Hi, I'm in the process of rebuilding new virtual instances for the Desktop user's of my company. We provides these instance in order to be able to run the validated software stack on non-validated software stacks (ie. running a virtual box inside a custom installed Linux, or on OSX or Windows). Theses virtual machines usually ends on laptops. In order to keep safe the company's data in case of a laptop being stolen, we set up an encrypted home with ecryptfs-utils.
More over, the install process of Desktop machines is standardized and shared with bare-metal machines. I install all through deboostrap (from the validated stack we use on our servers). In order to run the Desktops, and because of new hardware with video cards not supported in Stretch, we took the move to Buster a bit earlier an went into the testing wonderland. This is mostly just a dist-upgrade of the current validated stack. As a side effect, this helps to pre-validate all our stack on Buster. But I just discovered today that ecryptfs-utils is not longer part of Buster since 2018-12-19. To my understanding, this is due to bug [1] which perfectly justify the removal of ecryptfs-utils from Buster. This bug don't really affect our use case scenario as we only target to protect the data at rest only. I would prefer a bug-free solution, but we find acceptable to keep on using ecryptfs, especially in contrast of taking the time to configure something else. I thus solicit your advice to devise a solution to make it installable again. I would like a « simple and easy » solution. Here is the options I see : - Install ecryptfs-utils before proceeding the dist upgrade to buster, so I have the package installed. But won't Buster removes it, as feared in [2] ? I have also prepared some virtual instances for our users and I would prefer not to throw them away to start anew if possible. - Builds the virtual instance on Stretch only, not Buster. But I wouldn't like it much as it would make a split of versions on the Desktops, and then would add maintenance. More over, user would not be at ease with different versions of what they use depending if their are on their bare-metal machine (requiring Buster) or on their virtual instance (requiring Stretch). Also, with staying on Stretch, when Buster turn stable stable, then oldstable, how shall I handle the fact that Stretch will slowly slip in retirement and that Buster as no alternative, so I can't make the move. - Install ecryptfs-utils from Sid ? Isn't it risky to take it from Sid ? Especially for such a package. - Some other approach I not foresee, like maybe add the Stretch repository in sources.list in order to grab it from there ? It it feasible ? I think I would prefer grab the package from Stretch than from Sid. Both are right now the same versions (as was the version for Buster), but taking it from Strech would grant me it will not change. I also prefer not adding the Sid repos in the sources.list. I already was pretty reticent to made the bump to testing, so to take the plunge to Sid is way to extreme. Clearly, what would be best would be to proceed with a Buster already installed system. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765854 [2] https://www.reddit.com/r/debian/comments/asei6c/ecryptfsutils_in_buster/ Regards, Pierre.
