fscrypt.git/cmd/fscrypt/commands.go, branch 0.2.1 Go tool for managing Linux filesystem encryption cmd/fscrypt: Check that keyrings are setup 2017-09-01T07:55:22+00:00 Joseph Richey joerichey94@gmail.com 2017-09-01T07:55:22+00:00 079ee257d27e28b166965f1fa0136f694598b6c7 Chaning the --user flag to (optionally) check for a proper keyring setup allows us to fail early in cases where we need a working keyring. 
Chaning the --user flag to (optionally) check for a proper keyring setup
allows us to fail early in cases where we need a working keyring.
cmd/fscrypt: Add --user flag for running as root 2017-08-31T01:16:16+00:00 Joe Richey joerichey@google.com 2017-08-31T01:16:16+00:00 11b31826334bc3faa4d4c7ee05a3b2996a88c969 The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring. 
The --user flag can now be used to have the targe user (the one whose
keyring and password will be used in fscrypt) be different than the
calling user. Very usefull for things like

	sudo fscrypt purge /media/joerichey/usb --user=joerichey

which will now have privileges to drop caches, but will properly clear
the keys from the user's keyring.
security: Moved cache dropping function 2017-08-22T19:53:26+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-08-22T19:52:41+00:00 32c9be59a2485ef44ac4b3accc2f102cf2eb5a39 






cmd/fscrypt: purge command now clears cache
2017-08-18T05:49:44+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-08-16T01:11:29+00:00

151e8965fa3a9c8f65e316430f9df0fa763fb02d












cmd/fscrypt: Check support before encrypting
2017-07-17T20:19:43+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-07-17T20:19:43+00:00

d0efe1f27b4229011292c076b923db985bcb6de4

Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.





Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.







cmd/fscrypt: fix protector and policy cleanup
2017-07-14T18:32:41+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-07-14T18:32:41+00:00

9272c344cfcc7f4b153c408d05b57175bb1095cf

Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.





Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.







Finalize import paths and documentation
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-28T20:57:55+00:00

2c52eca8727df744d093703bbcbd87fc39d57d30

This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280





This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280







cmd/fscrypt: commands to add/remove protectors
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T19:50:11+00:00

6211297a44c81f867ec9ac420672215675bae587

This commit adds in the "fscrypt metadata add-protector-to-policy" and
the "fscrypt metadata remove-protector-from-policy" subcommands. These
commands allow for the creating of policies protected by multiple
protectors.

Change-Id: Id7e6c057448d15757c838a82d487a1b9806f585d





This commit adds in the "fscrypt metadata add-protector-to-policy" and
the "fscrypt metadata remove-protector-from-policy" subcommands. These
commands allow for the creating of policies protected by multiple
protectors.

Change-Id: Id7e6c057448d15757c838a82d487a1b9806f585d







cmd/fscrypt: add metadata command
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T17:27:59+00:00

8392dfe41f76538aec79231855fd9a952963bdf8

This command adds in the "fscrypt metadata" command. This command allows
advanced users to manipulate the metadata directly instead of just
creating a policy or protector as an option when encrypting a directory.

As some of these methods will require certain flags, error handling for
this case is also added. As the change passphrase method must indicate
when a old vs new password is necessary, additional KeyFuncs are added
which add this indicator.

Change-Id: Ibc92872088fae078df3c0eebd4f0cfcb7252d781





This command adds in the "fscrypt metadata" command. This command allows
advanced users to manipulate the metadata directly instead of just
creating a policy or protector as an option when encrypting a directory.

As some of these methods will require certain flags, error handling for
this case is also added. As the change passphrase method must indicate
when a old vs new password is necessary, additional KeyFuncs are added
which add this indicator.

Change-Id: Ibc92872088fae078df3c0eebd4f0cfcb7252d781







cmd/fscrypt: add in status and purge commands
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T17:25:01+00:00

3604132904fcd3ad49945d0930bbf20f1888a00b

This commit adds in the status command, which has 2 functions, allowing
the user to query the state of the entire system or a specific
filesystem.

This commit also adds in the purge command to remove all policy keys
corresponding to a filesystem. This (along with getting the unlock
status for the status commands) uses additional keyctl functionality in
the crypto and actions packages.

Change-Id: Ic8e097b335c044c0b91973eff19753f363f4525d





This commit adds in the status command, which has 2 functions, allowing
the user to query the state of the entire system or a specific
filesystem.

This commit also adds in the purge command to remove all policy keys
corresponding to a filesystem. This (along with getting the unlock
status for the status commands) uses additional keyctl functionality in
the crypto and actions packages.

Change-Id: Ic8e097b335c044c0b91973eff19753f363f4525d