Since systemd offers as one option to use fscrypt and also e4crypt is pretty basic, would be great to have this package. Reproducible: Always
I made a very quick attempt in my wip overlay: https://gitlab.com/Shibotto/shibotto-overlay/-/tree/master/sys-fs/fscrypt I thought it fitted better in sys-fs/ since it's a tool for a filesystem feature, but that's just my idea. The LICENSE field is most likely incomplete (can't get dev-util/golicense to work) and I haven't tested pam_fscrypt.so. For Gentoo developers: the test suite also seem to work, however at least TestLoadSourceDevice requires /dev/loop* (kernel loop module, if not built-in) to pass.
(In reply to Shiba from comment #1) > I made a very quick attempt in my wip overlay: > https://gitlab.com/Shibotto/shibotto-overlay/-/tree/master/sys-fs/fscrypt > I thought it fitted better in sys-fs/ since it's a tool for a filesystem > feature, but that's just my idea. > > The LICENSE field is most likely incomplete (can't get dev-util/golicense to > work) and I haven't tested pam_fscrypt.so. > > For Gentoo developers: the test suite also seem to work, however at least > TestLoadSourceDevice requires /dev/loop* (kernel loop module, if not > built-in) to pass. The Gentoo installation directory for PAM modules appears to be /lib/security, not /usr/lib/security. Consider changing the emake command to: emake DESTDIR="${D}" PREFIX="/usr" install-bin emake DESTDIR="${D}" PREFIX= install-pam Also, I ran into https://github.com/google/fscrypt/issues/130. Arch installs https://aur.archlinux.org/cgit/aur.git/plain/pam_config?h=fscrypt-git as /etc/pam.d/fscrypt and that works to fix it for me.
(In reply to Peter Levine from comment #2) > (In reply to Shiba from comment #1) > > I made a very quick attempt in my wip overlay: > > https://gitlab.com/Shibotto/shibotto-overlay/-/tree/master/sys-fs/fscrypt > > I thought it fitted better in sys-fs/ since it's a tool for a filesystem > > feature, but that's just my idea. > > > > The LICENSE field is most likely incomplete (can't get dev-util/golicense to > > work) and I haven't tested pam_fscrypt.so. > > > > For Gentoo developers: the test suite also seem to work, however at least > > TestLoadSourceDevice requires /dev/loop* (kernel loop module, if not > > built-in) to pass. > > The Gentoo installation directory for PAM modules appears to be > /lib/security, not /usr/lib/security. Consider changing the emake command > to: > > emake DESTDIR="${D}" PREFIX="/usr" install-bin > emake DESTDIR="${D}" PREFIX= install-pam Actually, it is looking for pam_fscrypt.so in /lib64/security. It suffices just to add "multilib" to "inherit" and change the emake command to: emake DESTDIR="${D}" PREFIX="/usr" PAM_MODULE_DIR="/$(get_libdir)/security" install
(In reply to Peter Levine from comment #2) > The Gentoo installation directory for PAM modules appears to be > /lib/security, not /usr/lib/security. > > Also, I ran into https://github.com/google/fscrypt/issues/130. Arch > installs > https://aur.archlinux.org/cgit/aur.git/plain/pam_config?h=fscrypt-git as > /etc/pam.d/fscrypt and that works to fix it for me. Thanks for spotting this. I'm not using the PAM module nor a login protector, so when I saw it compiled I called it a day :^) Both problems should be fixed in -r1
Some feedback, if anyone's interested. I copied the ebuild and tried building fscrypt. Failed, as I didn't have dev-lang/go installed. That should be a build-time dependency. It's not a runtime dependency though. I created a stand-alone encrypted subdirectory of /mnt, much as in the fscrypt documentation, that worked OK. As I wanted to use my pam-login to decrypt my home folder on login, I thought I needed to do all the pam.d changes in the Arch documentation at https://wiki.archlinux.org/index.php/Fscrypt#PAM_module as well as the pam.d/fscrypt file. (Arch seems to have cloned the Gentoo pam.d setup.) It all works OK. Further, I changed my login password using "passwd" in a KDE kterminal window, and after a reboot I could sign in with the new password and everything was correctly decrypted. The reboot was because of problem with KDE. Logging out from KDE leaves loads of files open, so fscrypt can't lock them. This is IMHO a nasty KDE bug. I'll put some more usability comments on my forum thread https://forums.gentoo.org/viewtopic-t-1129287-highlight-.html Hope that's of use.
(In reply to Paul Gover from comment #5) > I copied the ebuild and tried building fscrypt. Failed, as I didn't have > dev-lang/go installed. That should be a build-time dependency. It's not a > runtime dependency though. The inherited go-module ecalss should take care of that (BDEPEND=">=dev-lang/go-1.12"), does it not?
My apologies, go seems to be required. I must have done something else wrong!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=a3bd18b395df6a8e18ee4725b282b965c820cb44 commit a3bd18b395df6a8e18ee4725b282b965c820cb44 Author: Florian Schmaus <flo@geekplace.eu> AuthorDate: 2021-04-17 17:58:05 +0000 Commit: Florian Schmaus <flo@geekplace.eu> CommitDate: 2021-04-17 17:58:05 +0000 sys-fs/fscrypt: initial import Bug: https://bugs.gentoo.org/727038 Signed-off-by: Florian Schmaus <flo@geekplace.eu> sys-fs/fscrypt/Manifest | 45 +++++++++++ ...tionally-avoid-installation-of-Ubuntu-spe.patch | 37 +++++++++ .../files/0001-Remove-TestLoadSourceDevice.patch | 44 +++++++++++ sys-fs/fscrypt/files/fscrypt.pam-config | 3 + sys-fs/fscrypt/fscrypt-0.3.0.ebuild | 92 ++++++++++++++++++++++ sys-fs/fscrypt/metadata.xml | 8 ++ 6 files changed, 229 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad48503f5edbfb90110590e4dace5d3f6e2d159c commit ad48503f5edbfb90110590e4dace5d3f6e2d159c Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2021-06-21 19:07:49 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2021-06-21 19:11:42 +0000 sys-fs/fscrypt: initial import Closes: https://bugs.gentoo.org/727038 Signed-off-by: Florian Schmaus <flow@gentoo.org> sys-fs/fscrypt/Manifest | 45 ++++++++++ ...tionally-avoid-installation-of-Ubuntu-spe.patch | 39 +++++++++ .../files/0001-Remove-TestLoadSourceDevice.patch | 44 ++++++++++ sys-fs/fscrypt/files/fscrypt.pam-config | 3 + sys-fs/fscrypt/fscrypt-0.3.0-r1.ebuild | 98 ++++++++++++++++++++++ sys-fs/fscrypt/metadata.xml | 15 ++++ 6 files changed, 244 insertions(+)
