FS#54670 - [systemd]Systemd breaks eCryptfs
Attached to Project:
Arch Linux
Opened by slack3r (slack3r) - Monday, 03 July 2017, 08:28 GMT
Last edited by Christian Hesse (eworm) - Thursday, 06 July 2017, 07:30 GMT
Opened by slack3r (slack3r) - Monday, 03 July 2017, 08:28 GMT
Last edited by Christian Hesse (eworm) - Thursday, 06 July 2017, 07:30 GMT
|
Details
Description:
Systemd 233-6 breaks usage of ecryptfs-utils. Additional info: * packages version: systemd 233-6 ecryptfs-utils 111-2 Steps to reproduce: - follow https://wiki.archlinux.org/index.php/ECryptfs#With_configuration_files; - try to mount 'secret' directory with 'mount.ecryptfs_private secret'; in dmesg you'll get an error like this or similar: 'Could not find key with description:[...] Could not find valid key in user session keyring for sig specified in mount option'. Solution: - roll-back to 232-8 version. |
This task depends upon
Closed by Christian Hesse (eworm)
Thursday, 06 July 2017, 07:30 GMT
Reason for closing: Fixed
Additional comments about closing: systemd 233.75-2
Thursday, 06 July 2017, 07:30 GMT
Reason for closing: Fixed
Additional comments about closing: systemd 233.75-2
% ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [ed8e04bcbf11a9e2] into the user session keyring
mount: No such file or directory
Version that work: systemd libsystemd systemd-sysvcompat 232-8
Versions that do not work: 233-6 233-7 and 233.75-1
https://github.com/eworm-de/systemd/commit/b1d4ff7708b13623ee84002c89e483bfe1c9532f
Can you rebuild systemd with this patch applied and test again?
https://pkgbuild.com/~eworm/systemd/
(Had to add more changes, commit is https://github.com/eworm-de/systemd/commit/fbef069b2799db1c5ce461e450e7bc3ef3acf069)
Nope, does not work for me:
[2017-07-05 08:47] [ALPM] upgraded libsystemd (232-8 -> 233.75-1.1)
[2017-07-05 08:47] [ALPM] upgraded systemd (232-8 -> 233.75-1.1)
[2017-07-05 08:47] [ALPM] upgraded systemd-sysvcompat (232-8 -> 233.75-1.1)
[2017-07-05 08:47] [ALPM] transaction completed
Reboot.
Then:
$ mount.ecryptfs_private <my_directory>
mount: No such file or directory
$ dmesg | tail
[ 156.756992] Could not find key with description: [*****]
[ 156.756996] process_request_key_err: No key
[ 156.756998] Could not find valid key in user session keyring for sig specified in mount option: [*****]
[ 156.757000] One or more global auth toks could not properly register; rc = [-2]
[ 156.757002] Error parsing options; rc = [-2]
$ keyctl list @u
1 key in keyring:
86706593: --alswrv 1000 1000 user: *********
Wondering why the error messages are about user session keyring but you list the user keyring? ("@u" vs. "@us")
Sorry, my mistake.
Again:
$ ecryptfs-add-passphrase
Passphrase:
Inserted auth tok with sig [676****4f] into the user session keyring
$ mount.ecryptfs_private <my_directory>
mount: No such file or directory
$dmesg | tail
[ 262.267818] Key type trusted registered
[ 262.288751] Key type encrypted registered
[ 262.305998] Could not find key with description: [676****4f]
[ 262.305999] process_request_key_err: No key
[ 262.305999] Could not find valid key in user session keyring for sig specified in mount option: [676****4f]
[ 262.306000] One or more global auth toks could not properly register; rc = [-2]
[ 262.306000] Error parsing options; rc = [-2]
# user default session keyring:
$ keyctl list @us
1 key in keyring:
424010271: --alswrv 1000 65534 keyring: _uid.1000