FS#65553 - fscrypt package doesn't install /etc/pam.d/fscrypt

Attached to Project: Community Packages
Opened by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 04:13 GMT
Last edited by freswa (frederik) - Sunday, 10 May 2020, 19:22 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Anatol Pomozov (anatolik)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

The fscrypt package in community (v0.2.6 as of this writing) doesn't install the file /etc/pam.d/fscrypt. This breaks creating login passphrase-protected directories.

This file is already present in the package source as 'pam_config'; it just needs to installed. See the fscrypt-git AUR package which does this correctly.
This task depends upon

Closed by  freswa (frederik)
Sunday, 10 May 2020, 19:22 GMT
Reason for closing:  Fixed
Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:03 GMT
The project documentation at https://github.com/google/fscrypt/blob/2c57ab18375a8d0b4df9c4b6d9f3692d14edfee7/README.md states:

```installs the PAM config file pam_fscrypt/config to /usr/share/pam-configs/fscrypt. This file contains reasonable defaults for the PAM module. To automatically apply these changes, run sudo pam-auth-update and follow the on-screen instructions.```

So I think it is better to use one provided by the project https://github.com/google/fscrypt/blob/master/pam_fscrypt/config than adding own version of the pam config.
Comment by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 05:18 GMT
That's in the "Automatic setup on Ubuntu" section. That config file is something different; it's for the Ubuntu-specific PAM configuration framework. It doesn't apply to Arch Linux. Arch Linux needs a file installed in /etc/pam.d/fscrypt containing:

# Allow fscrypt to check your login passphrase when you create a login protector
auth required pam_unix.so

I can document this in the "Manual setup" section, though I'd need to investigate whether other Linux distros need it or not first.
Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:44 GMT
Thank for the clarification. In this case it worth updating the project docs explicitly stating Ubuntu-specific instructions vs other distos.

I'll look at adding /etc/pam.d/fscrypt
Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:55 GMT
version fscrypt-0.2.6-2 with the PAM config is in [community-testing] repo. Please verify that it works as expected.
Comment by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 06:22 GMT
Yes, it works now. Thanks!
Comment by Rikard Falkeborn (Herk) - Sunday, 10 May 2020, 11:54 GMT
So, this means we can close this now?
Comment by Eric Biggers (Synchronicity) - Sunday, 10 May 2020, 19:07 GMT
Yes, this bug should be closed.

Loading...