Blame ecryptfs-utils-100-sudokeyring.patch
|
|
9471b7 |
diff -up ecryptfs-utils-108/src/utils/ecryptfs-setup-private.sudokeyring ecryptfs-utils-108/src/utils/ecryptfs-setup-private
|
|
|
9471b7 |
--- ecryptfs-utils-108/src/utils/ecryptfs-setup-private.sudokeyring 2015-08-11 14:44:05.213807245 +0200
|
|
|
9471b7 |
+++ ecryptfs-utils-108/src/utils/ecryptfs-setup-private 2015-08-11 14:44:05.231807198 +0200
|
|
|
c0230a |
@@ -427,8 +427,16 @@ if [ "$BOOTSTRAP" = "1" ]; then
|
|
|
c0230a |
else
|
|
|
c0230a |
sig_opt="ecryptfs_sig=$sig"
|
|
|
c0230a |
fi
|
|
|
c0230a |
+ # If we are running under sudo, the session keyring may not link
|
|
|
c0230a |
+ # to root's user keyring, where the auth tok is stored
|
|
|
c0230a |
+ # Need to join root's keyring, otherwise the mount will fail
|
|
|
c0230a |
+ if [ "$(keyctl describe @s | awk '{ print $3; }')" -ne 0 ]; then
|
|
|
c0230a |
+ _KEK_="keyctl session _uid.0"
|
|
|
c0230a |
+ else
|
|
|
c0230a |
+ _KEK_=
|
|
|
c0230a |
+ fi
|
|
|
c0230a |
# Do the mount, and provide some helpful symlinks
|
|
|
c0230a |
- mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
|
|
|
c0230a |
+ $_KEK_ mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
|
|
|
c0230a |
ln -sf $ECRYPTFS_DIR/$USER/.ecryptfs $MOUNTPOINT/.ecryptfs
|
|
|
c0230a |
ln -sf $ECRYPTFS_DIR/$USER/.$PRIVATE_DIR $MOUNTPOINT/.$PRIVATE_DIR
|
|
|
c0230a |
chown -R $USER:$GROUP $ECRYPTFS_DIR/$USER
|