fscrypt.git, branch v0.2.6 Go tool for managing Linux filesystem encryption Release version v0.2.6 (#198) 2020-02-11T07:20:14+00:00 Joseph Richey joerichey@google.com 2020-02-11T07:20:14+00:00 43b4079fd8b52e64d694229311afcbcca0e35b19 * Release version v0.2.6 Fixes #195 Also, update the encrypted API key. My person access token had expired, this one should work now. Signed-off-by: Joe Richey <joerichey@google.com> 
* Release version v0.2.6

Fixes #195

Also, update the encrypted API key.
My person access token had expired, this one should work now.

Signed-off-by: Joe Richey <joerichey@google.com>
cmd/fscrypt/commands: allow disabling recovery passphrase (#193) 2020-01-30T03:27:10+00:00 Eric Biggers ebiggers@google.com 2020-01-30T03:27:10+00:00 c4fa1f4ccb407f44dfabf91d1214f06c277a1b9f While it's important to generate a recovery passphrase in the linked protector case to avoid data loss if the system is reinstalled, some people really don't want it (even though it can be safely ignored as it almost certainly has far more entropy than the login passphrase). As a compromise, prompt for y/n before generating it, with default y. Also, to allow disabling the recovery passphrase during noninteractive use, add a --no-recovery command-line option. Update https://github.com/google/fscrypt/issues/186 
While it's important to generate a recovery passphrase in the linked
protector case to avoid data loss if the system is reinstalled, some
people really don't want it (even though it can be safely ignored as it
almost certainly has far more entropy than the login passphrase).

As a compromise, prompt for y/n before generating it, with default y.
Also, to allow disabling the recovery passphrase during noninteractive
use, add a --no-recovery command-line option.

Update https://github.com/google/fscrypt/issues/186
 Merge pull request #192 from ebiggers/cleanup-on-error 2020-01-30T02:46:57+00:00 Eric Biggers ebiggers@google.com 2020-01-30T02:46:57+00:00 0f06c53388f8b020e1a0d48af2f5e334c4ec2aca Clean up policies and protectors on error 
Clean up policies and protectors on error
 actions/policy: revert new protector links on failure 2020-01-28T18:45:52+00:00 Eric Biggers ebiggers@google.com 2020-01-28T04:16:35+00:00 2d7229eb2a97c845d73a65ff9dd3368056c255a6 Ensure that when an encryption policy is reverted (e.g. due to encryptPath() failing after the policy was created), we also delete any new protector links that were created for the policy, as this is not handled by the logic that reverts new protectors. 
Ensure that when an encryption policy is reverted (e.g. due to
encryptPath() failing after the policy was created), we also delete any
new protector links that were created for the policy, as this is not
handled by the logic that reverts new protectors.
filesystem: don't overwrite existing protector links 2020-01-28T18:45:52+00:00 Eric Biggers ebiggers@google.com 2020-01-28T04:16:35+00:00 07d744068d437b09d7a07975e88e18440f5db2f3 When adding a protector to a policy, don't unconditionally overwrite the protector link, because it may already exist. Instead, if it already exists and points to the mount, just use it. If it already exists and points to the wrong place, return an error. Also add a bool to the return value of AddLinkedProtector() so that callers can check whether the link was newly created or not. 
When adding a protector to a policy, don't unconditionally overwrite the
protector link, because it may already exist.  Instead, if it already
exists and points to the mount, just use it.  If it already exists and
points to the wrong place, return an error.

Also add a bool to the return value of AddLinkedProtector() so that
callers can check whether the link was newly created or not.
cmd/fscrypt/commands: clean up properly when encryptPath() fails 2020-01-28T18:45:52+00:00 Eric Biggers ebiggers@google.com 2020-01-28T04:16:35+00:00 5c08edd521deadd36bec36662d30681b01253d62 Move the deferred locking and deletion of the policy on failure to the correct places, so that it's done in all failure cases, including in the case where adding the recovery protector fails. Also make the recovery protector be locked and deleted on failure. Finally, put all the code to do deferred deprovisioning of the policy in the same place: right after it's provisioned. 
Move the deferred locking and deletion of the policy on failure to the
correct places, so that it's done in all failure cases, including in the
case where adding the recovery protector fails.

Also make the recovery protector be locked and deleted on failure.

Finally, put all the code to do deferred deprovisioning of the policy in
the same place: right after it's provisioned.
actions/recovery: revert protector if it can't be added to policy 2020-01-28T18:45:52+00:00 Eric Biggers ebiggers@google.com 2020-01-28T04:16:35+00:00 4e0230bdbc9cf893099919170a10e44f84422747 Ensure that a failed AddRecoveryPassphrase() doesn't leave around an unneeded protector file. 
Ensure that a failed AddRecoveryPassphrase() doesn't leave around an
unneeded protector file.
cmd/fscrypt/errors: explicitly mark error messages as errors (#191) 2020-01-28T09:58:51+00:00 Eric Biggers ebiggers@google.com 2020-01-28T09:58:51+00:00 9927ab8426e765db8de304e9f99ba5c520b5018c When an fscrypt command fails and prints an error message, in some cases it isn't clear that the message is actually an error, e.g.: fscrypt encrypt: login protectors do not need a name Make it clear by always prefixing the message with "[ERROR] ", e.g. [ERROR] fscrypt encrypt: login protectors do not need a name Update https://github.com/google/fscrypt/issues/186 
When an fscrypt command fails and prints an error message, in some cases
it isn't clear that the message is actually an error, e.g.:

    fscrypt encrypt: login protectors do not need a name

Make it clear by always prefixing the message with "[ERROR] ", e.g.

    [ERROR] fscrypt encrypt: login protectors do not need a name

Update https://github.com/google/fscrypt/issues/186
 cmd/fscrypt/setup: don't prompt to create /etc/fscrypt.conf (#190) 2020-01-28T09:57:46+00:00 Eric Biggers ebiggers@google.com 2020-01-28T09:57:46+00:00 2c57ab18375a8d0b4df9c4b6d9f3692d14edfee7 When 'fscrypt setup' sees that /etc/fscrypt.conf doesn't exist, don't ask for confirmation before creating it. Just do it. This is the normal use, and there's not a good reason to ask the user to confirm it. 
When 'fscrypt setup' sees that /etc/fscrypt.conf doesn't exist, don't
ask for confirmation before creating it.  Just do it.  This is the
normal use, and there's not a good reason to ask the user to confirm it.
 actions/recovery: ensure recovery passphrase is really custom_passphrase 2020-01-28T03:24:30+00:00 Eric Biggers ebiggers@google.com 2020-01-28T03:24:30+00:00 d5b8bdcfba528c0c0e9f8052a705e454b26cb28f If the login protector was just created by the same 'fscrypt encrypt' command, then policy.Context.Config.Source will be pam_passphrase. This needs to be overridden to custom_passphrase when creating the protector for the recovery passphrase. This fixes the following error: fscrypt encrypt: login protectors do not need a name Resolves https://github.com/google/fscrypt/issues/187 Update https://github.com/google/fscrypt/issues/186 
If the login protector was just created by the same 'fscrypt encrypt'
command, then policy.Context.Config.Source will be pam_passphrase.  This
needs to be overridden to custom_passphrase when creating the protector
for the recovery passphrase.

This fixes the following error:

    fscrypt encrypt: login protectors do not need a name

Resolves https://github.com/google/fscrypt/issues/187
Update https://github.com/google/fscrypt/issues/186