Blame ecryptfs-utils-100-sudokeyring.patch

c0230a
diff -up ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring ecryptfs-utils-100/src/utils/ecryptfs-setup-private
c0230a
--- ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring	2012-10-25 14:48:55.000000000 +0200
c0230a
+++ ecryptfs-utils-100/src/utils/ecryptfs-setup-private	2012-10-25 14:50:08.637929477 +0200
c0230a
@@ -427,8 +427,16 @@ if [ "$BOOTSTRAP" = "1" ]; then
c0230a
 	else
c0230a
 		sig_opt="ecryptfs_sig=$sig"
c0230a
 	fi
c0230a
+	# If we are running under sudo, the session keyring may not link
c0230a
+	# to root's user keyring, where the auth tok is stored
c0230a
+	# Need to join root's keyring, otherwise the mount will fail
c0230a
+	if [ "$(keyctl describe @s | awk '{ print $3; }')" -ne 0 ]; then
c0230a
+		_KEK_="keyctl session _uid.0"
c0230a
+	else
c0230a
+		_KEK_=
c0230a
+	fi
c0230a
 	# Do the mount, and provide some helpful symlinks
c0230a
-	mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
c0230a
+	$_KEK_ mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
c0230a
 	ln -sf $ECRYPTFS_DIR/$USER/.ecryptfs $MOUNTPOINT/.ecryptfs
c0230a
 	ln -sf $ECRYPTFS_DIR/$USER/.$PRIVATE_DIR $MOUNTPOINT/.$PRIVATE_DIR
c0230a
 	chown -R $USER:$GROUP $ECRYPTFS_DIR/$USER