Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#65553 - fscrypt package doesn't install /etc/pam.d/fscrypt

Attached to Project: Community Packages
Opened by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 04:13 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 19 February 2020, 04:24 GMT
Task Type Bug Report
Category Packages
Status Assigned
Assigned To Anatol Pomozov (anatolik)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

The fscrypt package in community (v0.2.6 as of this writing) doesn't install the file /etc/pam.d/fscrypt. This breaks creating login passphrase-protected directories.

This file is already present in the package source as 'pam_config'; it just needs to installed. See the fscrypt-git AUR package which does this correctly.
This task depends upon

Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:03 GMT
The project documentation at https://github.com/google/fscrypt/blob/2c57ab18375a8d0b4df9c4b6d9f3692d14edfee7/README.md states:

```installs the PAM config file pam_fscrypt/config to /usr/share/pam-configs/fscrypt. This file contains reasonable defaults for the PAM module. To automatically apply these changes, run sudo pam-auth-update and follow the on-screen instructions.```

So I think it is better to use one provided by the project https://github.com/google/fscrypt/blob/master/pam_fscrypt/config than adding own version of the pam config.
Comment by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 05:18 GMT
That's in the "Automatic setup on Ubuntu" section. That config file is something different; it's for the Ubuntu-specific PAM configuration framework. It doesn't apply to Arch Linux. Arch Linux needs a file installed in /etc/pam.d/fscrypt containing:

# Allow fscrypt to check your login passphrase when you create a login protector
auth required pam_unix.so

I can document this in the "Manual setup" section, though I'd need to investigate whether other Linux distros need it or not first.
Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:44 GMT
Thank for the clarification. In this case it worth updating the project docs explicitly stating Ubuntu-specific instructions vs other distos.

I'll look at adding /etc/pam.d/fscrypt
Comment by Anatol Pomozov (anatolik) - Wednesday, 19 February 2020, 05:55 GMT
version fscrypt-0.2.6-2 with the PAM config is in [community-testing] repo. Please verify that it works as expected.
Comment by Eric Biggers (Synchronicity) - Wednesday, 19 February 2020, 06:22 GMT
Yes, it works now. Thanks!

Loading...