[Bug 1062816] New: plasma-vault requires fusermount 2.9.7
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816 Bug ID: 1062816 Summary: plasma-vault requires fusermount 2.9.7 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: pablofabian.wagnerboian@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Overview: Recent KDE plasma update to 5.11 brings plasma-vault encrypted "containers". When trying to create one you can choose from two encryption systems: cryfs or encfs, both of them requires fusermount version 2.9.7 (opensuse tumbleweed version: 2.9.5). So, you can create the vault. Steps to reproduce: 1) Install plasma-vault plasmoid. 2) Add the desktop plasmoid. 3) Try to create a vault, choose encfs (cryfs isn't available in opensuse). 4) Check the requirements below: you will see "Incorrect installed version. Needed version: 2.9.7" (Sorry if it isn't the exact string, I've my laptop language set to Spanish). The "Next" button will be grayed out. Actual results: Can't create a vault because fusermount version doesn't meet the requirements. Needed: 2.9.7, installed: 2.9.5. Expected results: fusermount should meet the requirements (upgrade fuse to 2.9.7?). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c1
Wolfgang Bauer
Expected results: fusermount should meet the requirements (upgrade fuse to 2.9.7?).
fuse 2.9.7 is in the devel project since a few days, so this is just a matter of time. https://build.opensuse.org/package/show/filesystems/fuse We probably should add an explicit requirement of >= 2.9.7 to the plasma-vault package if it doesn't work with earlier versions. That change wouldn't get accepted to Factory/Tumbleweed though as long as that dependency cannot be fulfilled, so we're stuck here. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c2
--- Comment #2 from Pablo Fabian Wagner Boian
(In reply to Pablo Fabian Wagner Boian from comment #0)
Expected results: fusermount should meet the requirements (upgrade fuse to 2.9.7?).
fuse 2.9.7 is in the devel project since a few days, so this is just a matter of time. https://build.opensuse.org/package/show/filesystems/fuse
I have already checked that link, after submitting the bug report tough. Just though this should have been reported since plasma-vault is pretty useless without it (it does its own checks apparently). Anyway, thanks for taking a look at this, no hurry here :) One more thing: May I ask why fuse version is from last year instead of a more recent one (like 3.0)? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
Erwin Van de Velde
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
Florian Bauer
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c3
Frank Kruger
(In reply to Pablo Fabian Wagner Boian from comment #0)
Expected results: fusermount should meet the requirements (upgrade fuse to 2.9.7?).
fuse 2.9.7 is in the devel project since a few days, so this is just a matter of time. https://build.opensuse.org/package/show/filesystems/fuse
We probably should add an explicit requirement of >= 2.9.7 to the plasma-vault package if it doesn't work with earlier versions. That change wouldn't get accepted to Factory/Tumbleweed though as long as that dependency cannot be fulfilled, so we're stuck here.
Works for me on TW20171102 with fuse-2.9.7-1.1.x86_64. Please note that since CryFS is officially not available within openSUSE one has to choose EncFS, which results in the warning that "...the current implementation of Encfs is vulnerable or potentially vulnerable to multiple types of attacks...This means that you should not synchronize the encrypted data to a cloud storage service, or use it in other circumstances where the attacker can frequently access the encrypted data." So, is there any chance to have CryFS in Tumbleweed (cf. https://software.opensuse.org/package/cryfs?search_term=cryfs). By the way, although plasma-vault-lang-5.11.2-1.1.noarch is installed, it's a mixture of English and German. Probably an upstream bug? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c4
Fabian Niepelt
[...] So, is there any chance to have CryFS in Tumbleweed (cf. https://software.opensuse.org/package/cryfs?search_term=cryfs). [...]
I've begun to create a package for it, but I've run into some issues that prevents it from compiling. Asked upstream about it, currently waiting for an answer. But I can also confirm that vaults now work with encfs in Tumbleweed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c5
Pablo Fabian Wagner Boian
(In reply to Frank Kruger from comment #3)
[...] So, is there any chance to have CryFS in Tumbleweed (cf. https://software.opensuse.org/package/cryfs?search_term=cryfs). [...]
I've begun to create a package for it, but I've run into some issues that prevents it from compiling. Asked upstream about it, currently waiting for an answer.
But I can also confirm that vaults now work with encfs in Tumbleweed.
Yes, I can now confirm it works: fuse was upgraded to 2.9.7. I took the liberty to close this bug, hope that's ok. Thanks for looking into this. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c6
Stefan Vater
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c7
--- Comment #7 from Stefan Vater
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c8
Fabian Vogt
Looking at the code, it seems that the version of fuse is hardcode in the backends:
plasma-vault/kded/engine/backends/encfs/encfsbackend.cpp plasma-vault/kded/engine/backends/cryfs/cryfsbackend.cpp
`checkVersion(fusermount({ "--version" }), std::make_tuple(2, 9, 7)))`
Can this be changed to 2.9.8 since this was only a bugs fix update?
It's actually doing if (matchedVersion < requiredVersion) which is correct and what's expected, but that seems to be broken. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c9
Fabian Vogt
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c10
Stefan Vater
I just tried here and it works fine.
What's the output of "fusermount --version" for you?
The output is: fusermount version: 2.9.8 prompt> rpm -q fuse fuse-2.9.8-1.1.x86_64 prompt> rpm -q plasma-vault plasma-vault-5.14.4-1.1.x86_64 prompt> rpm -q plasma-vault-backend-cryfs plasma-vault-backend-cryfs-5.14.4-1.1.x86_64 prompt> rpm -q plasma-vault-backend-encfs plasma-vault-backend-encfs-5.14.4-1.1.x86_64 That's all from the tumpleweed repo. I hope that helps. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c11
Fabian Vogt
(In reply to Fabian Vogt from comment #9)
I just tried here and it works fine.
What's the output of "fusermount --version" for you?
The output is:
fusermount version: 2.9.8
prompt> rpm -q fuse fuse-2.9.8-1.1.x86_64
prompt> rpm -q plasma-vault plasma-vault-5.14.4-1.1.x86_64
prompt> rpm -q plasma-vault-backend-cryfs plasma-vault-backend-cryfs-5.14.4-1.1.x86_64
prompt> rpm -q plasma-vault-backend-encfs plasma-vault-backend-encfs-5.14.4-1.1.x86_64
That's all from the tumpleweed repo. I hope that helps.
I still can't reproduce the issue. Does it happen with "plasmawindowed org.kde.plasma.vault" as well? If so, please attach the output of "strace plasmawindowed org.kde.plasma.vault" until the error appears (warning, will be very long). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c12
--- Comment #12 from Frank Kruger
I just tried here and it works fine.
Works here as well with TW20181130. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c13
Stefan Vater
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c14
--- Comment #14 from Stefan Vater
I still can't reproduce the issue. Does it happen with "plasmawindowed org.kde.plasma.vault" as well? If so, please attach the output of "strace plasmawindowed org.kde.plasma.vault" until the error appears (warning, will be very long).
Yes, it also happens with "plasmawindowed org.kde.plasma.vault". I attached the output of strace. I hope that helps. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c15
--- Comment #15 from Stefan Vater
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c16
Fabian Vogt
I found the culprit. I (the user) did not have opermission to fusermount:
prompt> ll /usr/bin/fusermount -rwsr-x--- 1 root root 31512 8. Aug 14:48 /usr/bin/fusermount
changing this to 755, everything works. I do not know, how this happened. Sorry for the noise.
That happens if you have the system permissions set to "secure" instead of "easy". IMO there should be a better error message for this in plasma-vault though. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c17
--- Comment #17 from Stefan Vater
That happens if you have the system permissions set to "secure" instead of "easy".
IMO there should be a better error message for this in plasma-vault though.
Thanks for the explanation. Where do I change the "system permissions"? In Yast? +1 for a better error message :-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c18
--- Comment #18 from Christophe Giboudeaux
Thanks for the explanation. Where do I change the "system permissions"? In Yast?
in the security module (`yast2 security` to open it directly) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816
http://bugzilla.opensuse.org/show_bug.cgi?id=1062816#c19
Fabian Vogt
(In reply to Fabian Vogt from comment #16)
That happens if you have the system permissions set to "secure" instead of "easy".
IMO there should be a better error message for this in plasma-vault though.
Thanks for the explanation. Where do I change the "system permissions"? In Yast?
+1 for a better error message :-)
Bug fixed: https://phabricator.kde.org/D17359 Will be part of the next Plasma version. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com