fscrypt.git/actions/context_test.go, branch v0.3.4 Go tool for managing Linux filesystem encryption Make 'fscrypt setup' offer a choice of directory modes 2022-02-23T20:35:04+00:00 Eric Biggers ebiggers@google.com 2022-02-23T20:35:04+00:00 6e355131670ad014e45f879475ddf800f0080d41 World-writable directories are not appropriate for some systems, so offer a choice of single-user-writable and world-writable modes, with single-user-writable being the default. Add a new documentation section to help users decide which one to use. 
World-writable directories are not appropriate for some systems, so
offer a choice of single-user-writable and world-writable modes, with
single-user-writable being the default.  Add a new documentation section
to help users decide which one to use.
context_text: remove pre-existing test.conf 2021-12-23T02:36:31+00:00 Eric Biggers ebiggers@google.com 2021-12-23T02:36:28+00:00 f00ddd5823bd0e744746a2b778e0c47f430ecabb This fixes a test failure in the case where test.conf gets left over. 
This fixes a test failure in the case where test.conf gets left over.
Create /etc/fscrypt.conf with policy_version 2 on kernel v5.4+ 2020-03-23T20:20:27+00:00 Eric Biggers ebiggers@google.com 2020-03-18T04:10:58+00:00 ec85cc8f987647c2b264c1f95dadda0f71c3d991 v2 encryption policies are now recommended, due to various security and usability advantages over v1 policies. Many people have been running into the usability problems with v1, so it's desirable to get people onto v2 without having to manually opt-in. Therefore, when 'fscrypt setup' creates /etc/fscrypt.conf, enable policy_version 2 automatically if the kernel supports it. I decided to go with this solution over the policy_version "auto" I suggested originally because this way is simpler, it can still be changed to "auto" later if desired, and "auto" might require changing how we parse the config file (since currently the config file is mapped directly to a protobuf where policy_version is an 'int' and is shared with EncryptionOptions). Resolves https://github.com/google/fscrypt/issues/182 
v2 encryption policies are now recommended, due to various security and
usability advantages over v1 policies.  Many people have been running
into the usability problems with v1, so it's desirable to get people
onto v2 without having to manually opt-in.

Therefore, when 'fscrypt setup' creates /etc/fscrypt.conf, enable
policy_version 2 automatically if the kernel supports it.

I decided to go with this solution over the policy_version "auto" I
suggested originally because this way is simpler, it can still be
changed to "auto" later if desired, and "auto" might require changing
how we parse the config file (since currently the config file is mapped
directly to a protobuf where policy_version is an 'int' and is shared
with EncryptionOptions).

Resolves https://github.com/google/fscrypt/issues/182
Simplify choosing the key description prefix 2020-03-23T20:20:27+00:00 Eric Biggers ebiggers@google.com 2020-03-18T04:10:58+00:00 ae886a89f541a74255c9a41f7fa504a82ee6413e There's no real need to allow users to choose the key description prefix (a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4" and "f2fs" for compatibility with all kernels both old and new, and on other filesystems we can just use "fscrypt". So, let's do that. Since this removes the point of the "--legacy" option to 'fscrypt setup' and the "compatibility" field in /etc/fscrypt.conf, remove those too. Specifically, we start ignoring the "compatibility" in existing config files and not writing it to new ones. The corresponding protobuf field number and name are reserved. We stop accepting the "--legacy" option at all, although since it was default true and there was no real reason for anyone to change it to false, probably no one will notice. If anyone does, they should just stop specifying the option. Note that this change only affects user keyrings and thus only affects v1 encryption policies, which are deprecated in favor of v2 anyway. 
There's no real need to allow users to choose the key description prefix
(a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4"
and "f2fs" for compatibility with all kernels both old and new, and on
other filesystems we can just use "fscrypt".  So, let's do that.

Since this removes the point of the "--legacy" option to 'fscrypt setup'
and the "compatibility" field in /etc/fscrypt.conf, remove those too.

Specifically, we start ignoring the "compatibility" in existing config
files and not writing it to new ones.  The corresponding protobuf field
number and name are reserved.  We stop accepting the "--legacy" option
at all, although since it was default true and there was no real reason
for anyone to change it to false, probably no one will notice.  If
anyone does, they should just stop specifying the option.

Note that this change only affects user keyrings and thus only affects
v1 encryption policies, which are deprecated in favor of v2 anyway.
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 actions: context now hold a target user.User 2017-08-31T01:00:04+00:00 Joe Richey joerichey@google.com 2017-08-31T01:00:04+00:00 dad0a047cefc79cbe664afc07d69db6b8bf123bd This user is used with policies to interface with the keryings and with protectors to indicate which user's login passphrase should be used to protectors of type pam_passphrase. 
This user is used with policies to interface with the keryings and with
protectors to indicate which user's login passphrase should be used to
protectors of type pam_passphrase.
tests: Unit tests and Integration tests work 2017-07-19T04:08:02+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-07-19T04:08:02+00:00 3afdd84a5c0cea217043e9d32ce61e9f6bccf18b Now the testing functions will skip the integration tests if a testing filesystem is not specified. 
Now the testing functions will skip the integration tests if a testing
filesystem is not specified.
Finalize import paths and documentation 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-28T20:57:55+00:00 2c52eca8727df744d093703bbcbd87fc39d57d30 This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280 
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
actions: error handling and API changed 2017-06-28T22:15:15+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-21T17:03:44+00:00 93415b198a3ef427c02893b8fdf036aa75ffe50f This commit changes the error handling for the actions package to use the error handling library github.com/pkg/errors. This means replacing "errors" with "github.com/pkg/errors", reworking some of the error values, and wrapping some errors with additional context. This commit also changes the Protector/Policy API, moving most of the package functionality into Protector or Policy methods. These types are now "locked" when they are queried from the filesystem, and Unlock() must be used to get their corresponding keys. Note that only certain operations will require unlocking the keys. Certain unnecessary functions and methods are also removed. This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile. CPU time is used instead of wall time, and kiB is used instead of kB. Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8 
This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.

This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.

This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.

Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8
actions: Simplify the callback mechanism 2017-06-26T22:40:08+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-01T00:54:35+00:00 defd27f75df3a6eef84ac33adf89b1ce255e738c This commit makes the callbacks for getting keys easier to understand. Functions which need keys now take a KeyFunc callback. This callback contains a ProtectorInfo parameter (basically a read-only version of metadata.ProtectorData) and a boolean which indicates if the call is being retried. The documentation is also updated to say which functions will retry the KeyFunc. For selecting a protector, there is now an OptionFunc callback which takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo along with additional information about a linked filesystem (if applicable). This commit also adds in methods for getting the protector options for a specific filesystem or policy. It also adds a function for getting the policy descriptor for a specific path. Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90 
This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.

For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).

This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.

Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90