Ubuntu
ecryptfs-utils package

error while creating new file under directory mounted with ecryptfs and openssl key type

Bug #434596 reported by marco.pallotta
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

After mounting a directory with ecryptfs vfstype and selecting openssl key type it seems that I cannot create new files.

Revision history for this message
marco.pallotta (marco-pallotta) wrote :
Revision history for this message
marco.pallotta (marco-pallotta) wrote :
Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Sep 22 13:49:12 marco-desktop mount.ecryptfs: Failed to perform eCryptfs mount: [Invalid argument]
Sep 22 13:49:12 marco-desktop kernel: [19085.258815] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
Sep 22 13:49:12 marco-desktop kernel: [19085.259598] Error parsing options; rc = [-22]
Sep 22 13:49:31 marco-desktop mount.ecryptfs: Error initializing key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so]; rc = [-22]
Sep 22 13:49:35 marco-desktop mount.ecryptfs: Error initializing key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so]; rc = [-22]
Sep 22 13:49:50 marco-desktop kernel: [19123.950464] padlock: VIA PadLock not detected.
Sep 22 13:49:50 marco-desktop modprobe: WARNING: Error inserting padlock_aes (/lib/modules/2.6.24-24-generic/kernel/drivers/crypto/padlock-aes.ko): No such device

Sep 22 13:50:04 marco-desktop kernel: [19137.991400] ecryptfs_send_message: User [1000] does not have a daemon registered
Sep 22 13:50:04 marco-desktop kernel: [19137.991414] pki_encrypt_session_key: Error sending netlink message
Sep 22 13:50:04 marco-desktop kernel: [19137.991421] write_tag_1_packet: Failed to encrypt session key via a pki<4>ecryptfs_generate_key_packet_set: Error writing tag 1 packet
Sep 22 13:50:04 marco-desktop kernel: [19137.991433] ecryptfs_write_headers_virt: Error generating key packet set; rc = [-107]
Sep 22 13:50:04 marco-desktop kernel: [19137.991441] ecryptfs_write_metadata: Error whilst writing headers
Sep 22 13:50:04 marco-desktop kernel: [19137.991449] Error writing headers; rc = [-107]
Sep 22 13:50:04 marco-desktop kernel: [19137.992055] ecryptfs_send_message: User [1000] does not have a daemon registered
Sep 22 13:50:04 marco-desktop kernel: [19137.992063] pki_encrypt_session_key: Error sending netlink message
Sep 22 13:50:04 marco-desktop kernel: [19137.992070] write_tag_1_packet: Failed to encrypt session key via a pki<4>ecryptfs_generate_key_packet_set: Error writing tag 1 packet
Sep 22 13:50:04 marco-desktop kernel: [19137.992081] ecryptfs_write_headers_virt: Error generating key packet set; rc = [-107]
Sep 22 13:50:04 marco-desktop kernel: [19137.992089] ecryptfs_write_metadata: Error whilst writing headers
Sep 22 13:50:04 marco-desktop kernel: [19137.992097] Error writing headers; rc = [-107]

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Thanks for the bug report. We're going to be removing the openssl support from ecryptfs soon.

:-Dustin

Changed in ecryptfs-utils (Ubuntu):
status: New → Won't Fix
importance: Undecided → Wishlist
Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Dustin, txs for your reply. I tested ecryptfs on 9.04 and it seems that ecryptfs, in this distro, only permits passphrase key type (maybe was in Jaunty already removed?).
Isn't it a limitation removing openssl key type (I think it's better than passphrase) ?

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 434596] Re: error while creating new file under directory mounted with ecryptfs and openssl key type

Let me yield to Tyler on this one... He's worked on the SSL module
more than me...

Tyler?

:-Dustin

Changed in ecryptfs-utils (Ubuntu):
status: Won't Fix → Triaged
status: Triaged → Confirmed
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hi Marco - Public key support in eCryptfs requires a userspace daemon (ecryptfsd) to be running to perform the (un)wrapping of file encryption keys through something like OpenSSL. Have you started ecryptfsd? Each user wanting to use a eCryptfs mount point with OpenSSL support enabled must start their own instance of ecryptfsd. This error message indicates to me that the eCryptfs kernel module doesn't know about an ecryptfsd process running for your user:

ecryptfs_send_message: User [1000] does not have a daemon registered

Feel free to stop by irc://irc.oftc.net/#ecryptfs and I think we can quickly straighten this out.

Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Tyler I hadn't started ecryptfsd daemon before, but when I launch it (on Hardy), from non root user, I have:
"ecryptfsd: relocation error: ecryptfsd: symbol exit, version GLIBC_2.0 not defined in file libc.so.6 with link time reference".
Then the system hangs up (other times I have a generic "bus error" and the system hangs up) so I have no way to debug it.

At this point I will try the command on Jaunty to see if it's a bug of the Hardy version.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Oh, Marco, the ecryptfs in Hardy is very, very old. It predates
Ubuntu's active involvement (and maintenance) of the project.

I really don't trust Hardy's ecryptfs at all, sorry...

:-Dustin

Revision history for this message
marco.pallotta (marco-pallotta) wrote :

Dustin, I sayd that I should have tried ecryptfs + openssl on Jaunty but, as I already sayd in comment #5, in that distro there is no openssl key option but only passphrase key type.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Okay, this bug is a duplicate of Bug #741364, which I've just committed a fix to build the openssl modules again.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.