fscrypt.git/cli-tests/t_v1_policy.sh, branch v0.3.6 Go tool for managing Linux filesystem encryption cli-tests: account for protojson whitespace randomization 2022-08-18T06:10:56+00:00 Eric Biggers ebiggers@google.com 2022-08-18T05:15:52+00:00 afad6a1e0521e52dfaffe937ecab2515a76b8134 Annoyingly, for JSON formatting protojson randomly selects a spacing method (one space or two spaces) depending on a hash of some sections of the Go binary, to discourage depending on its output being stable. This breaks some checks in the CLI tests of the contents of fscrypt.conf and the output of 'fscrypt status'. As there doesn't appear to be a straightforward alternative currently, for now just update the tests to take into consideration the possible extra space. 
Annoyingly, for JSON formatting protojson randomly selects a spacing
method (one space or two spaces) depending on a hash of some sections of
the Go binary, to discourage depending on its output being stable.  This
breaks some checks in the CLI tests of the contents of fscrypt.conf and
the output of 'fscrypt status'.  As there doesn't appear to be a
straightforward alternative currently, for now just update the tests to
take into consideration the possible extra space.
cli-tests/t_v1_policy: clean up user keyrings at end of test 2020-06-13T17:06:15+00:00 Eric Biggers ebiggers@google.com 2020-06-13T17:06:15+00:00 c39fc85f8045bb24f773a3eb5dee7738cdc4339f The test user's user keyring is still linked into root's user keyring at the end of the test. This is making the test flaky, as there is a failure that only occurs the first time it is run. Fix the test to restore the initial state. This makes it consistently fail (to be fixed by the next commit). 
The test user's user keyring is still linked into root's user keyring at
the end of the test.  This is making the test flaky, as there is a
failure that only occurs the first time it is run.  Fix the test to
restore the initial state.  This makes it consistently fail (to be fixed
by the next commit).
Try to detect incomplete locking of v1-encrypted directory 2020-05-09T22:16:13+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:17:17+00:00 de51add609bc74b7247ec4776bd694abbea24a45 'fscrypt lock' on a v1-encrypted directory doesn't warn about in-use files, as the kernel doesn't provide a way to easily detect it. Instead, implement a heuristic where we check whether a subdirectory can be created. If yes, then the directory must not be fully locked. Make both 'fscrypt lock' and 'fscrypt status' use this heuristic. Resolves https://github.com/google/fscrypt/issues/215 
'fscrypt lock' on a v1-encrypted directory doesn't warn about in-use
files, as the kernel doesn't provide a way to easily detect it.

Instead, implement a heuristic where we check whether a subdirectory can
be created.  If yes, then the directory must not be fully locked.

Make both 'fscrypt lock' and 'fscrypt status' use this heuristic.

Resolves https://github.com/google/fscrypt/issues/215
cli-tests: add t_v1_policy 2020-05-09T21:04:47+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:04:47+00:00 b13bfeef21c18302dcb31f7fb6d354da9a5a567b Test using v1 encryption policies (deprecated). 
Test using v1 encryption policies (deprecated).