From c0230a2a16044cdc3e164b71cf70525c5c4362b8 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Oct 25 2012 13:12:18 +0000 Subject: home migration did not work under sudo (#868330) --- diff --git a/ecryptfs-utils-100-sudokeyring.patch b/ecryptfs-utils-100-sudokeyring.patch new file mode 100644 index 0000000..122d9b7 --- /dev/null +++ b/ecryptfs-utils-100-sudokeyring.patch @@ -0,0 +1,21 @@ +diff -up ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring ecryptfs-utils-100/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring 2012-10-25 14:48:55.000000000 +0200 ++++ ecryptfs-utils-100/src/utils/ecryptfs-setup-private 2012-10-25 14:50:08.637929477 +0200 +@@ -427,8 +427,16 @@ if [ "$BOOTSTRAP" = "1" ]; then + else + sig_opt="ecryptfs_sig=$sig" + fi ++ # If we are running under sudo, the session keyring may not link ++ # to root's user keyring, where the auth tok is stored ++ # Need to join root's keyring, otherwise the mount will fail ++ if [ "$(keyctl describe @s | awk '{ print $3; }')" -ne 0 ]; then ++ _KEK_="keyctl session _uid.0" ++ else ++ _KEK_= ++ fi + # Do the mount, and provide some helpful symlinks +- mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount" ++ $_KEK_ mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount" + ln -sf $ECRYPTFS_DIR/$USER/.ecryptfs $MOUNTPOINT/.ecryptfs + ln -sf $ECRYPTFS_DIR/$USER/.$PRIVATE_DIR $MOUNTPOINT/.$PRIVATE_DIR + chown -R $USER:$GROUP $ECRYPTFS_DIR/$USER diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index 767977c..8f897d6 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -5,7 +5,7 @@ Name: ecryptfs-utils Version: 100 -Release: 5%{?dist} +Release: 6%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -61,6 +61,8 @@ Patch19: ecryptfs-utils-87-syslog.patch Patch21: ecryptfs-utils-96-groupcheck.patch Patch22: ecryptfs-utils-99-selinux.patch +# rhbz#868330 +Patch23: ecryptfs-utils-100-sudokeyring.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: keyutils, cryptsetup-luks, util-linux, gettext @@ -116,6 +118,7 @@ the interface supplied by the ecryptfs-utils library. %patch19 -p1 -b .syslog %patch21 -p1 -b .groupcheck %patch22 -p1 -b .selinux +%patch23 -p1 -b .sudokeyring %build export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits" @@ -262,6 +265,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Thu Oct 25 2012 Michal Hlavinka - 100-6 +- home migration did not work under sudo (#868330) + * Mon Oct 22 2012 Michal Hlavinka - 100-5 - set selinux boolean only if not already set (#868298)