ecryptfs-users team mailing list archive

[Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>]

On Thu Jan 27, 2011 at 07:37:05PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> Hi,
> 
> I'm trying to create an encrypted directory (which will be a
> sub-directory in my home directory) using ecryptfs such that I can
> toggle the directory between the encrypted / non-encrypted states at
> will. Switching to the unencrypted state would require inputting a
> passphrase (no "automount" when logging in). This is on Debian Sid.

I don't have a Debian system handy to test this on, but this isn't a
problem when compiling the current upstream code from source on fedora
14.

> I tried this:
> 
>   % mkdir .crypto-dir
>   % chmod 700 .crypto-dir
>   # aptitude install ecryptfs-utils
>   # modprobe ecryptfs
>   # mount -t ecryptfs .crypto-dir .crypto-dir
>   Passphrase:
> 
> At this point I made up and entered a passphrase, then followed the
> steps, selecting the defaults (with the exceptions of choosing the
> twofish cipher and 32 key bytes). There was this message:
> 
>   WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
>   it looks like you have never mounted with this key
>   before. This could mean that you have typed your
>   passphrase wrong.
>   Would you like to proceed with the mount (yes/no)? : yes
>   Would you like to append sig [****************] to
>   [/root/.ecryptfs/sig-cache.txt]
>   in order to avoid this warning in the future (yes/no)? : yes
>   Successfully appended new sig to user sig cache file
>   Mounted eCryptfs
> 
> Then I cd'd into ~/.crypto-dir (as non-root) and created some
> files there. But when I try to umount, I'm getting this:
> 
>   # umount .crypto-dir
>   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: undefined symbol: ecryptfs_remove_auth_tok_from_keyring
>   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> 
>   # umount ecryptfs .crypto-dir
>   Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s).
>   Proceeding with umount.
>   umount: ecryptfs: not found
>   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: undefined symbol: ecryptfs_remove_auth_tok_from_keyring
>   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: undefined symbol: ecryptfs_remove_auth_tok_from_keyring

What does `ldd /sbin/*mount.ecryptfs` give?

ecryptfs_remove_auth_tok_from_keyring() is in libecryptfs and
umount.ecryptfs should be linked against it. I'm guessing that you
either have an old libecryptfs laying around somewhere
(/usr/local/lib/ ?) or something is wrong with the way that debian is
building umount.ecryptfs.

> 
> What else should I be doing?
> 

If you're just wanting umount to work without warnings/errors,
`umount -i .crypto-dir` will work until we figure this out. That will
bypass the eCryptfs umount helper and will just perform the unmount.

Note that the eCryptfs umount helper is what removes your mount key
from the kernel keyring. So, if you don't want the key to hang around,
you'll need to do something like `keyctl clear @u` after umount with
the -i flag.

Tyler

> TIA for any help,
> 
> John
> 
> -- 
> John Magolske
> http://B79.net/contact
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~ecryptfs-users
> Post to     : ecryptfs-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ecryptfs-users
> More help   : https://help.launchpad.net/ListHelp