encrypted home-folder not unlocked when login

I think I've found the problem. Apparently, pam support is not enabled in this build. In debian/control, libpam0g is listed as build dependency instead of libpam0g-dev.

I uploaded a modified version my ppa. Only replacing libpam0g with libpam0g-dev as build dependency. The problem is fixed with this build.

https://launchpad.net/~henryykt/+archive/various/+build/1962225

I have the same issue here on Ubuntu 10.10. My home directory is only encryptet if I log into the console under F1-6 or use ecryptfs-mount-private. On Ubuntu 10.04 all was working fine. An alternative is using GDM but I hope I can continue using LXDM in the future.

Hi, Henry Tang

Your package; lxdm_0.2.0-0ubuntu1-henry1 is still effective for 10.10. Thank you!

Thank you for your bug report. Can someone test with my package (lxdm_0.2.0-0ubuntu3.1~ppa1) in my PPA (https://launchpad.net/~gilir/+archive/unstable) and report back if it's work or not ?

It works on me without a problem. This was fast support, thanks.

Fix is working for me as well. (jumpingclear from IRC)

thanks

lxdm_0.2.0-0ubuntu3.1~ppa1 works on my maverick. Thanks.

Accepted lxdm into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

The proposed package is fine. Thank you.

Th

SRU verification for Maverick:
I have reproduced the problem with lxdm 0.2.0-0ubuntu3 in maverick and have verified that the version of lxdm 0.2.0-0ubuntu3.1 in -proposed fixes the issue.

Marking as verification-done

Unfortunately I cannot confirm the fix with the new package. I have manually replaced just the lxdm package, and although mounting the home directory works now, I get a "permission" error when inserting an usb stick. Reinstalling the old lxdm version gives the previous behaviour (mounting broken, but USB stick works again).

Setting back to v-needed for now until Daniel's regression report is investigated. Daniel, with the new package installed, can you please copy&paste the output of "ck-list-sessions"?

Yes sure, but it will take some time (propably ~10 hours) until I can access my machine.

I discovered also another problem, after reverting back to the old lxdm package (don't know if it's related). Actually if I log into the console first and then into the desktop via lxdm, the password manager seems not to access the passwords-db where my wifi password is stored. With the new lxdm package, this is fixed though.

It would be interesting to know if Sworddragon and others using the "login to console first workaround" were experiencing the same issue.

But finally, here's thepromised output of "ck-list-sessions", with the new package installed:

Session1:
 unix-user = '1000'
 realname = 'Daniel K.'
 seat = 'Seat1'
 session-type = ''
 active = TRUE
 x11-display = ''
 x11-display-device = ''
 display-device = '/dev/tty7'
 remote-host-name = ''
 is-local = TRUE
 on-since = '2010-10-18T17:49:03.540978Z'
 login-session-id = ''
 idle-since-hint = '2010-10-18T17:49:34.004196Z'
Session2:
 unix-user = '1000'
 realname = 'Daniel K.'
 seat = 'Seat1'
 session-type = ''
 active = FALSE
 x11-display = ':0'
 x11-display-device = '/dev/tty7'
 display-device = ''
 remote-host-name = ''
 is-local = TRUE
 on-since = '2010-10-18T17:49:03.690118Z'
 login-session-id = ''

Daniel,

it's a bit strange that you have not just one, but two registered sessions; did you have this with the old lxdm as well? My first suspicion was that there was none, which would explain the permission error.

So can you please insert the USB stick and copy&paste the output of

  udisks --mount /dev/sdb1

? The "sdb1" name is just a guessing, though. After inserting the USB stick, please have a look at the last couple of lines of "dmesg", which will report the new USB stick device (sda, sdb, sdc, etc.).

Thanks!

Martin,

I have still the new package installed, and here is the output of udisks --mount /dev/sdb1 (yes it's sdb1 in my case):

Mount failed: not authorized

It is exactly the same message I get in the popup dialog when inserting the USB Stick (seems like it's a lxdm dialog?). When I try the udisks command using sudo it works. And I tried again, ck-list-sessions still lists both sessions, although I just explicitely powered on the machine and logged in only via lxdm (I even didn't switch to the console).

I will now try uninstalling the new package and installing back the old one, and then report about "ck-list-sessions" output after logging in only graphically.

I uninstalled the new package and reinstalled the old package again. I used the following commands:

apt-get autoremove lxdm && apt-get install lubuntu-desktop

This works fine, since I installed the new package directly via dpkg, not by adding the proposed repository. (Of course I downloaded the package manually from the site carrying the proposed updates)

For the ck-list-sessions I now get exactly the same output as "Session2" posted above, except that I only have one session now.

One more strange thing I noticed: After login I get the "record your passphrase dialog" AND it seems I cannot write anything to my home directory, I even can't change the window theme in the openbox preferences, but I guess the other affected users should experience the same problem. (I assume, /home/daniel is owned by root when using ecryptfs by default)

I just reinstalled and updated to the proposed lxdm. It seems to work fine. It mounts my encrypted home and it auto mounted a usb pen with no problems.

I also can't reproduce the regression. An usb pen mount normaly with the new package. I also have only 1 session in ck-list-session, but i didn't test with an encrypted home. Maybe there is a different behavior ?

"I discovered also another problem, after reverting back to the old lxdm package (don't know if it's related). Actually if I log into the console first and then into the desktop via lxdm, the password manager seems not to access the passwords-db where my wifi password is stored. With the new lxdm package, this is fixed though.

It would be interesting to know if Sworddragon and others using the "login to console first workaround" were experiencing the same issue."

I'm new on linux and don't know how to test it. It seems that this is WLAN related but can it be tested without having a WLAN? If yes just say me how to test it so that I can give you the result.

Julien, bailout: How did you install the new package? Via -proposed updates or (like me) directly by download the .deb file and issuing "dpkg -i"? Are there any dependencies the new package has, which the old one might not had?

I confirm this.

As of 28/10/2010, I installed Ubuntu 10.04 (*), apt-updated but did not apt-upgrade, instead I upgraded directly to 10.10. Then I installed lubuntu-desktop with SRU's, choosing lxdm as default. I rebooted and didn't get my home folder mounted.

I will try the proposed package and report back.

_____

(*) Tried lubuntu-10.10-desktop-i386.iso first but after 15 error messages it couldn't install or produce some output explaining what it was doing to my disks. After 2 hours nothing was happening in spite of the entertaining installation slides. Tried ubuntu-10.10-desktop-i386 but in Lucid Usb-Creator couldn't make an USB out of it and produced error messages as well.

Off-topic: I got spoiled by ssh_auth_sock as gnome sets it, and I miss it a lot in Lubuntu (Bug #664206). I have no idea where it is done in Gnome to think of a workaround for the lack of ssh keyring support, any suggestions?

Oh, I didn't consider the "installation path" yet. How did you (Julien, bailout) install lubuntu 10.10? I installed a console system using the Alternative Ubuntu ISO, then installed the package "lubuntu desktop" - I didn't try doing an upgrade from 10.04.

In order to verify this bug I once again executed the following steps on a completely different machine, where I did a full, fresh installation from scratch and precisely recorded all steps I made:

* Inserted Ubuntu Maverick 10.10 Alternative i386 CD and booted the installer (selecting "Command line system" at the first screen via F4)
* Installed the system normally, using the option "erase whole drive" and when asked selected to use an encrypted home directory
* apt-get update && apt-get dist-upgrade
* reboot
* apt-get install lubuntu-desktop
* reboot
* logged into lxde, observed the same problem as the initial poster (verified by going to preferences -> openbox configuration manager; when trying to change any theme, the permission denied error came up because it could not write to the home directory)
* shutdown
* bootup, login to console
* added the proposed-proposed line into /etc/apt/sources.list and created /etc/apt/preferences (exactly as described in the wiki linked in comment #11)
* executed the following command line: apt-get install lxdm/maverick-proposed
* reboot
* logged into new lxde session
* the message "record your passphrase ..." came up, clicked it away.
* went into openbox configuration manager, this time changing the theme worked fine.
* inserted the same USB pen drive that failed in my previous machine. And it failed again with the same error message!
* inserted a different USB pen drive - same failure
* executed "ck-list-sessions": Again, two sessions are shown.

Sorry, but I really can't confirm your fix guys!

I also verified the bruned CD image of the installation CD, it exactly matches the MD5sum on the ftp server (419ad8ee1bb76a49490f4a08b5be43f0 *ubuntu-10.10-alternate-i386.iso).

This bug was fixed in the package lxdm - 0.3.0-0ubuntu1

---------------
lxdm (0.3.0-0ubuntu1) natty; urgency=low

  * Merge with Debian git.
  * Ubuntu remaining changes:
   - debian/rules:
    + Pass --libexecdir=/usr/lib/lxdm to keep the same location for the greeter
    + Add CFLAGS for GTK3 migration.
    + Add LDFLAGS for building with --as-needed
   - debian/patches/lxdm.conf_greeter_path_fix.patch:
    + Use /usr/lib/lxdm prefix to keep the same location for the greeter.
   - debian/patches/16_gtk3_migration.patch:
    + Build with CFLAGS for GTK3 migration.
   - debian/lxdm.postinst:
    + Remove alternatives file if it's not a symlink (LP: #616188).
   - debian/lxdm.prerm
    + Don't remove alternative on upgrade.

lxdm (0.3.0-1) UNRELEASED; urgency=low

  * New upstream release.
   - Fix login with spaces (LP: #621818)
  * debian/patches:
   - 10-selinux-fix.patch
   - 11-env-fix-1.patch
   - 12-env-fix-2.patch
   - 19-mode-debug.patch
   - 20-fix-xauthority.patch
   Merged upstream.
   - 15-path-replace.patch: Refresh.
   - 17-follow-symlink.patch: Drop, not needed with the new version.
   - 99-autoreconf.patch: Drop, not needed.
  * debian/control:
   - Build-depends on libpam0g-dev to build with PAM support. (LP: #635698)
   - Build-depends on libglib2.0-dev.
   - Build-depends on libx11-dev for xconn.
  * debian/copyright:
   - Update with new files.
  * debian/links
   - Link new binaries with the current manpage.
 -- Julien Lavergne <email address hidden> Fri, 05 Nov 2010 00:44:42 +0100

I just upgraded to 0.3.0-0ubuntu1. Unfortunately, the issue with the usb pen drive is still present.

Thanks Daniel for the test. Could you also check if you have the package libpam-ck-connector installled ? It could be related to the bug # 576073.

Sorry, I can't access the machine with this installation at the moment. But if lubuntu-desktop depends (indirectly) on libpam-ck-connector, I will have this package installed, since I carried out the steps described in #27 and this involves the installation of lubuntu-desktop with all its dependencies.

Thank you for pointing out the related bug #576073, Julien. After uninstalling libpam-ck-connector the issue with the USB stick has been resolved. The USB pen drive work now properly after lxdm login with the 0.3.0-0ubuntu1 version of lxdm.

This sounds very strange and actually unrelated, but somehow the proposed update triggers this bug, so it introduces a regression. Marking as verification-failed for now.

I can also add a conflict on libpam-ck-connector, which should workaround this bug. I don't think a real fix will be available soon, as upstream recommends to not install this package with lxdm.

Julien Lavergne [2010-11-27 13:12 -0000]:
> I can also add a conflict on libpam-ck-connector, which should
> workaround this bug. I don't think a real fix will be available soon, as
> upstream recommends to not install this package with lxdm.

If lxdm has never worked with libpam-ck-connector, then this might be
an option. Normal Ubuntu installs this package by default, though, and
it's the only thing which gives you local hardware access (sound,
USB sticks, etc.) on VTs.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Failed SRU, in -proposed for three months, I removed the proposed package.

So what's the temporary solution for this problem now? I would propose to put the fixed lxdm with the "conflicts libpam-ck-connector" back to -proposed and finally release it. As of the current situation, the "out of the box" experience with Lubuntu really sucks. You do a normal installation with encryption enabled, and your system is broken "by default" :(

Sorry for the delay, I re-uploaded a version which include the fix for encrypted home, and the conflict to workaround the bug when mounting usb drives.

Accepted lxdm into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I ran Lubuntu 10.10 in a virtualbox VM, added a user with an encrypted home directory and demonstrated the original bug. Enabled -proposed, updated the world, rebooted the VM, and verified I can now access that encrypted home directory immediately after login.

Since I am running virtualbox-ose I cannot test the USB stick mount issues relating to libpam-ck-connector directly. I confirm the proposed lxdm package as a Conflicts: libpam-ck-connector entry, but that's as far as I can go with testing that.

However, there is *another* rather nasty encryption-related issue that appears, and I am not sure whether it is related to this fix or not: after doing all the above (installed Lubuntu, update it, add a user with an encrypted home, add -proposed to sources, update and upgrade, reboot, verify encrypted home user now automounts his home), it seems that apt-get autoremove tries to remove packages it should be leaving well alone:

sudo apt-get autoremove -s
[sudo] password for jonathan:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  cryptsetup dmraid ecryptfs-utils keyutils libdebconfclient0
  libdmraid1.0.0.rc16 libecryptfs0 linux-headers-2.6.35-22
  linux-headers-2.6.35-22-generic localechooser-data ndiswrapper-common
  python-pyicu python-webkit rdate reiserfsprogs
0 upgraded, 0 newly installed, 15 to remove and 0 not upgraded.

If a real (not simulated) apt-get remove is attempted after the user with the encrypted home has logged in, bad things happen:

The following packages will be REMOVED:
  cryptsetup dmraid ecryptfs-utils keyutils libdebconfclient0
  libdmraid1.0.0.rc16 libecryptfs0 linux-headers-2.6.35-22
  linux-headers-2.6.35-22-generic localechooser-data ndiswrapper-common
  python-pyicu python-webkit rdate reiserfsprogs
0 upgraded, 0 newly installed, 15 to remove and 21 not upgraded.
After this operation, 94.4MB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 97781 files and directories currently installed.)
Removing cryptsetup ...
update-initramfs: deferring update (trigger activated)
Removing dmraid ...
update-initramfs: deferring update (trigger activated)
Removing ecryptfs-utils ...
ERROR: Cannot remove ecryptfs-utils, as it appears to be in use:
       [/home/eh/.ecryptfs]
dpkg: error processing ecryptfs-utils (--remove):
 subprocess installed pre-removal script returned error exit status 1
Removing libdebconfclient0 ...
Removing libdmraid1.0.0.rc16 ...
Removing linux-headers-2.6.35-22-generic ...
Removing linux-headers-2.6.35-22 ...
Removing localechooser-data ...
Removing ndiswrapper-common ...
Removing python-pyicu ...
Removing python-webkit ...
Removing rdate ...
Removing reiserfsprogs ...
dpkg: keyutils: dependency problems, but removing anyway as you requested:
 ecryptfs-utils depends on keyutils; however:
  Package keyutils is to be removed.
Removing keyutils ...
dpkg: libecryptfs0: dependency problems, but removing anyway as you requested:
 ecryptfs-utils depends on libecryptfs0 (>= 77); however:
  Package libecryptfs0 is to be removed.
Removing libecryptfs0 ...
Processing triggers for man-db ...
...

Thank you for this interesting report, Jonathan.

I am still running the approach described in #33 with no problems so far. I just tried running apt-get autoremove, but it did not suggest removing the packages you have mentioned. I guess, not mentioning the dependency works different than the "conflict" implemented by Julien.

Can't we just exclude "libpam-ck-connector" from the lubuntu-desktop metapackage?

The issue with the autoremove removing things it should not is NOT related to this fix.

It exists right after an install from the Lubuntu 10.10 CD. I just tested this both in a virtual machine, and, out of an abundance of caution, on a real physical machine too.

So while there is definitely a bug there, it is not exactly the same as this one, or triggered by the -proposed fix. It appears to be strongly related to bug #653628.

I'll either open a new bug (probably) or add info to bug #653628.

Now, since I have a physical PC running Lubuntu 10.10 now, I can tested the -proposed lxdm package there and so check the USb stick aspect of it.

OK, fix verified:

(1) The lxdm package in -proposed allows automounting of encrypted home directories at login.

(2) The lxdm package in -proposed does not allow simultaneous presence of the libpam-ck-connector package.

The whole autoremove problem will become a separate bug.

bug #710049 has been created to deal with the autoremove-removes-ecryptfs-utils issue.

Apologies for having cluttered this bug with it earlier.

Thanks for the thorough testing!

This bug was fixed in the package lxdm - 0.2.0-0ubuntu3.2

---------------
lxdm (0.2.0-0ubuntu3.2) maverick-proposed; urgency=low

  * debian/control:
   - Add conflicts on libpam-ck-connector to workaround bug #576073.

lxdm (0.2.0-0ubuntu3.1) maverick-proposed; urgency=low

  * debian/control:
   - Build-depends on libpam0g-dev to fix login to encrypted home (LP: #635698)
 -- Julien Lavergne <email address hidden> Sat, 15 Jan 2011 18:18:31 +0100