Bug#928956: Document removal of ecryptfs-utils from Buster

To: 928956@bugs.debian.org
Cc: Daniel Lange <DLange@debian.org>, Andrei POPESCU <andreimpopescu@gmail.com>, Julian Andres Klode <jak@debian.org>, "Laszlo Boszormenyi (GCS)" <gcs@debian.org>
Subject: Bug#928956: Document removal of ecryptfs-utils from Buster
From: Paul Gevers <elbrus@debian.org>
Date: Sat, 1 Jun 2019 22:06:42 +0200
Message-id: <[🔎] 6377067e-82b4-f414-2369-d0ab8587cec7@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 928956@bugs.debian.org
In-reply-to: <20190515120052.kxxivzszuljhkxkt@jbr.me.uk>
References: <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org> <20190514065448.cmxvmrw4hxb7i7mb@pine64> <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org> <2733c02d-17ac-6632-6d67-1dda438a56e5@debian.org> <20190515120052.kxxivzszuljhkxkt@jbr.me.uk> <20190515120052.kxxivzszuljhkxkt@jbr.me.uk> <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org>

Control: tags -1 patch

Hi all,

On Wed, 15 May 2019 13:00:52 +0100 Justin B Rye
<justin.byam.rye@gmail.com> wrote:
> Daniel Lange wrote:
> >>   * reason for removal
> >>     not essential, but it helps to understand the issue
> > #765854
> > ecryptfs cannot unmount encrypted home directories due to systemd keeping
> > the pam session active even after logout.
> > Upstream bug https://github.com/systemd/systemd/issues/8598
> > A work around (user unit file) has not been implemented and tested.
> > 
> >>   * what would be the alternative(s) available in buster
> > there is none
> 
> Does Debian really not provide any alternative mechanisms for
> filesystem encryption that users could switch over to?  A quick "apt
> search" suggests that they could try encfs...
> 
> >>   * is there a (documented) migration path
> > there is none
> 
> Sounds as if someone needs to write one, then.
>  
> > People with ecryptfs should not upgrade to Buster or enable and pin sid
> > repositories where ecryptfs-utils, libecryptfs1 and friends are still
> > available and continue to work (including the unmount bug linked above).
> 
> Is the problem a result of changes in ecryptfs-utils, PAM, systemd, or
> what?  Would upgrading systemd etc to Buster but keeping the Stretch
> version of ecryptfs-utils installed be a better or worse option than
> installing the Sid version?

In absence of other text, I am about to push the attached text to the
release-notes. I hope this isn't the final text, but at least the draft
document now mentions the problem.

Paul

diff --git a/en/issues.dbk b/en/issues.dbk
index 39642a85..481df49b 100644
--- a/en/issues.dbk
+++ b/en/issues.dbk
@@ -328,6 +328,15 @@ $ sudo update-initramfs -u
             #662960</ulink>.
           </para>
         </listitem>
+        <listitem>
+          <para>
+            The <systemitem role="package">ecryptfs-utils</systemitem> package
+            is not part of buster due to an unfixed serious bug (<ulink
+            url="&url-bts;765854">#765854</ulink>). At the time of writing this
+            paragraph, there wasn't a clear advice to people with encryptfs,
+            except not upgrading.
+          </para>
+        </listitem>
       </itemizedlist>
     </para>
   </section>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#928956: Document removal of ecryptfs-utils from Buster
  - From: Justin B Rye <justin.byam.rye@gmail.com>
- Bug#928956: Document removal of ecryptfs-utils from Buster
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Processed: Re: Bug#928956: Document removal of ecryptfs-utils from Buster
Next by Date: Bug#928956: Document removal of ecryptfs-utils from Buster
Previous by thread: Bug#929003: marked as done (release-notes: Provide specific instructions to remove obsolete packages)
Next by thread: Processed: Re: Bug#928956: Document removal of ecryptfs-utils from Buster
Index(es):
- Date
- Thread