我正在运行 Arch Linux,并尝试使用 eCryptFS 设置加密文件夹。我已经按照 Arch 的 Wiki 上的教程进行了操作手动安装,它确实有效。当我尝试在启动时自动挂载此目录时,会出现问题。
我的以下条目中有此条目/etc/fstab
:
/home/henrique/.secret /home/henrique/secret ecryptfs user,rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=5fe512dc3ad6af7e,ecryptfs_sig=e7a764a16f23b1e4,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs 0 0
启动时,我在日志中看到:
Jun 08 01:45:15 henrique-pc kernel: Key type trusted registered
Jun 08 01:45:15 henrique-pc kernel: sha256_ssse3: Using AVX optimized SHA-256 implementation
Jun 08 01:45:15 henrique-pc kernel: Key type encrypted registered
Jun 08 01:45:15 henrique-pc mount.ecryptfs[595]: Key module [openssl] does not have a subgraph transition node; attempting to build a linear subgraph from its parameter list
Jun 08 01:45:15 henrique-pc mount.ecryptfs[595]: Key module [openssl] has empty parameter list
Jun 08 01:45:15 henrique-pc mount[594]: Select key type to use for newly created files:
Jun 08 01:45:15 henrique-pc mount[594]: 1) passphrase
Jun 08 01:45:15 henrique-pc mount[594]: 2) openssl
Jun 08 01:45:15 henrique-pc mount[594]: Selection: Error attempting to evaluate mount options: [-5] Input/output error
Jun 08 01:45:15 henrique-pc mount[594]: Check your system logs for details on why this happened.
Jun 08 01:45:15 henrique-pc mount[594]: Try updating your ecryptfs-utils package, and/or
Jun 08 01:45:15 henrique-pc mount[594]: submit a bug report on https://bugs.launchpad.net/ecryptfs
Jun 08 01:45:15 henrique-pc systemd[1]: home-henrique-secret.mount mount process exited, code=exited status=251
Jun 08 01:45:15 henrique-pc systemd[1]: Failed to mount /home/henrique/secret.
-- Subject: Unit home-henrique-secret.mount has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit home-henrique-secret.mount has failed.
--
-- The result is failed.
Jun 08 01:45:15 henrique-pc systemd[1]: Dependency failed for Local File Systems.
-- Subject: Unit local-fs.target has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit local-fs.target has failed.
--
-- The result is dependency.
Jun 08 01:45:15 henrique-pc systemd[1]: Triggering OnFailure= dependencies of local-fs.target.
Jun 08 01:45:15 henrique-pc systemd[1]: Unit home-henrique-secret.mount entered failed state.
Jun 08 01:45:15 henrique-pc systemd[1]: Closed CUPS Printing Service Sockets.
-- Subject: Unit cups.socket has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
我已经/etc/security/pam_mount.conf.xml
按照教程所述配置了我的:
<luserconf name=".pam_mount.conf.xml" />
<mntoptions require="" />
<lclmount>mount -i %(VOLUME) "%(before=\"-o\" OPTIONS)"</lclmount>
这是systemctl status
这个过程的过程。我认为挂载脚本不使用-i
我在以下文件中声明的选项很奇怪/etc/security/pam_mount.conf.xml
:
● home-henrique-secret.mount - /home/henrique/secret
Loaded: loaded (/etc/fstab)
Active: failed (Result: exit-code) since Dom 2014-06-08 02:11:24 BRT; 1min 42s ago
Where: /home/henrique/secret
What: /home/henrique/.secret
Docs: man:fstab(5)
man:systemd-fstab-generator(8)
Process: 433 ExecMount=/bin/mount /home/henrique/.secret /home/henrique/secret -t ecryptfs -o user,rw,nosuid,nodev,relatime,ecryptfs_fnek_sig=5fe512dc3ad6af7e,ecryptfs_sig=e7a764a16f23b1e4,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs (code=exited, status=251)[/b]
[b]Jun 08 02:11:24 henrique-pc mount[433]: Select key type to use for newly created files:
Jun 08 02:11:24 henrique-pc mount[433]: 1) passphrase
Jun 08 02:11:24 henrique-pc mount[433]: 2) openssl
Jun 08 02:11:24 henrique-pc mount[433]: Selection: Error attempting to evaluate mount options: [-5] Input/output error
Jun 08 02:11:24 henrique-pc mount[433]: Check your system logs for details on why this happened.
Jun 08 02:11:24 henrique-pc mount[433]: Try updating your ecryptfs-utils package, and/or
Jun 08 02:11:24 henrique-pc mount[433]: submit a bug report on [url]https://bugs.launchpad.net/ecryptfs[/url]
Jun 08 02:11:24 henrique-pc systemd[1]: home-henrique-secret.mount mount process exited, code=exited status=251
Jun 08 02:11:24 henrique-pc systemd[1]: Failed to mount /home/henrique/secret.
Jun 08 02:11:24 henrique-pc systemd[1]: Unit home-henrique-secret.mount entered failed state.
我认为问题是我的密钥环是空的,但没有提示我输入密码。虽然,我真的不应该被提示,并且应该使用此脚本加载密码:
#!/bin/sh
#
# /usr/local/bin/doecryptfs
exit $(/usr/sbin/pmvarrun -u$PAM_USER -o0)
我已经配置了 files system-auth
,login
并gdm
在目录中/etc/pam.d
使用了以下内容:
auth [success=ignore default=1] pam_exec.so quiet /usr/local/bin/doecryptfs
但这不起作用。
还有一件重要的事情:似乎该$PAM_USER
变量从未设置过,因此这可能会使脚本失败。
为了安装此文件夹,我需要先登录(没有 中的条目/etc/fstab
),将密码添加到我的密钥环中,只有在此之后,我才能使用mount.ecryptfs_private
命令安装它。
教程有点令人困惑。我不确定我是否在某个时候搞砸了。