Launchpad has imported 16 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=785036.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-01-27T03:10:09+00:00 Ling wrote: ecryptfs doesn't provide blowfish as one of the cipher options. Rebooting into an old kernel (e.g., 3.1.9) solves the problem. Does this mean the blowfish encryption module is removed from the kernel 3.2.1? Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/0 ------------------------------------------------------------------------ On 2012-01-27T16:58:31+00:00 Josh wrote: There are now two kinds of blowfish drivers in the 3.2 kernel. blowfish_generic is the previously existing one renamed, and there is an assembly version for x86_64 as well. Can you paste the errors you are seeing, and the dmesg of your working mount from the previous kernel? Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/1 ------------------------------------------------------------------------ On 2012-01-27T17:14:48+00:00 Ling wrote: Here's what I did/saw with the 3.2 kernel: # ecryptfs-add-passphrase --fnek Passphrase: Inserted auth tok with sig [4c0c36bbcda400d6] into the user session keyring Inserted auth tok with sig [d697d8aafc7fde3d] into the user session keyring # mount encrypted encrypted -t ecryptfs Select key type to use for newly created files: 1) passphrase 2) openssl 3) tspi 4) pkcs11-helper Selection: 1 Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded) 2) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded) 3) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 4) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded) There's no "blowfish" option. Passing "-o ecryptfs_cipher=blowfish" in the mount command leads to some bad option error. With kernel 3.1.9, the only dmesg of mounting the ecryptfs is this line: [23314.085489] SELinux: initialized (dev ecryptfs, type ecryptfs), uses genfs_contexts There are no new messages in /var/log/messages from the mounting. Thanks. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/2 ------------------------------------------------------------------------ On 2012-01-27T20:06:28+00:00 Josh wrote: If you run 'sudo modprobe blowfish' before you mount the filesystem, the blowfish option will be presented. I'll look at why this isn't done automatically as with previous kernels. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/3 ------------------------------------------------------------------------ On 2012-01-27T20:16:47+00:00 Ling wrote: You are right. It shows up. (I remember I did that once but somehow it didn't find blowfish; I must have used a wrong cmd.) Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/4 ------------------------------------------------------------------------ On 2012-01-27T20:49:02+00:00 Josh wrote: This seems to be a bug in ecryptfs-utils. During init, ecryptfs-utils will look at /proc/crypto to gather the already loaded ciphers. Some of the aes modules are built into the kernel, so those are already picked up from there, however the blowfish cipher isn't built in or auto-loaded by anything in either kernel version. It's next form of cipher discovery has a map of ciphers and kernel module names in src/libecryptfs/cipher_list.c that contains (among others): {"blowfish", "blowfish.ko", 16, 16, 56, 2, 1}, and during init it will loop over this map and look for modules in /lib/modules/`uname -r`/kernel/crypto and see if those .ko files exist. If they do, it presents the cipher name as available. If the .ko doesn't exist in that directory, it doesn't present that cipher as an option. With the 3.1.x series of kernels, blowfish.ko is present so it's available. With the renames/additions mentioned in comment #1, that specific .ko name isn't present so the cipher isn't available. Ideally, ecryptfs would be looking at modaliases instead of actual file names, because the 3.2 (and future) kernels still maintain the 'blowfish' modalias on blowfish_generic.ko. The newly added optimized blowfish-x86_64.ko has the same alias as well. That whole list of module names seems fairly stale at this point and should probably either be updated or removed. I'm reassigning this to ecryptfs-utils for now. The workaround is to modprobe the cipher you want if it isn't already listed before trying to mount an ecryptfs filesystem. Until ecryptfs-utils is updated, any system with a 3.2 or newer kernel will have this issue, so that will shortly include all 3 Fedora releases. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/5 ------------------------------------------------------------------------ On 2012-02-09T17:09:25+00:00 Michal wrote: I've checked /lib/modules/`uname -r`/modules.alias and it seems it's not usable. It contains only modules with aliases like "alias blowfish blowfish_generic" but modules with no aliases are not there, so we still have to check them somehow. So, in the end, I've just added missing blowfish and twofish module names. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/7 ------------------------------------------------------------------------ On 2012-02-14T13:10:02+00:00 Fedora wrote: ecryptfs-utils-95-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/ecryptfs-utils-95-2.fc15 Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/8 ------------------------------------------------------------------------ On 2012-02-14T13:10:15+00:00 Fedora wrote: ecryptfs-utils-95-2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/ecryptfs-utils-95-2.fc16 Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/9 ------------------------------------------------------------------------ On 2012-02-15T11:30:31+00:00 Fedora wrote: Package ecryptfs-utils-95-2.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing ecryptfs-utils-95-2.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-1674/ecryptfs-utils-95-2.fc16 then log in and leave karma (feedback). Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/10 ------------------------------------------------------------------------ On 2012-02-21T11:20:22+00:00 Fedora wrote: ecryptfs-utils-96-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/ecryptfs-utils-96-1.fc16 Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/11 ------------------------------------------------------------------------ On 2012-02-21T11:20:32+00:00 Fedora wrote: ecryptfs-utils-96-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/ecryptfs-utils-96-1.fc15 Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/12 ------------------------------------------------------------------------ On 2012-02-21T11:20:41+00:00 Fedora wrote: ecryptfs-utils-96-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/ecryptfs-utils-96-1.fc17 Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/13 ------------------------------------------------------------------------ On 2012-03-08T21:24:17+00:00 Fedora wrote: ecryptfs-utils-96-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/14 ------------------------------------------------------------------------ On 2012-03-08T21:27:52+00:00 Fedora wrote: ecryptfs-utils-96-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/15 ------------------------------------------------------------------------ On 2012-03-09T04:54:50+00:00 Fedora wrote: ecryptfs-utils-96-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ecryptfs/+bug/922821/comments/16 ** Changed in: ecryptfs-utils (Fedora) Status: Unknown => Fix Released ** Changed in: ecryptfs-utils (Fedora) Importance: Unknown => Undecided -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/922821 Title: ecryptfs-utils can't find renamed blowfish kernel modules in >= 3.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ecryptfs/+bug/922821/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
