--- ecryptfs-utils-53.orig/debian/changelog +++ ecryptfs-utils-53/debian/changelog @@ -0,0 +1,321 @@ +ecryptfs-utils (53-1ubuntu8) intrepid; urgency=low + + * debian/rules: change the installed permissions of pam-auth-update + config to r--r--r-- (LP: #260458). + + -- Dustin Kirkland Fri, 22 Aug 2008 18:45:09 +0100 + +ecryptfs-utils (53-1ubuntu7) intrepid; urgency=low + + * debian/00list: added 30-ecryptfs-setup-private_empty-dir-check.dpatch + (LP: #260346). + * debian/30-ecryptfs-setup-private_empty-dir-check.dpatch: Patch checks that + ~/Private and ~/.Private are empty before proceeding. + + -- Dustin Kirkland Fri, 22 Aug 2008 12:16:50 +0100 + +ecryptfs-utils (53-1ubuntu6) intrepid; urgency=low + + * Fixes (LP: #259915). + * debian/control: drop suggests of auth-client-config, add depends on + libpam-runtime. + * debian/ecryptfs-utils.postinst: initial creation, use pam-auth-update, + be sure to 'force' if pam stack was precisely written by + auth-client-config. + * debian/ecryptfs-utils.prerm: remove pam-auth-update config on uninstall + * debian/ecryptfs-utils.pam-auth-update: initial creation of pam-auth-update + configuration. + * debian/ecryptfs.acc: drop auth-client-config profile. + * debian/rules, debian/ecryptfs-utils.install, debian/ecryptfs-utils.dirs: + remove auth-client-config installation, add pam-auth-update. + + -- Dustin Kirkland Fri, 22 Aug 2008 01:22:48 +0100 + +ecryptfs-utils (53-1ubuntu5) intrepid; urgency=low + + * debian/patches/00list: add 25-ecryptfs-setup-private_fix-pw-echo.dpatch + (LP: #259746). + * debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch: comment out + mostly-debugish echo's; conditionally print randomly generated passphrase; + always remind the user to print/record the mount passphrase for data + recovery. + + -- Dustin Kirkland Wed, 20 Aug 2008 23:20:36 +0100 + +ecryptfs-utils (53-1ubuntu4) intrepid; urgency=low + + * debian/patches/00list: add 20-ecryptfs-setup-private-force.dpatch. + * debian/patches/20-ecryptfs-setup-private-force.dpatch: error out if a + pre-existing ecryptfs setup is found, allow for a --force override, + * (LP: #258388). + + -- Dustin Kirkland Fri, 15 Aug 2008 13:54:03 -0500 + +ecryptfs-utils (53-1ubuntu3) intrepid; urgency=low + + * debian/patches/00list: add 15-pam_ecryptfs-auth_fork_exit.dpatch. + * debian/patches/15-pam_ecryptfs-auth_fork_exit.dpatch: fix broken + exit condition causing screensaver unlocking to fail (LP: #255795). + + -- Dustin Kirkland Mon, 11 Aug 2008 13:50:59 -0500 + +ecryptfs-utils (53-1ubuntu2) intrepid; urgency=low + + * debian/control: add build dependency on dpatch. + * debian/rules: add relevant patch bits. + * debian/patches/00list: add 10-pam_ecryptfs-automount.dpatch. + * debian/patches/10-pam_ecryptfs-automount.dpatch: patch pam_ecryptfs to + respect ~/.ecryptfs/auto-mount and ~/.ecryptfs/auto-umount files + (LP: #256154). + + -- Dustin Kirkland Fri, 08 Aug 2008 13:00:53 -0500 + +ecryptfs-utils (53-1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #254714, #251245), remaining changes: + - debian/rules: install ecryptfs auth-client-config profile + - debian/control: Update maintainer, suggest auth-client-config + - debian/ecryptfs.acc: define auth-client-config profile + - debian/ecryptfs-utils.install: install auth-client-config profile + * Dropped changes: + - debian/ecryptfs-utils.dirs: handled by install -D rule + * Additional changes + - debian/ecryptfs.acc: Add to common-password stack, make all pam_ecryptfs + entries optional (LP: #253816). + + -- Dustin Kirkland Mon, 04 Aug 2008 15:58:24 -0500 + +ecryptfs-utils (53-1) unstable; urgency=low + + * Updating to install newly added manpages. + * Removing 01-manpage.dpatch, not required anymore. + * Merging upstream version 53. + + -- Daniel Baumann Sun, 3 Aug 2008 00:11:00 +0200 + +ecryptfs-utils (52-1) unstable; urgency=low + + * Merging upstream version 52. + + -- Daniel Baumann Fri, 1 Aug 2008 03:50:00 +0200 + +ecryptfs-utils (51-1) unstable; urgency=low + + * Merging upstream version 51. + + -- Daniel Baumann Fri, 1 Aug 2008 01:22:00 +0200 + +ecryptfs-utils (50-4ubuntu2) intrepid; urgency=low + + * debian/patches/00list, debian/patches/05-pam_ecryptfs_waitpid.dpatch: + Cherry pick this patch from upstream, which fixes gdm/kdm hangs on logout + (LP: #250988). + + -- Dustin Kirkland Tue, 22 Jul 2008 18:34:59 -0500 + +ecryptfs-utils (50-4ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #249503), remaining changes: + - debian/control: Update maintainer, suggest auth-client-config + - debian/ecryptfs-utils.dirs: add etc/auth-client-config/profile.d + - debian/ecryptfs-utils.install: add ecryptfs auth-client-config profile + - debian/ecryptfs.acc: define auth-client-config profile + - debian/rules: support ecryptfs auth-client-config profile + * Dropped changes: + - debian/libecryptfs0.dirs: moved auth-client-config bit to + debian/ecryptfs-utils.dirs + - debian/libecryptfs.install: moved auth-client-config bit to + debian/ecryptfs-utils.install + + -- Dustin Kirkland Thu, 17 Jul 2008 10:39:51 -0500 + +ecryptfs-utils (50-4) unstable; urgency=medium + + * Adding /usr/lib/libecryptfs.so.0.0 symlink. + * Moving /lib/security/pam_ecryptfs.so and /usr/lib/ecryptfs/*.so from + libecryptfs0 to ecryptfs-utils. + + -- Daniel Baumann Wed, 16 Jul 2008 20:34:00 +0200 + +ecryptfs-utils (50-3ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (LP: #248420), remaining changes: + - debian/libecryptfs0.install: add ecryptfs auth-client-config profile + - debian/rules: support ecryptfs auth-client-config profile + - debian/control: Update maintainer, suggest auth-client-config + - debian/libecryptfs0.dirs: add etc/auth-client-config/profile.d + - debian/ecryptfs.acc: define auth-client-config profile + + -- Dustin Kirkland Mon, 14 Jul 2008 09:48:23 -0500 + +ecryptfs-utils (50-3) unstable; urgency=low + + * Adding missing build-depends to pkg-config (Closes: #490415). + + -- Daniel Baumann Sat, 12 Jul 2008 11:12:00 +0200 + +ecryptfs-utils (50-2) unstable; urgency=low + + * Removing currently unused libgtk2.0-dev from build-depends (Closes:#490233). + * Building ecryptfs-utils with TPM support on all supported Debian + architectures, except s390. + * Installing /sbin/mount.ecryptfs_private with suid root. + + -- Daniel Baumann Thu, 10 Jul 2008 23:48:00 +0200 + +ecryptfs-utils (50-1ubuntu1) intrepid; urgency=low + + * auth-client-config support (LP: #247641) + + debian/ecryptfs.acc: create an auth-client-config profile + + debian/libecryptfs0.install: install the auth-client-config profile + + debian/control: modify maintainer value; add auth-client-config to + Suggests + + debian/libecryptfs0.dirs: create with etc/auth-client-config/profile.d + + -- Dustin Kirkland Fri, 11 Jul 2008 12:00:36 -0500 + +ecryptfs-utils (50-1) unstable; urgency=low + + * Merging upstream version 50. + + -- Daniel Baumann Sun, 29 Jun 2008 22:19:00 +0200 + +ecryptfs-utils (49-1) unstable; urgency=low + + * Merging upstream version 49. + + -- Daniel Baumann Sun, 29 Jun 2008 22:09:00 +0200 + +ecryptfs-utils (48-1) unstable; urgency=medium + + * Updating debhelper shlibs file. + * Updating rules fileto reflect upstreams removal of documentation. + * Merging upstream version 48. + + -- Daniel Baumann Mon, 16 Jun 2008 21:35:00 +0200 + +ecryptfs-utils (47-1) unstable; urgency=low + + * Merging upstream version 47. + + -- Daniel Baumann Mon, 16 Jun 2008 20:39:00 +0200 + +ecryptfs-utils (46-1) unstable; urgency=low + + * Removing superfluous empty line from rules file. + * Removing trailing slash in install debhelper file. + * Merging upstream version 46. + * Updating to standards 3.8.0. + + -- Daniel Baumann Tue, 10 Jun 2008 08:06:00 +0200 + +ecryptfs-utils (45-1) unstable; urgency=low + + * Merging upstream version 45. + + -- Daniel Baumann Fri, 16 May 2008 08:22:00 +0200 + +ecryptfs-utils (44-1) unstable; urgency=low + + * Reordering rules file. + * Updating debhelper shlibs file. + * Rewriting copyright file in machine-interpretable format. + * Adding vcs fields in control file. + * Upgrading package to debhelper 7. + * Merging upstream version 44. + + -- Daniel Baumann Sat, 3 May 2008 12:17:00 +0200 + +ecryptfs-utils (43-1) unstable; urgency=low + + * New upstream release. + * Removing watch file. + + -- Daniel Baumann Wed, 9 Apr 2008 09:54:00 +0200 + +ecryptfs-utils (41-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 1 Apr 2008 11:25:00 +0200 + +ecryptfs-utils (40-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sun, 24 Feb 2008 22:09:00 +0100 + +ecryptfs-utils (38-2) unstable; urgency=low + + * Temporarily only use tpm toolchain on i386 (Closes: #461233). + * Current upstream should build without patches on amd64 (Closes: #445619). + * Added --fail-missing to dh_install call in rules. + * Updated .install files to cover additional files. + + -- Daniel Baumann Thu, 17 Jan 2008 23:47:00 +0100 + +ecryptfs-utils (38-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Sat, 12 Jan 2008 17:14:00 +0100 + +ecryptfs-utils (37-1) unstable; urgency=low + + * New upstream release (Closes: #457316). + * Compling with trousers support now. + * Bumping to new policy. + + -- Daniel Baumann Fri, 21 Dec 2007 14:54:00 +0100 + +ecryptfs-utils (30-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 16 Nov 2007 12:10:00 +0100 + +ecryptfs-utils (27-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Fri, 19 Oct 2007 21:50:00 +0200 + +ecryptfs-utils (26-1) unstable; urgency=low + + * New upstream release. + * Dropped 02-ia64.dpatch; not required anymore. + * Building with --disable-tspi for the time beeing until trousers is + uploaded. + * Downgrading recommends to opencryptoki to a suggests for the time beeing + until opencryptoki is uploaded. + + -- Daniel Baumann Sun, 14 Oct 2007 11:17:00 +0200 + +ecryptfs-utils (24-2) unstable; urgency=low + + * Enforcing libdir (Closes: #445619). + + -- Daniel Baumann Wed, 10 Oct 2007 23:41:00 +0200 + +ecryptfs-utils (24-1) unstable; urgency=low + + * New upstream release. + + -- Daniel Baumann Tue, 9 Oct 2007 12:03:00 +0200 + +ecryptfs-utils (23-1) unstable; urgency=low + + * New upstream release. + * Added libgpgme11-dev to build-depends. + * Rediffed 02-ia64.dpatch. + + -- Daniel Baumann Mon, 27 Aug 2007 16:32:00 +0200 + +ecryptfs-utils (21-1) unstable; urgency=low + + * Initial release (Closes: #401800). + * Added patch from William Lima to fix FTBFS on + ia64. + + -- Daniel Baumann Sun, 12 Aug 2007 15:20:00 +0200 + --- ecryptfs-utils-53.orig/debian/rules +++ ecryptfs-utils-53/debian/rules @@ -0,0 +1,83 @@ +#!/usr/bin/make -f + +include /usr/share/dpatch/dpatch.make + +DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +ifneq ($(DEB_BUILD_ARCH),s390) + TPMFLAGS = --enable-opencryptoki --enable-tspi +endif + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + rm -f config.guess config.sub + + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +config.status: configure patch + dh_testdir + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --libdir=\$${prefix}/lib --mandir=\$${prefix}/share/man --enable-gpg --disable-gui --enable-openssl --enable-pam --enable-pkcs11-helper $(TPMFLAGS) + +build: build-stamp +build-stamp: config.status + dh_testdir + + $(MAKE) + + touch build-stamp + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install + install -m 644 -D $(CURDIR)/debian/ecryptfs-utils.pam-auth-update $(CURDIR)/debian/tmp/usr/share/pam-configs/ecryptfs-utils + + chmod 4755 debian/tmp/sbin/mount.ecryptfs_private + +binary: binary-arch + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_install --fail-missing --sourcedir=debian/tmp + dh_lintian + dh_link + dh_strip + dh_compress + dh_fixperms -Xsbin/mount.ecryptfs_private + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-indep: + +.PHONY: clean build install binary binary-arch binary-indep --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.docs +++ ecryptfs-utils-53/debian/ecryptfs-utils.docs @@ -0,0 +1,3 @@ +AUTHORS +README +THANKS --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.dirs +++ ecryptfs-utils-53/debian/ecryptfs-utils.dirs @@ -0,0 +1 @@ +usr/share/pam-configs --- ecryptfs-utils-53.orig/debian/libecryptfs0.install +++ ecryptfs-utils-53/debian/libecryptfs0.install @@ -0,0 +1 @@ +/usr/lib/*.so.* --- ecryptfs-utils-53.orig/debian/libecryptfs-dev.install +++ ecryptfs-utils-53/debian/libecryptfs-dev.install @@ -0,0 +1,5 @@ +/usr/include/* +/usr/lib/*.a +/usr/lib/*.la +/usr/lib/*.so +/usr/lib/pkgconfig --- ecryptfs-utils-53.orig/debian/libecryptfs0.links +++ ecryptfs-utils-53/debian/libecryptfs0.links @@ -0,0 +1 @@ +/usr/lib/libecryptfs.so.0.0.0 /usr/lib/libecryptfs.so.0.0 --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.install +++ ecryptfs-utils-53/debian/ecryptfs-utils.install @@ -0,0 +1,7 @@ +/lib/security +/sbin +/usr/bin +/usr/lib/ecryptfs +/usr/share/doc +/usr/share/man +/usr/share/pam-configs/ecryptfs-utils --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.prerm +++ ecryptfs-utils-53/debian/ecryptfs-utils.prerm @@ -0,0 +1,9 @@ +#!/bin/sh -e + +if [ "$1" = remove ]; then + pam-auth-update --package --remove ecryptfs-utils +fi + +#DEBHELPER# + +exit 0 --- ecryptfs-utils-53.orig/debian/control +++ ecryptfs-utils-53/debian/control @@ -0,0 +1,51 @@ +Source: ecryptfs-utils +Section: misc +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Daniel Baumann +Build-Depends: debhelper (>= 7), dpatch, autotools-dev, autoconf, automake, libtool, libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libssl-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], pkg-config +Standards-Version: 3.8.0 +Homepage: http://ecryptfs.sourceforge.net/ +Vcs-Browser: http://git.debian.net/?p=ecryptfs-utils.git +Vcs-Git: git://git.debian.net/git/ecryptfs-utils.git + +Package: ecryptfs-utils +Section: misc +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-2ubuntu1) +Suggests: opencryptoki +Description: ecryptfs cryptographic filesystem (utilities) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + It provides advanced key management and policy features. eCryptfs stores + cryptographic metadata in the header of each file written, so that encrypted + files can be copied between hosts; the file will be decryptable with the proper + key, and there is no need to keep track of any additional information aside + from what is already in the encrypted file itself. Think of eCryptfs as a sort + of "gnupgfs". + . + eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs + is part of the Linux kernel since 2.6.19. + . + This package contains the userland utilities. + +Package: libecryptfs0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: ecryptfs cryptographic filesystem (library) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the library. + +Package: libecryptfs-dev +Section: libdevel +Architecture: any +Depends: libecryptfs0 (= ${binary:Version}), libgcrypt11-dev, libgpg-error-dev, libgpgme11-dev, libkeyutils-dev, libopencryptoki-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc], libpam0g-dev, libpkcs11-helper1-dev, libssl-dev, libtspi-dev [alpha amd64 arm armel hppa ia64 i386 m68k mips mipsel powerpc sparc] +Description: ecryptfs cryptographic filesystem (development) + eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem + for Linux. + . + This package contains the development files. --- ecryptfs-utils-53.orig/debian/libecryptfs0.shlibs +++ ecryptfs-utils-53/debian/libecryptfs0.shlibs @@ -0,0 +1 @@ +libecryptfs 0 libecryptfs0 (>= 48) --- ecryptfs-utils-53.orig/debian/compat +++ ecryptfs-utils-53/debian/compat @@ -0,0 +1 @@ +7 --- ecryptfs-utils-53.orig/debian/copyright +++ ecryptfs-utils-53/debian/copyright @@ -0,0 +1,65 @@ +Authors: + Phillip Hellewell + Michael A. Halcrow +Download: http://ecryptfs.sourceforge.net/ + +Files: * +Copyright: 2004-2008 International Business Machines Corp. +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: doc/manpage/ecryptfs-manager.8, doc/manpage/ecryptfsd.8, + doc/manpage/mount.ecryptfs.8): +Copyright: (C) 2008 William Lima +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +Files: debian/* +Copyright: (C) 2007-2008 Daniel Baumann +License: GPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.postinst +++ ecryptfs-utils-53/debian/ecryptfs-utils.postinst @@ -0,0 +1,25 @@ +#!/bin/sh -e + +auth=0c1295085dca124e6ba5a3cea7993c22 +account=9f04221fe44762047894adeb96ffd069 +session=2e9a42f2a3b6573891ff9e6bf0c31c9e +password=4cf59ec48caad2a06ea2e183d8bc007a + +force= +if dpkg --compare-versions "$2" lt-nl 53-1ubuntu6; then + # If we're upgrading from an older ecryptfs-utils, + # and the pam configuration precisely matches that + # which was written by auth-client-config, we can + # safely force the pam-auth-update. + force=--force + for type in auth account session password + do + sum="$(md5sum /etc/pam.d/common-$type 2>/dev/null | awk '{ print $1 }')" + [ "$sum" = "$(eval echo \$$type)" ] || force= + done +fi +pam-auth-update --package $force + +#DEBHELPER# + +exit 0 --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.pam-auth-update +++ ecryptfs-utils-53/debian/ecryptfs-utils.pam-auth-update @@ -0,0 +1,12 @@ +Name: eCryptfs Key/Mount Management +Default: yes +Priority: 0 +Auth-Type: Additional +Auth-Final: + optional pam_ecryptfs.so unwrap +Session-Type: Additional +Session-Final: + optional pam_ecryptfs.so unwrap +Password-Type: Additional +Password-Final: + optional pam_ecryptfs.so --- ecryptfs-utils-53.orig/debian/ecryptfs-utils.lintian-overides +++ ecryptfs-utils-53/debian/ecryptfs-utils.lintian-overides @@ -0,0 +1 @@ +ecryptfs-utils: setuid-binary sbin/mount.ecryptfs_private 4755 root/root --- ecryptfs-utils-53.orig/debian/patches/15-pam_ecryptfs-auth_fork_exit.dpatch +++ ecryptfs-utils-53/debian/patches/15-pam_ecryptfs-auth_fork_exit.dpatch @@ -0,0 +1,19 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 15-pam_ecryptfs-auth_fork_exit.dpatch by Dustin Kirkland +# +# Fix missing exit condition, fixes screensaver unlocking + +@DPATCH@ + +diff -upr ecryptfs-utils-53.orig/src/pam_ecryptfs/pam_ecryptfs.c ecryptfs-utils-53/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils-53.orig/src/pam_ecryptfs/pam_ecryptfs.c 2008-07-21 16:56:18.000000000 -0500 ++++ ecryptfs-utils-53/src/pam_ecryptfs/pam_ecryptfs.c 2008-08-11 13:47:52.677954407 -0500 +@@ -157,7 +157,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h + syslog(LOG_WARNING, "There is already a key in the " + "user session keyring for the given " + "passphrase.\n"); +- rc = 0; ++ goto out_child; + } + if (rc) { + syslog(LOG_ERR, "Error adding passphrase key token to " --- ecryptfs-utils-53.orig/debian/patches/00list +++ ecryptfs-utils-53/debian/patches/00list @@ -0,0 +1,5 @@ +10-pam_ecryptfs-automount.dpatch +15-pam_ecryptfs-auth_fork_exit.dpatch +20-ecryptfs-setup-private-force.dpatch +25-ecryptfs-setup-private_fix-pw-echo.dpatch +30-ecryptfs-setup-private_empty-dir-check.dpatch --- ecryptfs-utils-53.orig/debian/patches/20-ecryptfs-setup-private-force.dpatch +++ ecryptfs-utils-53/debian/patches/20-ecryptfs-setup-private-force.dpatch @@ -0,0 +1,45 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 20-ecryptfs-setup-private-force.dpatch by +# Dustin Kirkland +# +# Protect users from overwriting an existing setup and add a --force option + +@DPATCH@ + +diff -upr ecryptfs-utils-53/src/utils/ecryptfs-setup-private ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2008-07-23 15:00:12.000000000 -0500 ++++ ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private 2008-08-15 13:45:30.259089175 -0500 +@@ -20,6 +20,7 @@ usage() { + echo " --loginpass System passphrase for USER, used to wrap MOUNTPASS" + echo " --mountpass Passphrase for mounting the ecryptfs directory," + echo " defaults to a randomly generated 16 bytes" ++ echo " --force Force overwriting of an existing setup" + echo + echo " Be sure to properly escape your parameters according to your" + echo " shell's special character nuances, and also surround the" +@@ -66,6 +67,10 @@ while [ ! -z "$1" ]; do + MOUNTPASS="$2" + shift 2 + ;; ++ --force) ++ FORCE=1 ++ shift 1 ++ ;; + *) + usage + ;; +@@ -99,6 +104,14 @@ if [ ! -d "$HOME" ]; then + error "User home directory [$HOME] does not exist" + fi + ++# Check for previously setup private directory ++if [ -s "$HOME/.ecryptfs/wrapped-passphrase" -a "$FORCE" != "1" ]; then ++ error "wrapped-passphrase file already exists, use --force to overwrite." ++fi ++if [ -s "$HOME/.ecryptfs/$PRIVATE_DIR.sig" -a "$FORCE" != "1" ]; then ++ error "$PRIVATE_DIR.sig file already exists, use --force to overwrite." ++fi ++ + # Check for active mounts + MOUNTPOINT="$HOME/$PRIVATE_DIR" + CRYPTDIR="$HOME/.$PRIVATE_DIR" --- ecryptfs-utils-53.orig/debian/patches/10-pam_ecryptfs-automount.dpatch +++ ecryptfs-utils-53/debian/patches/10-pam_ecryptfs-automount.dpatch @@ -0,0 +1,73 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 10-pam_ecryptfs-automount.dpatch by Dustin Kirkland +# +# Add support for configurable automatic mounting/unmounting + +@DPATCH@ + +diff --git a/src/pam_ecryptfs/pam_ecryptfs.c b/src/pam_ecryptfs/pam_ecryptfs.c +index 553339e..e9eafa6 100644 +--- a/src/pam_ecryptfs/pam_ecryptfs.c ++++ b/src/pam_ecryptfs/pam_ecryptfs.c +@@ -215,6 +215,10 @@ static int private_dir(pam_handle_t *pamh, int mount) + int rc; + struct passwd *pwd = NULL; + char *sigfile = NULL; ++ char *autofile = NULL; ++ char *a; ++ char *automount = "auto-mount"; ++ char *autoumount = "auto-umount"; + struct stat s; + pid_t pid; + struct utmp *u; +@@ -224,6 +228,17 @@ static int private_dir(pam_handle_t *pamh, int mount) + /* fetch_pwd() logged a message */ + return 1; + } ++ if (mount == 1) { ++ a = automount; ++ } else { ++ a = autoumount; ++ } ++ if ( ++ (asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0) ++ || autofile == NULL) { ++ syslog(LOG_ERR, "Error allocating memory for autofile name"); ++ return 1; ++ } + if ( + (asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir, + PRIVATE_DIR) < 0) || sigfile == NULL) { +@@ -231,7 +246,7 @@ static int private_dir(pam_handle_t *pamh, int mount) + return 1; + } + if (stat(sigfile, &s) != 0) { +- syslog(LOG_ERR, "Error allocating memory for sigfile name"); ++ syslog(LOG_ERR, "Sigfile not found"); + return 1; + } + if (!S_ISREG(s.st_mode)) { +@@ -244,11 +259,23 @@ static int private_dir(pam_handle_t *pamh, int mount) + } + if (pid == 0) { + if (mount == 1) { ++ if (stat(autofile, &s) != 0) { ++ /* User does not want to auto-mount */ ++ syslog(LOG_INFO, ++ "Skipping automatic eCryptfs mount"); ++ return 0; ++ } + /* run mount.ecryptfs_private as the user */ + setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); + execl("/sbin/mount.ecryptfs_private", + "mount.ecryptfs_private", NULL); + } else { ++ if (stat(autofile, &s) != 0) { ++ /* User does not want to auto-unmount */ ++ syslog(LOG_INFO, ++ "Skipping automatic eCryptfs unmount"); ++ return 0; ++ } + /* run umount.ecryptfs_private as the user */ + setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid); + execl("/sbin/umount.ecryptfs_private", --- ecryptfs-utils-53.orig/debian/patches/30-ecryptfs-setup-private_empty-dir-check.dpatch +++ ecryptfs-utils-53/debian/patches/30-ecryptfs-setup-private_empty-dir-check.dpatch @@ -0,0 +1,31 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 30-ecryptfs-setup-private_empty-dir-check.dpatch +# Dustin Kirkland +# +# Check that the mount and data directories are empty before proceeding +# with setup. + +@DPATCH@ + +diff -upr ecryptfs-utils-53/src/utils/ecryptfs-setup-private ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2008-08-22 12:01:30.043671882 +0100 ++++ ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private 2008-08-22 12:10:15.771880356 +0100 +@@ -118,6 +118,18 @@ CRYPTDIR="$HOME/.$PRIVATE_DIR" + grep -qs "$MOUNTPOINT " /proc/mounts && error "[$MOUNTPOINT] is already mounted" + grep -qs "$CRYPTDIR " /proc/mounts && error "[$CRYPTDIR] is already mounted" + ++# Check that the mount point and encrypted directory are empty. ++# Perhaps one day we could provide a migration mode (using rsync or something), ++# but this would be VERY hard to do safely. ++count=`ls -Al "$MOUNTPOINT" 2>/dev/null | grep -v "^total" | grep -v "^l.*mount.ecryptfs_private$" | wc -l` ++if [ "$count" != "0" ]; then ++ error "$MOUNTPOINT must be empty before proceeding" ++fi ++count=`ls -Al "$CRYPTDIR" 2>/dev/null | grep -v "^total" | wc -l` ++if [ "$count" != "0" ]; then ++ error "$CRYPTDIR must be empty before proceeding" ++fi ++ + stty_orig=`stty -g` + # Prompt for the LOGINPASS, if not on the command line and not in the environment + if [ -z "$LOGINPASS" ]; then --- ecryptfs-utils-53.orig/debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch +++ ecryptfs-utils-53/debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch @@ -0,0 +1,57 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +# 25-ecryptfs-setup-private_fix-pw-echo.dpatch +# Dustin Kirkland +# +# Don't echo passphrases to screen + +@DPATCH@ + +diff -upr ecryptfs-utils-53/src/utils/ecryptfs-setup-private ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private +--- ecryptfs-utils-53/src/utils/ecryptfs-setup-private 2008-08-20 23:06:09.220683144 +0100 ++++ ecryptfs-utils-53.new/src/utils/ecryptfs-setup-private 2008-08-20 23:13:45.051913720 +0100 +@@ -155,6 +155,7 @@ if [ -z "$MOUNTPASS" ]; then + # Pull 128 bits of random data from /dev/urandom, and convert + # to a string of 32 hex digits + MOUNTPASS=`head -c 16 /dev/urandom | od -x | head -n 1 |sed "s/^0000000//" | sed "s/\s*//g"` ++ RANDOM_MOUNTPASS=1 + break + else + stty -echo +@@ -171,21 +172,24 @@ if [ -z "$MOUNTPASS" ]; then + done + fi + +-echo +-echo +-echo "Using username [$USER]" +-echo "Using mount passphrase [$MOUNTPASS]" +-echo "Using login passphrase [$LOGINPASS]" +-echo "Using mount point [$MOUNTPOINT]" +-echo "Using encrypted dir [$CRYPTDIR]" +-echo +-echo "This script will attempt to set up your system to mount" +-echo "$MOUNTPOINT with eCryptfs automatically on login," +-echo "using your login passphrase." ++#echo ++#echo "Using username [$USER]" ++#echo "Using mount passphrase [$MOUNTPASS]" ++#echo "Using login passphrase [$LOGINPASS]" ++#echo "Using mount point [$MOUNTPOINT]" ++#echo "Using encrypted dir [$CRYPTDIR]" ++#echo ++#echo "This script will attempt to set up your system to mount" ++#echo "$MOUNTPOINT with eCryptfs automatically on login," ++#echo "using your login passphrase." + echo + echo "************************************************************************" +-echo "YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:" +-echo "$MOUNTPASS" ++if [ "$RANDOM_MOUNTPASS" = "1" ]; then ++ echo "YOU SHOULD RECORD THIS MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:" ++ echo "$MOUNTPASS" ++else ++ echo "YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IN A SAFE LOCATION:" ++fi + echo "THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME." + echo "************************************************************************" + echo