eCryptfs in Ubuntu 12.10

Registered by Dustin Kirkland  on 2012-04-23

In this session, we'll discuss eCryptfs in Ubuntu 12.10. Both of the upstream eCryptfs maintainers will be present to discuss the future of eCryptfs, upstream and in Ubuntu.

Topics include:
 - Stabilization and testing with the new unit test framework
 - AES-NI acceleration improvements
 - Longstanding issues or bugs that need to be revisited
 - Steps to removing the "experimental" label in the upstream Linux kernel tree
 - Remote key retrieval in the ecryptfs-utils userspace packages
 - Introduction of ecryptfs.org
 - Migration of questions/answers from Launchpad Answers to StackExchange sites
 - Problems around the ecryptfs-utils prerm check of if ecryptfs is in use
 - ...

Blueprint information

Status:
Complete
Approver:
Jamie Strandboge
Priority:
High
Drafter:
Tyler Hicks
Direction:
Approved
Assignee:
Tyler Hicks
Definition:
Approved
Series goal:
Accepted for quantal
Implementation:
Implemented
Milestone target:
milestone icon ubuntu-12.10-beta-1
Started by
Jamie Strandboge on 2012-05-15
Completed by
Jamie Strandboge on 2012-10-03

Related branches

Sprints

Whiteboard

Topics include:
- New test framework in ecryptfs-utils!
  - Stabilization and testing with the new unit test framework
  - create test before working on the bug
  - need more userspace tests!
  - runs with 'make check'
  - a test is a bash script; there is a template
  - there are "safe" and "destructive" classed tests
  - run tests on top of various filesystems (ext4, btrfs, ext, u1)
  - every bug that's fixed should have a test
  - create a "release" category of tests for kirkland to run when releasing ecryptfs-utils
 - AES-NI acceleration improvements
  - haven't actually re-tested this on Ubuntu 12.04
  - hasn't been deeply investigated
 - Tyler would prefer ecryptfs be a module again, for development reasons
 - Removing the "experimental" label in the upstream Linux kernel tree
   - tyhicks wants:
     - remove broken passthrough feature
     - remove metadata in xattr
 - Longstanding issues or bugs that need to be revisited
  - "garbage at end of file" bug is definitely fixed
    - users still seeing this are seeing a different issue
  - zero length file in lower filesystem
    - could create a userspace utility that does the find -size 0c and cleans these up
      - would be hard for users to discover
    - kernel could convert these 0-length files to a "real" ecryptfs file
    - kernel could unlink the file as part of the failed open handler
  - mmap warning (upstream vfs might have a fix)
 - Introduction of ecryptfs.org
   - Migration of questions/answers from Launchpad Answers to StackExchange sites
- Problems around the ecryptfs-utils prerm check of if ecryptfs is in use
  - perhaps change this to a loud warning
- ecryptfs-utils versioning approaching "100"
  - just keep going
- network retrieval of keys
  - KMIP and the like
    - no kmip libraries in Linux, would have to write and maintain library
- zescrow
  - backup .ecryptfs config and random passphrases to remote service
  - demo in lightning talk today
  - MIR?
  - consider KMIP as the protocol for backup of keys

gema> I tried to add myself to the get QA running the ecryptfs tests and the work items magically changed to tyhicks and removed rtg from there. For your records, independently of what launchpad is doing, I am on the case

(?)

Work Items

Work items:
[tyhicks] ensure tests run on all supported Linux filesystems (medium) (2): DONE
[tyhicks] document test writing in the tests/README file (low) (0.5): DONE
[hggdh2] Start running the ecryptfs tests for kernel SRU verification in QA: DONE
[kirkland] publicize test writing and contribution (blog, #ubuntu-classroom): POSTPONED
[cking] investigate aes-ni ecryptfs bug: DONE
[cking] look at Ubuntu kernel config options around aes-ni: DONE
[tyhicks] to bring cking up to speed on aes-ni investigations so far (high) (0.5): DONE
[tyhicks] announce feature deprecation (high) (0.5): POSTPONED
[tyhicks] remove passthrough (high) (0.5): DONE
[tyhicks] remove xattr metadata support (high) (0.5): DONE
[tyhicks] remove EXPERIMENTAL label (high) (1.5): POSTPONED
[tyhicks] handle the zero-length file problem at the kernel level (high) (2): DONE
[kirkland] create a userspace ecryptfs-janitor type tool that cleans up zero-length files: POSTPONED
[kirkland] move the prerm check to warn loudly, rather than failing entirely: POSTPONED
[cking] expand torture testing: DONE