fscrypt.git/README.md, branch v0.2.8 Go tool for managing Linux filesystem encryption README.md: try to disambiguate "fscrypt" (#226) 2020-05-14T02:11:28+00:00 Eric Biggers ebiggers@google.com 2020-05-14T02:11:28+00:00 7cc81fcdf21ed74ff01fc52d79a40773b74a62f9 Explicitly mention that "fscrypt" here means the userspace tool, not the kernel part. Also write `fscrypt` in code font to emphasize this. 
Explicitly mention that "fscrypt" here means the userspace tool, not the
kernel part.  Also write `fscrypt` in code font to emphasize this.
 README.md: further improve the "encryption not enabled" section (#227) 2020-05-14T02:10:18+00:00 Eric Biggers ebiggers@google.com 2020-05-14T02:10:18+00:00 952d6d413c3a1ec5aaadc47c226005d478b819ed 






README.md: fix typo "nrounds" => "rounds" (#228)
2020-05-14T01:53:56+00:00

Eric Biggers
ebiggers@google.com

2020-05-14T01:53:56+00:00

e5ffbb1c0e648d83864c44f8ee25eae59eab211d

Update https://github.com/google/fscrypt/issues/220




Update https://github.com/google/fscrypt/issues/220






README.md: improve documentation for login protectors (#223)
2020-05-12T16:45:42+00:00

Eric Biggers
ebiggers@google.com

2020-05-12T16:45:42+00:00

1fbde0288b2d53d4e811b8869979429a57bff58f

Update https://github.com/google/fscrypt/issues/220




Update https://github.com/google/fscrypt/issues/220






README.md: update v2 policy-related documentation
2020-03-23T20:20:27+00:00

Eric Biggers
ebiggers@google.com

2020-03-18T04:10:58+00:00

02ec13d8d96fc16282998f8355074dad53271591

- Mention that a v5.4+ kernel is recommended.

- Mention that policy_version defaults to 1 when unset.

- Emphasize that v2 policies are the recommended solution to the key
  visibility problems, and add some more information.





- Mention that a v5.4+ kernel is recommended.

- Mention that policy_version defaults to 1 when unset.

- Emphasize that v2 policies are the recommended solution to the key
  visibility problems, and add some more information.







README.md: update examples to use v2 policies
2020-03-23T20:20:27+00:00

Eric Biggers
ebiggers@google.com

2020-03-18T04:10:58+00:00

afd82da968e5ea21b396a8ec321e31902c5f68c2

Since on new kernels v1 encryption policies are deprecated in favor of
v2, update the examples to show v2.  This mostly just consists of
updating the output, as the commands are essentially the same with one
notable difference in 'fscrypt lock'.





Since on new kernels v1 encryption policies are deprecated in favor of
v2, update the examples to show v2.  This mostly just consists of
updating the output, as the commands are essentially the same with one
notable difference in 'fscrypt lock'.







Simplify choosing the key description prefix
2020-03-23T20:20:27+00:00

Eric Biggers
ebiggers@google.com

2020-03-18T04:10:58+00:00

ae886a89f541a74255c9a41f7fa504a82ee6413e

There's no real need to allow users to choose the key description prefix
(a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4"
and "f2fs" for compatibility with all kernels both old and new, and on
other filesystems we can just use "fscrypt".  So, let's do that.

Since this removes the point of the "--legacy" option to 'fscrypt setup'
and the "compatibility" field in /etc/fscrypt.conf, remove those too.

Specifically, we start ignoring the "compatibility" in existing config
files and not writing it to new ones.  The corresponding protobuf field
number and name are reserved.  We stop accepting the "--legacy" option
at all, although since it was default true and there was no real reason
for anyone to change it to false, probably no one will notice.  If
anyone does, they should just stop specifying the option.

Note that this change only affects user keyrings and thus only affects
v1 encryption policies, which are deprecated in favor of v2 anyway.





There's no real need to allow users to choose the key description prefix
(a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4"
and "f2fs" for compatibility with all kernels both old and new, and on
other filesystems we can just use "fscrypt".  So, let's do that.

Since this removes the point of the "--legacy" option to 'fscrypt setup'
and the "compatibility" field in /etc/fscrypt.conf, remove those too.

Specifically, we start ignoring the "compatibility" in existing config
files and not writing it to new ones.  The corresponding protobuf field
number and name are reserved.  We stop accepting the "--legacy" option
at all, although since it was default true and there was no real reason
for anyone to change it to false, probably no one will notice.  If
anyone does, they should just stop specifying the option.

Note that this change only affects user keyrings and thus only affects
v1 encryption policies, which are deprecated in favor of v2 anyway.







README.md: improve documentation for PAM configuration (#204)
2020-03-20T04:50:04+00:00

Eric Biggers
ebiggers@google.com

2020-03-20T04:50:04+00:00

b43cb6970da16fea7aa2c073a83891909a2833b1












cmd/fscrypt/setup: don't prompt to create /etc/fscrypt.conf (#190)
2020-01-28T09:57:46+00:00

Eric Biggers
ebiggers@google.com

2020-01-28T09:57:46+00:00

2c57ab18375a8d0b4df9c4b6d9f3692d14edfee7

When 'fscrypt setup' sees that /etc/fscrypt.conf doesn't exist, don't
ask for confirmation before creating it.  Just do it.  This is the
normal use, and there's not a good reason to ask the user to confirm it.




When 'fscrypt setup' sees that /etc/fscrypt.conf doesn't exist, don't
ask for confirmation before creating it.  Just do it.  This is the
normal use, and there's not a good reason to ask the user to confirm it.






Document how to check for kernel config options (#183)
2020-01-23T21:46:18+00:00

ebiggers
ebiggers@google.com

2020-01-23T21:46:18+00:00

45c27d59ee40f3945837ea827f29f6896414157f

Resolves https://github.com/google/fscrypt/issues/181




Resolves https://github.com/google/fscrypt/issues/181