Re: Looking for volunteers to test and review ecryptfs integration with Android

[Tyler Hicks <tyhicks@canonical.com>]

[-- Attachment #1: Type: text/plain, Size: 2478 bytes --]

On 2013-12-05 10:57:27, William Roberts wrote:
> On Thu, Dec 5, 2013 at 10:38 AM, Tyler Hicks <tyhicks@canonical.com> wrote:
> > On 2013-12-05 19:32:11, Catalin Ionita wrote:
> >> Hi,
> >
> > Hello!
> >
> >>
> >> I've been working for some time on a solution to integrate ecryptfs
> >> in Android. Due to some Android specifics and license problems I had
> >> to rewrite the userspace tools.
> >
> > I really wish these problems would have been brought up on this list.
> > Fragmentation of the utilities is a bad thing. There's already enough of
> > it in ecryptfs-utils (mount.ecryptfs vs mount.ecryptfs_private) but now
> > there's an entirely new package, too.
> >
> >> Also, for a nice finish touch, I have
> >> implemented Android user data encryption from top (including a minimal
> >> GUI) to bottom on a Nexus 4 running latest AOSP kitkat.
> >
> > Very cool. Looking forward to checking it out.
> >
> >>
> >> I'm looking for volunteers to test, review or contribute to Android
> >> userspace tools that I've built. The project is stored at
> >> https://github.com/catalinionita/Ecryptfs-Tools-for-Android
> >
> > First, I'd like to explore merging the two code bases. Can you lay out
> > the reasons for writing from scratch?
> 
> If he is looking to upstream it, Google prefers things under Apache
> 2.0. However,
> this doesn't mean that other licenses are instantly a no either. For
> example, checkpolicy.

efs-tools, like ecryptfs-utils, is building against the LGPL-ed
libkeyutils.

It would obviously take some more thought, but it is possible for
ecryptfs-utils to provide an LGPL'ed library that all eCryptfs user
space utilities could use.

libecryptfs was supposed to be exactly that, but it was unfortunately
licensed as GPL long ago...

> 
> On the code side, are their dependencies to other libraries that the
> userspace tools
> require that perhaps Android does not  have or has incompatible versions?

Possibly, but that could be worked around at build time.

> 
> Another reason would perhaps be size, lets see what the author says.
> Also, I could swear
> I remember reading something about him asking about Android ecryptfs before.

There have been a couple people ask about building ecryptfs-utils on
Android. I think the libnss dependency is the problem. We've discussed
how to solve that problem with at least one of those people, but I'm
pretty sure that it wasn't Catalin.

Tyler

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]