Ubuntu One Client

sync ~/.ecryptfs to U1

Bug #809549 reported by Barry Warsaw
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu One Client
New
Undecided
Unassigned

Bug Description

So, I lost my encrypted $HOME yesterday because my ~/.ecryptfs/wrapped-passphrase file got deleted and I could not find the slip of paper I'd written my unwrapped passphrase on. I chatted with Dustin about it and he suggested that in the future I upload wrapped-passphrase to keyescrow.net.

It occurred to me that we have a better solution: why not copy the file to your U1 share? Okay, you couldn't do this until your new machine is set up to use U1, and it would have to be opt-in because your wrapped-passphrase is only safe-ish. (It is encrypted with your login passphrase, but some folks might want stronger encryption, e.g. with gpg, before it was copied to U1).

I mentioned this to Dustin on IRC and he actually suggested that for a better experience, it would be good to sync all of ~/.ecryptfs. I'm going to play with this manually, but I think it would be a really good idea to provide this service.

Revision history for this message
John O'Brien (jdobrien) wrote :

I'm not sure why this is a bug. a User can certainly select any directory they want to sync with Ubuntu One.

affects: bindwood → ubuntuone-client
Revision history for this message
John O'Brien (jdobrien) wrote :

I wonder though how would this work with 3 clients with different ~/.encryptfs directories

Revision history for this message
Barry Warsaw (barry) wrote :

Hi John. It's not technically a bug, but a wishlist. Yes, you can set it up to work this way, but I think it might be nice to do this with as little user setup required as possible.

FWIW, I set up fuse and an encfs using the instructions here:

http://ubuntuforums.org/showthread.php?t=148600

My source was ~/Ubuntu One/stuff and my target was ~/stuff. Inside ~/stuff I created a subdir for each machine I wanted to save the ~/.ecryptfs contents of, then just cp'd ~/.ecryptfs/* to ~/stuff/<machine>/

Worked like a charm. Now, using encfs is a bit more paranoid than most people need, but I think you get the basic idea. Create a machine subdir inside U1 and copy the contents to it.

Revision history for this message
Michał Karnicki (karni) wrote : Re: [Bug 809549] [NEW] sync ~/.ecryptfs to U1

Hi Barry,

On Tue, Jul 12, 2011 at 10:31 PM, Barry Warsaw <email address hidden>wrote:

> Public bug reported:
>
> So, I lost my encrypted $HOME yesterday because my ~/.ecryptfs/wrapped-
> passphrase file got deleted

May I ask how this happened?

> and I could not find the slip of paper I'd
> written my unwrapped passphrase on. I chatted with Dustin about it and
> he suggested that in the future I upload wrapped-passphrase to
> keyescrow.net.
>
> It occurred to me that we have a better solution: why not copy the file
> to your U1 share? Okay, you couldn't do this until your new machine is
> set up to use U1, and it would have to be opt-in because your wrapped-
> passphrase is only safe-ish. (It is encrypted with your login
> passphrase, but some folks might want stronger encryption, e.g. with
> gpg, before it was copied to U1).
>
> I mentioned this to Dustin on IRC and he actually suggested that for a
> better experience, it would be good to sync all of ~/.ecryptfs.

I've heard there were issues with syncing files to U1 with long filenames
and users even reported data loss. Have you seen the bug reports about this?

Sincerely,
Michał

Revision history for this message
Roman Yepishev (rye) wrote :

Bug LP:773260 for ecryptfs not dispatching the events and data loss can occur due to this - syncdaemon does not know whether file has finished writing. Also since ecryptfs uses encrypted filenames by default the partial files used to be longer than the max length, this is definitely fixed in Natty.
This is mostly an issue with the first bug, I could not recall any other ecryptfs-related ones.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.