fscrypt.git/cmd/fscrypt/commands.go, branch v0.2.4Go tool for managing Linux filesystem encryption
https://git.hodgden.net/cgit.cgi/fscrypt.git/atom?h=v0.2.42018-02-12T07:56:49Zvet: eliminate unnecessary shadowing2018-02-12T07:56:49ZJoseph Richeyjoerichey94@gmail.com2018-02-12T07:56:49Zurn:sha1:69630f37fcebe894b15872148bd8b2496806b60c
Running "go vet -shadow ./..." finds all places where a variable might
be incorrectly or unnecessarily shadowed. This fixes some of them.
security: Sync filesystem before dropping caches2017-10-02T23:49:16ZJoe Richey joerichey@google.comjoerichey@google.com2017-10-02T23:49:16Zurn:sha1:c6568945adb69a3b7779c0f9e0e1f427d31209abFixes logging string for policies2017-09-07T01:16:03ZJoseph Richeyjoerichey@google.com2017-09-07T01:16:03Zurn:sha1:a949b13dac670014c37c7181e368b9c0c7a7f0f5
We should always log the descriptor not the entire policy structure.cmd/fscrypt: Check that keyrings are setup2017-09-01T07:55:22ZJoseph Richeyjoerichey94@gmail.com2017-09-01T07:55:22Zurn:sha1:079ee257d27e28b166965f1fa0136f694598b6c7
Chaning the --user flag to (optionally) check for a proper keyring setup
allows us to fail early in cases where we need a working keyring.
cmd/fscrypt: Add --user flag for running as root2017-08-31T01:16:16ZJoe Richeyjoerichey@google.com2017-08-31T01:16:16Zurn:sha1:11b31826334bc3faa4d4c7ee05a3b2996a88c969
The --user flag can now be used to have the targe user (the one whose
keyring and password will be used in fscrypt) be different than the
calling user. Very usefull for things like
sudo fscrypt purge /media/joerichey/usb --user=joerichey
which will now have privileges to drop caches, but will properly clear
the keys from the user's keyring.
security: Moved cache dropping function2017-08-22T19:53:26ZJoe Richey joerichey@google.comjoerichey@google.com2017-08-22T19:52:41Zurn:sha1:32c9be59a2485ef44ac4b3accc2f102cf2eb5a39cmd/fscrypt: purge command now clears cache2017-08-18T05:49:44ZJoe Richey joerichey@google.comjoerichey@google.com2017-08-16T01:11:29Zurn:sha1:151e8965fa3a9c8f65e316430f9df0fa763fb02dcmd/fscrypt: Check support before encrypting2017-07-17T20:19:43ZJoe Richey joerichey@google.comjoerichey@google.com2017-07-17T20:19:43Zurn:sha1:d0efe1f27b4229011292c076b923db985bcb6de4
Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.
cmd/fscrypt: fix protector and policy cleanup2017-07-14T18:32:41ZJoe Richey joerichey@google.comjoerichey@google.com2017-07-14T18:32:41Zurn:sha1:9272c344cfcc7f4b153c408d05b57175bb1095cf
Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.
Finalize import paths and documentation2017-06-28T22:15:21ZJoe Richey joerichey@google.comjoerichey@google.com2017-06-28T20:57:55Zurn:sha1:2c52eca8727df744d093703bbcbd87fc39d57d30
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.
Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).
Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280