[ecryptfs-utils/f16] home migration did not work under sudo (#868330)

[Michal Hlavinka]

commit adc9a8d6a15349c1b8b27711f476076efec9580c
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Thu Oct 25 15:10:41 2012 +0200

    home migration did not work under sudo (#868330)

 ecryptfs-utils-100-sudokeyring.patch |   21 +++++++++++++++++++++
 ecryptfs-utils.spec                  |    8 +++++++-
 2 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/ecryptfs-utils-100-sudokeyring.patch b/ecryptfs-utils-100-sudokeyring.patch
new file mode 100644
index 0000000..122d9b7
--- /dev/null
+++ b/ecryptfs-utils-100-sudokeyring.patch
@@ -0,0 +1,21 @@
+diff -up ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring ecryptfs-utils-100/src/utils/ecryptfs-setup-private
+--- ecryptfs-utils-100/src/utils/ecryptfs-setup-private.sudokeyring	2012-10-25 14:48:55.000000000 +0200
++++ ecryptfs-utils-100/src/utils/ecryptfs-setup-private	2012-10-25 14:50:08.637929477 +0200
+@@ -427,8 +427,16 @@ if [ "$BOOTSTRAP" = "1" ]; then
+ 	else
+ 		sig_opt="ecryptfs_sig=$sig"
+ 	fi
++	# If we are running under sudo, the session keyring may not link
++	# to root's user keyring, where the auth tok is stored
++	# Need to join root's keyring, otherwise the mount will fail
++	if [ "$(keyctl describe @s | awk '{ print $3; }')" -ne 0 ]; then
++		_KEK_="keyctl session _uid.0"
++	else
++		_KEK_=
++	fi
+ 	# Do the mount, and provide some helpful symlinks
+-	mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
++	$_KEK_ mount -i -t ecryptfs -o "rw,$sig_opt,ecryptfs_cipher=$CIPHER,ecryptfs_key_bytes=$KEYBYTES" "$CRYPTDIR" "$MOUNTPOINT" || error "Could not mount"
+ 	ln -sf $ECRYPTFS_DIR/$USER/.ecryptfs $MOUNTPOINT/.ecryptfs
+ 	ln -sf $ECRYPTFS_DIR/$USER/.$PRIVATE_DIR $MOUNTPOINT/.$PRIVATE_DIR
+ 	chown -R $USER:$GROUP $ECRYPTFS_DIR/$USER
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index 33e1bfa..b216d00 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 100
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -61,6 +61,8 @@ Patch19: ecryptfs-utils-87-syslog.patch
 Patch21: ecryptfs-utils-96-groupcheck.patch
 Patch22: ecryptfs-utils-99-selinux.patch
 
+# rhbz#868330
+Patch23: ecryptfs-utils-100-sudokeyring.patch
 
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: keyutils, cryptsetup-luks, util-linux-ng, gettext
@@ -116,6 +118,7 @@ the interface supplied by the ecryptfs-utils library.
 %patch19 -p1 -b .syslog
 %patch21 -p1 -b .groupcheck
 %patch22 -p1 -b .selinux
+%patch23 -p1 -b .sudokeyring
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
@@ -252,6 +255,9 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Thu Oct 25 2012 Michal Hlavinka <mhlavink at redhat.com> - 100-5
+- home migration did not work under sudo (#868330)
+
 * Mon Oct 22 2012 Michal Hlavinka <mhlavink at redhat.com> - 100-4
 - set selinux boolean only if not already set (#868298)