← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #01329

[Bug 405997] Re: Karmic install renders Jaunty encrypted /home directory unusable

  Thread PreviousDate PreviousThread Next 
This problem occurs because Jaunty eCryptfs stored some configuration
data, and an encrypted copy of the mount passphrase in /var/lib, which
can get wiped on a reinstallation.

I've looked at various ways of automatically moving this data out of
/var, but none are safe enough to force this on all ecryptfs users
through a Jaunty SRU.

Instead, I have meticulously documented the process here:
 * http://blog.dustinkirkland.com/2009/08/moving-your-encrypted-home-meta-data.html

Hopefully this helps...

:-Dustin

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Confirmed => Invalid

** Converted to question:
   https://answers.edge.launchpad.net/ubuntu/+source/ecryptfs-utils/+question/83203

-- 
Karmic install renders Jaunty encrypted /home directory unusable
https://bugs.launchpad.net/bugs/405997
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: Invalid

Bug description:
Binary package hint: ecryptfs-utils

After installation of Karmic Alpha 3 I was unable to access my previous Jaunty encrypted /home directory. This may only affect certain situations, in particular /home on a separate partition or LVM.

Steps followed

mv /home/stefan /home/stefan.upgrade
Installation of Karmic Alpha3
Format all partitions except /home.
Try to access /home/stefan.upgrade

I believe the problem exists as Jaunty included the ecryptfs files (wrapped-passphrase) in /var/lib/ecryptfs/home/$USER
/home/$USER/.ecryptfs was a link to this directory.

On upgrade, I formatted /var rendering my files unreadable.

If as the original jaunty installation had mentioned I recorded my unwrapped passphrase, i could regenerate this data. I suspect that not everyone has done this / understand the implication of encrypting and not recording this passphrase.

In Karmic, this situation is fixed by placing .ecryptfs on /home.

My concern is for those upgrading Jaunty and following similar steps to mine (which I believe is a fairly common way to reinstall (hence a separate /home))

I propose an SRU to Jaunty move /var/lib/ecryptfs/ to /home/.ecryptfs to prevent this happening to potentially many users who upgrade in this fashion.

References

  Thread PreviousDate PreviousThread Next