Bug#928956: Document removal of ecryptfs-utils from Buster
- To: Paul Gevers <elbrus@debian.org>, 928956@bugs.debian.org
- Cc: Daniel Lange <DLange@debian.org>, Julian Andres Klode <jak@debian.org>, "Laszlo Boszormenyi (GCS)" <gcs@debian.org>
- Subject: Bug#928956: Document removal of ecryptfs-utils from Buster
- From: Osamu Aoki <osamu@debian.org>
- Date: Mon, 1 Jul 2019 23:52:42 +0900
- Message-id: <[🔎] 20190701145242.GB11148@goofy.osamu.debian.net>
- Reply-to: Osamu Aoki <osamu@debian.org>, 928956@bugs.debian.org
- In-reply-to: <c7b9f935-0fa8-46df-e33e-1c5f936ea78c@debian.org>
- References: <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org> <20190514065448.cmxvmrw4hxb7i7mb@pine64> <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org> <2733c02d-17ac-6632-6d67-1dda438a56e5@debian.org> <20190515120052.kxxivzszuljhkxkt@jbr.me.uk> <20190515120052.kxxivzszuljhkxkt@jbr.me.uk> <6377067e-82b4-f414-2369-d0ab8587cec7@debian.org> <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org> <c7b9f935-0fa8-46df-e33e-1c5f936ea78c@debian.org> <9f53e5c8-36be-5418-bb05-24b5bb869527@debian.org>
Hi,
On Sat, Jun 29, 2019 at 10:05:39AM +0200, Paul Gevers wrote:
> Hi all,
>
> On 01-06-2019 22:06, Paul Gevers wrote:
> > On Wed, 15 May 2019 13:00:52 +0100 Justin B Rye
> > <justin.byam.rye@gmail.com> wrote:
> >> Daniel Lange wrote:
> >>>> * reason for removal
> >>>> not essential, but it helps to understand the issue
> >>> #765854
> >>> ecryptfs cannot unmount encrypted home directories due to systemd keeping
> >>> the pam session active even after logout.
> >>> Upstream bug https://github.com/systemd/systemd/issues/8598
> >>> A work around (user unit file) has not been implemented and tested.
...
> > In absence of other text, I am about to push the attached text to the
> > release-notes. I hope this isn't the final text, but at least the draft
> > document now mentions the problem.
>
> Did anybody learn about (documented) migration paths in the mean time?
Unencrypt eCryptfs data and mount the unencrypted filesystem is one way.
But then we don't have encryption.
I can think of migration to dm-crypt/LUKS or encfs/FUSE is an technical
possibility. But that's something beyond this document should
elaborate,
Realistically, I think best recommendation to people who wants to have
encryption is
* save all your data unencrypted (BACKUP!)
* move them to freshly installed Debian on full disk encryption
(RESTORE)
Osamu
Reply to: