Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 359159 - sys-fs/encfs-1.7.2: encrypted filesystem not longer accessible with dev-libs/boost-1.4.2
Summary: sys-fs/encfs-1.7.2: encrypted filesystem not longer accessible with dev-libs/...
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: AMD64 Linux
: Normal critical (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-16 14:52 UTC by Phillip Merensky
Modified: 2012-03-03 19:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Phillip Merensky 2011-03-16 14:52:51 UTC
I found myself locked out of my encrypted encfs when I  upgrade to boost 1.4.2 and removed boost 1.4.1 (yes, I recompiled encfs to fit to the new boost). According to this thread https://bbs.archlinux.org/viewtopic.php?id=92209&p=3 boost-1.4.2 seems to have serialization issues which make the password prompt of encfs fail and keep users locked out of their encrypted partitions although the correct password was entered.

This error could be avoided if encfs-1.7.2 could depend on boost<1.4.2 so that the old boost version will be installed again if a user or --depclean removes 1.4.1. Would this be possible? I would provide a fixed ebuild but as changes only refer to one line I think it might be not necessary.

Thank you in advance.




Reproducible: Always

Steps to Reproduce:
1. Upgrade to boost 1.4.2
2. Remove old boost 1.4.1
3. Recompile encfs
4. Try to access your encrypted partition

Actual Results:  
Get a password failure even if you entered the password correctly

Expected Results:  
Encfs should work with the new boost version when the ebuild does not restrict it.

Workaround is to downgrade to boost 1.4.1 again and to recompile encfs against it. Then, encfs will work as expected again.
Comment 1 Phillip Merensky 2011-03-16 15:08:14 UTC
Even when setting the default boost version to 1.4.1. with eselect prior recompiling encfs the compilation process does use boost 1.4.2. For this reason, I had to remove boost 1.4.2 completely to get encfs compiling against the correct version again. Is this a bug in the ebuild?
Comment 2 Phillip Merensky 2011-03-16 15:32:16 UTC
Portage 2.2.0_alpha27 (default/linux/amd64/10.0/desktop, gcc-4.4.5, glibc-2.11.3-r0, 2.6.36-gentoo-r8 x86_64)
=================================================================
System uname: Linux-2.6.36-gentoo-r8-x86_64-Intel-R-_Core-TM-2_Duo_CPU_P8600_@_2.40GHz-with-gentoo-2.0.1
Timestamp of tree: Wed, 16 Mar 2011 10:45:01 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 2.4 [disabled]
app-shells/bash:     4.1_p9
dev-java/java-config: 2.1.11-r3
dev-lang/python:     2.6.6-r2
dev-util/ccache:     2.4-r9
dev-util/cmake:      2.8.4
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc:     0.7.0
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.5
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.36.1 (sys-kernel/linux-headers)
Repositories: gentoo caspar_local gfxboot_overlay
Installed sets: @system
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /usr/share/openvpn/easy-rsa /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=nocona -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ http://de-mirror.org/distro/gentoo/ ftp://91.121.125.139/gentoo-distfiles/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://mirror.leaseweb.com/gentoo/"
LANG="de_DE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="de en_GB"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/home/portage/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /usr/local/gfxboot_overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="16bit 7zip X a52 aac aalib accessibility acl acpi addressbook aim akonadi alsa amarok amd amd64 aoss apache2 asf autoipd automount autoreplace avahi avantgo bash-completion berkdb binary binfilter bl blender-game bluetooth bootsplash branding bzip2 cairo calendar ccache cdaudio cdda cddb cdparanoia cdr cdrom cgi chm cisco cleartype cli clucene connectionstatus consolekit contactnotes cpudetection cracklib crypt css cups cvs cxx dbcp dbus dga dhcp divx dmi dom4j dri dts dv dvd dvdr eap-sim eap-tls embedded emboss encode esx excel exif fam fastcgi fat fbcon fbcondecor fbsplash ffmpeg firefox firefox3 flac flash flv fontconfig fortran ftp fts3 gcj gd gdbm gdu geldkarte gif gimp gimpprint glib glitz gmedia gnutls gphoto2 gpm gs gtk gvim gzip hash hbci hdaps hfs http ibmacpi ical iconv icq icu image imagemagick imap inifile innodb irc irda jabber java java5 java6 javascript jboss jcs jfs john jpeg jpeg2k jpgraph kcal kde kdm kipi kpathsea kqemu kvm lame laptop lastfm latex latex3 lcms lensfun libcaca libnotify libsamplerate lirc log4j logitech-mouse logrotate logwatch lucene lzma lzo mad mail maildir mcal mdnsresponder-compat mikmod mime mjpeg mmx mmxext mng modplug modules moonlight mozdevelop mozilla moznocompose moznoirc moznomail mozsvg mozxmlterm mp3 mp4 mp4live mpeg mpeg2 mplayer msn msnextras mtp mudflap multilib mysql mysqli ncurses nfs njb nls nptl nptlonly nsplugin nss ntfs ntlm ocaml ofx ogg opengl openmp openssl oscar otr pam pango pcap pcre pda pdf perl phonon php player plotutils png policykit postscript povray ppds pppd pptp print python qemu qt3support qt4 rar rdesktop readline reiser4 reiserfs resolvconf samba scanner sdl secure-delete semantic-desktop sensord session sharedmem smp sms spell sql sqlite sqlite3 sse sse2 sse3 sse4 ssl startup-notification subversion svg sysfs syslog tcpd templates texteffect tga theora threads threadsafe thumbnail tidy tiff tk tokenizer truetype udev unicode usb utempter v4l v4l2 vcd vde vim vim-pager vim-syntax visualization vnc vorbis webkit wifi wma wmp wps x264 x86emu xanim xcb xcomposite xfs xine xinerama xml xorg xrandr xscreensaver xulrunner xv xvid yv12 zip zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="mouse keyboard synaptics evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de en_GB" PHP_TARGETS="php5-3" QEMU_SOFTMMU_TARGETS="x86_64 i386" QEMU_USER_TARGETS="x86_64 i386" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel vesa vga fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 3 Phillip Merensky 2011-03-16 16:29:16 UTC
Even when downgrading boost I did not get access to my data. It seems that encfs somehow updated its meta infrormation in .encfs6.xml  to fit to the new boost version.

This seems to be a serious issue as even downgrading did not lead to the desired effect. Luckily I had a backup in place and could restore my old .encfs6.xml file. It took my hours to find this out, though. 

So for everyone experiencing the same bug/weirdness I will post a diff of the old and the new encfs.xml version so that people without a backup might (I say "might" because my key seems have changed, oo. So you there is a chance that it does not help at all) have a chance to recover. I am using AES encryption by the way. Below you can find the diff output of my two files. 
diff .encfs6.xml .encfs6.xml.boost-1.42 
3,4c3,4
< <boost_serialization signature="serialization::archive" version="6">
< <cfg class_id="0" tracking_level="0" version="20100713">
---
> <boost_serialization signature="serialization::archive" version="7">
> <cfg class_id="0" tracking_level="0" version="20">
17c17
<       <keySize>256</keySize>
---
>       <keySize>192</keySize>
21,22c21,22
<       <externalIVChaining>1</externalIVChaining>
<       <blockMACBytes>8</blockMACBytes>
---
>       <externalIVChaining>0</externalIVChaining>
>       <blockMACBytes>0</blockMACBytes>
25c25
<       <encodedKeySize>52</encodedKeySize>
---
>       <encodedKeySize>44</encodedKeySize>
27c27
< 396vmA9yDQKB5fkR08RKeylwpNfWYbNJDXQoNmhcl7B27pLW+Oxncb4diqfbGRtjYUVegw==
---
> EhyFmEiTcRqbU4yn9pts/fBTyX8TZ1wdxYZXjw3d9CQF4gRqivtV3L/0THQ=
31c31
< Z1QRxpRkEa/pxHuoDduahGhVgB8=
---
> ZBGT6IH2vKE/i1n3Nu+vgFKH+i0=
33,34c33,34
<       <kdfIterations>660572</kdfIterations>
<       <desiredKDFDuration>3000</desiredKDFDuration>
---
>       <kdfIterations>112825</kdfIterations>
>       <desiredKDFDuration>500</desiredKDFDuration>



In the end, I am really asking myself If this normally happens when upgrading. If it does than I only can recommend you to backup your encfs6.xml file regularly and to wish me a productive night as I have to catch up in writing my thesis ;-).
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2011-03-16 17:01:13 UTC
encfs-1.7.4 is the latest version available upstream.
Comment 5 Phillip Merensky 2011-03-18 07:58:51 UTC
Another guess what might have caused my error. I am using kdialogs password dialog to provide in my password for encfs. It looks like after upgrading, encfs can no longer read the encfs partition and tries to build a new one, if this is the fact. So when providing a password I might have been created a new partition without knowing it, as encfs starts with creating a new filesystem when no old one was found right away. I am not sure about this but this might have caused the wrong password errors for me.

In https://bbs.archlinux.org/viewtopic.php?pid=718226#p718226 people mention something similar which also is aligned with my experience as my .encfs6.xml file got garbled, too. 

So again: Be very careful when updating boost and using encfs. If you upgrade do a full backup before.
Comment 6 Phillip Merensky 2011-03-18 08:07:14 UTC
The bugreport can be found here though (http://code.google.com/p/encfs/issues/detail?id=60 ) I am wondering why I was locked out of my filesystem than. 
According to the encfs homepage encfs should be compatible with boost 1.42 since version 1.6.0. 
Something strange happening here... wherefore I strongly discourage upgrading at the moment.
Comment 7 Pacho Ramos gentoo-dev 2012-03-03 19:22:38 UTC
Are you still suffering this issue with 1.7.4?