#34 said: This bug affects a cryptographic (read: highly sensitive) feature, is 15 months old, a patch was proposed 12 months ago, but it is still of "Undecided" importance and still "Unassigned"? Come on! Are the ecryptfs-utils and systemd packages unmaintained at Ubuntu?
Well, this bug is now over TWO YEARS old, and is still broken in 19.10. Expecting the systemd devs to care is, frankly, naive. I would have expected Canonical to at least do SOMETHING by now, even if it was just to add the keyctl hack to .profile, but that still leaves a ton of problems like non-root users never being unable to unmount their encrypted data - especially when you add in the OTHER systemd bugs that cause it to stay mounted and unencrypted even after logout. The problem here is that Kirkland was the one who was hot for ecryptfs, and he left Canonical a long time ago. While he may technically still be listed as the maintainer of the package, he clearly gives 0 f**ks about it. (He was still on Ubuntu staff when this bug first surfaced, and didn't even care THEN when it was literally (part of) his job, so it's no surprise he still doesn't now). The package needs to be demoted out of the repos, and the default behavior for encrypted /home changed to use something else - anything else, really - if it hasn't been already. In the meantime, the best thing you can do is just warn people not to use it, because at 2 years and counting I wouldn't hold my breath waiting for it to ever get sorted out... TLDR: use the keyctl hack from #26 to get your data back, then get the hell off ecryptfs as fast as possible. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1718658 Title: ecryptfs-mount-private fails to initialize ecryptfs keys Status in ecryptfs-utils package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: ecryptfs-mount-private fails to mount the ecryptfs after the 1st reboot after creating the ecryptfs by ecryptfs-setup-private. After the unsucessful attempt dmesg contains: [ 1265.695388] Could not find key with description: [<correct key ID>] [ 1265.695393] process_request_key_err: No key [ 1265.695394] Could not find valid key in user session keyring for sig specified in mount option: [<correct key ID>] [ 1265.695395] One or more global auth toks could not properly register; rc = [-2] [ 1265.695396] Error parsing options; rc = [-2] Note: The correct key ID has been replaced in the "<correct key ID>". I also accidentally found an workaround - just running ecrytpfs- manager and then the ecryptfs-mount-private (it does not ask for password for the second time and mounts the ecryptfs correctly): host:~$ ecryptfs-manager eCryptfs key management menu ------------------------------- 1. Add passphrase key to keyring 2. Add public key to keyring 3. Generate new public/private keypair 4. Exit Make selection: 4 host:~$ ls Private/ Access-Your-Private-Data.desktop README.txt host:~$ ecryptfs-mount-private host:~$ ls Private/ <ecryptfs content is present> To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1718658/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
