an workaround - just running ecrytpfs-
manager and then the ecryptfs-mount-private (it does not ask for
password for the second time and mounts the ecryptfs correctly):
host:~$ ecryptfs-manager
eCryptfs key management menu
---
1. Add passphrase key to keyring
2. Add public key to keyring
3. Generate new public/private keypair
4. Exit
Make selection: 4
host:~$ ls Private/
Access-Your-Private-Data.desktop README.txt
host:~$ ecryptfs-mount-private
host:~$ ls Private/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1718658/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
