Control: tags -1 patch Hi all, On Wed, 15 May 2019 13:00:52 +0100 Justin B Rye <justin.byam.rye@gmail.com> wrote: > Daniel Lange wrote: > >> * reason for removal > >> not essential, but it helps to understand the issue > > #765854 > > ecryptfs cannot unmount encrypted home directories due to systemd keeping > > the pam session active even after logout. > > Upstream bug https://github.com/systemd/systemd/issues/8598 > > A work around (user unit file) has not been implemented and tested. > > > >> * what would be the alternative(s) available in buster > > there is none > > Does Debian really not provide any alternative mechanisms for > filesystem encryption that users could switch over to? A quick "apt > search" suggests that they could try encfs... > > >> * is there a (documented) migration path > > there is none > > Sounds as if someone needs to write one, then. > > > People with ecryptfs should not upgrade to Buster or enable and pin sid > > repositories where ecryptfs-utils, libecryptfs1 and friends are still > > available and continue to work (including the unmount bug linked above). > > Is the problem a result of changes in ecryptfs-utils, PAM, systemd, or > what? Would upgrading systemd etc to Buster but keeping the Stretch > version of ecryptfs-utils installed be a better or worse option than > installing the Sid version? In absence of other text, I am about to push the attached text to the release-notes. I hope this isn't the final text, but at least the draft document now mentions the problem. Paul
diff --git a/en/issues.dbk b/en/issues.dbk index 39642a85..481df49b 100644 --- a/en/issues.dbk +++ b/en/issues.dbk @@ -328,6 +328,15 @@ $ sudo update-initramfs -u #662960</ulink>. </para> </listitem> + <listitem> + <para> + The <systemitem role="package">ecryptfs-utils</systemitem> package + is not part of buster due to an unfixed serious bug (<ulink + url="&url-bts;765854">#765854</ulink>). At the time of writing this + paragraph, there wasn't a clear advice to people with encryptfs, + except not upgrading. + </para> + </listitem> </itemizedlist> </para> </section>
Attachment:
signature.asc
Description: OpenPGP digital signature