Modify ecryptfs version preinstalled in Mint's ISO

[axrusar]

Coming from my thread here: viewtopic.php?t=411380

The Mint's installation allows the option to encrypt the home folder and I guess that a lot of people do. I did.
In case of disaster, the encrypted home folder data can be recovered using a single command from a live session:

Code: Select all

sudo ecryptfs-recover-private .Private

In my test as shown in the link above, using the Mint 21.2 live session fails to mount the decrypted data making it extremely tedious and probably impossible for any user that lacks advanced terminal ninja skills.
But if the Mint 20.3 live session is used, the data is successfully mounted using the same command.

Mint 20.3 has ecryptfs-utils 111-0ubuntu7 and works
Mint 21.2 has ecryptfs-utils 111-5ubuntu1 and does not work

My suggestion is that the ISO should be modified and ship with a version that works decrypting the private home folder regardless of what version of Mint the user has setup.

This same bug is documented in the debian forums for many years and the workarounds are poorly documented, tedious or do not work at all.

[rickNS]

The Mint's installation allows the option to encrypt the home folder and I guess that a lot of people do. I did.

And of " a lot of people do", most of those should not.
Sure there are some people who actually need this feature, those who travel with actual sensitive information. For the average home user, it is over-kill.
IMO, encryption is far to easy to get into, and very hard to get out of. If I had a dime for every time I saw a thread, "I forgot my password"...

Good Job on the solve !

[t42]

I think, modifying iso is not enough as the latest package version will remain in the jammy universe repository. If that will be accepted an older version of eCryptfs will be installed during installation and immediately upgraded to the current version on the first update, it's quite unusual, and user has to retain such iso just in case, even after upgrading Linux Mint to the next version. I think it would be better just to remove eCryptfs from the installation options like all other distributions did at the time. It is still available in the repositories and you can install it if you want and if you feel up to it.

[axrusar]

And of " a lot of people do", most of those should not.
Sure there are some people who actually need this feature, those who travel with actual sensitive information.

IMO Mint is a distribution that attracts a lot of newcomers switching from windows or mac, AKA newbies that have no clue yet about how to deal with encryption in Linux.
The linux Mint installer is extremely easy and self explanatory to follow, i think easier and less crowded than windows, and the option to encrypt the home folder is there. For most newbies this option screams "security" hence my statement "a lot of people do, i did".
Yes, I frequently travel across continents and store lots of my customer's sensitive information on my laptop. I believe that anyone who installs an operating system on a laptop that leaves the house, which could be lost, stolen, or tampered with during a service at any time, should consider encrypting the home folder as most likely than not, there will be personal / sensitive files / accounts you do not want anyone else to snoop into. You said "most of those should not" but i see most people asking questions here are using a laptop. Even just having a basic email account linked to a financial institution for authentication is a compelling reason to encrypt your home folder, especially in today's climate of increasing scams and extortion. You don't necessarily need to store highly sensitive information on your computer to justify encryption.

I think, modifying iso is not enough as the latest package version will remain in the jammy universe repository.

As I understand it, Mint is based on Ubuntu. Therefore, the packages should already be included in the Mint ISO, matching the version shipped with the corresponding Ubuntu release.

Couldn't the Mint developers modify the ISO to replace eCryptfs with a working version? This would simplify the process for users who want to mount their encrypted home folder during the live session. Currently, users would have to manually replace the package, which is more complex and may not be obvious to everyone.

From a user-friendly perspective, it would be convenient to simply use any live session for system recovery without worrying about this issue. This improvement could also be added to Mint's documentation as an additional resource, considering that the option to encrypt the home folder was readily available from the start.