fscrypt.git/cmd/fscrypt/commands.go, branch v0.3.6 Go tool for managing Linux filesystem encryption Fix non-constant format string passed to errors.Wrapf() 2025-02-17T22:47:54+00:00 Eric Biggers ebiggers@google.com 2025-02-17T22:41:29+00:00 57a749b308a07e26452a794533b4854d70212499 Do not pass a path as the format string argument to errors.Wrapf(), as this causes it to be misinterpreted as a format string, causing an unexpected message if the path contains something like '%s'. Instead use errors.Wrap(). This was diagnosed by Go 1.24. Fixes https://github.com/google/fscrypt/issues/422 
Do not pass a path as the format string argument to errors.Wrapf(), as
this causes it to be misinterpreted as a format string, causing an
unexpected message if the path contains something like '%s'.  Instead
use errors.Wrap().  This was diagnosed by Go 1.24.

Fixes https://github.com/google/fscrypt/issues/422
Make 'fscrypt setup' offer a choice of directory modes 2022-02-23T20:35:04+00:00 Eric Biggers ebiggers@google.com 2022-02-23T20:35:04+00:00 6e355131670ad014e45f879475ddf800f0080d41 World-writable directories are not appropriate for some systems, so offer a choice of single-user-writable and world-writable modes, with single-user-writable being the default. Add a new documentation section to help users decide which one to use. 
World-writable directories are not appropriate for some systems, so
offer a choice of single-user-writable and world-writable modes, with
single-user-writable being the default.  Add a new documentation section
to help users decide which one to use.
cmd/fscrypt: don't load protector in remove-protector-from-policy 2021-12-23T17:44:13+00:00 Eric Biggers ebiggers@google.com 2021-12-23T17:39:08+00:00 6ebd5a54eae2dfb16b66da649e75848fe6030b7f Make remove-protector-from-policy work even if the protector cannot be loaded (for example, due to having been deleted already). Fixes https://github.com/google/fscrypt/issues/258 Fixes https://github.com/google/fscrypt/issues/272 
Make remove-protector-from-policy work even if the protector cannot be
loaded (for example, due to having been deleted already).

Fixes https://github.com/google/fscrypt/issues/258
Fixes https://github.com/google/fscrypt/issues/272
Adjust recovery passphrase generation 2021-10-05T22:30:30+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:12:39+00:00 7fed63a84963cbd790e86a0e59ff14724bcf33c4 As per the feedback at https://github.com/google/fscrypt/issues/115 where users didn't understand that the recovery passphrase is important, restore the original behavior where recovery passphrase generation happens automatically without a prompt. This applies to the case where 'fscrypt encrypt' is using a login protector on a non-root filesystem. However, leave the --no-recovery option so that the recovery passphrase can still be disabled if the user really wants to. Also, clarify the information provided about the recovery passphrase. Update https://github.com/google/fscrypt/issues/115 
As per the feedback at https://github.com/google/fscrypt/issues/115
where users didn't understand that the recovery passphrase is important,
restore the original behavior where recovery passphrase generation
happens automatically without a prompt.  This applies to the case where
'fscrypt encrypt' is using a login protector on a non-root filesystem.

However, leave the --no-recovery option so that the recovery passphrase
can still be disabled if the user really wants to.  Also, clarify the
information provided about the recovery passphrase.

Update https://github.com/google/fscrypt/issues/115
cmd/fscrypt: recognize no-key names containing hyphen 2021-09-14T22:41:35+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:37:46+00:00 92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4 In Linux 5.15, the no-key name format is changing again; see https://git.kernel.org/linus/ba47b515f5940603. isPossibleNoKeyName() sometimes doesn't recognize the new no-key names. Update it accordingly to recognize all possible no-key names. Note: isPossibleNoKeyName() is only used as a heuristic to check whether a v1-encrypted directory is incompletely locked or not. Therefore, it's not too important whether it works. However, this change is needed for cli-tests/t_v1_policy to pass. 
In Linux 5.15, the no-key name format is changing again; see
https://git.kernel.org/linus/ba47b515f5940603.  isPossibleNoKeyName()
sometimes doesn't recognize the new no-key names.  Update it accordingly
to recognize all possible no-key names.

Note: isPossibleNoKeyName() is only used as a heuristic to check whether
a v1-encrypted directory is incompletely locked or not.  Therefore, it's
not too important whether it works.  However, this change is needed for
cli-tests/t_v1_policy to pass.
cmd/fscrypt: fix word mismatch "protector" => "policy" 2021-04-27T19:16:36+00:00 Gibeom Gwon gb.gwon@stackframe.dev 2021-04-27T10:49:01+00:00 79795229bba45f6f58b8e0496a9a9e098f1c22aa Fix word mismatch in usage and description of metadata create policy command. 
Fix word mismatch in usage and description of metadata create policy
command.
cmd/fscrypt: fix isDirUnlockedHeuristic() on latest kernels 2020-11-07T22:49:02+00:00 Eric Biggers ebiggers@google.com 2020-11-07T22:20:45+00:00 b68d603854bb38f59e77963d61ca25d92b945589 On an "incompletely locked" directory, isDirUnlockedHeuristic() is supposed to return true, but on Linux v5.10-rc1 and later it returns false since now creating a subdirectory fails rather than succeeds. This change was intentional, so make isDirUnlockedHeuristic() apply a second heuristic too: also return true if any filenames in the directory don't appear to be valid no-key names. This fixes cli-tests/t_v1_encrypt on Linux v5.10-rc1 and later. 
On an "incompletely locked" directory, isDirUnlockedHeuristic() is
supposed to return true, but on Linux v5.10-rc1 and later it returns
false since now creating a subdirectory fails rather than succeeds.
This change was intentional, so make isDirUnlockedHeuristic() apply a
second heuristic too: also return true if any filenames in the directory
don't appear to be valid no-key names.

This fixes cli-tests/t_v1_encrypt on Linux v5.10-rc1 and later.
Fix nil error issue, Resolves https://github.com/google/fscrypt/issues/242 2020-08-09T16:15:24+00:00 bitcodr bitcodr@gmail.com 2020-08-07T05:34:34+00:00 5e85ae0d4e695b2d54c97cbb15e51ae4adb646a2 






cmd/fscrypt: improve errors
2020-05-09T22:21:31+00:00

Eric Biggers
ebiggers@google.com

2020-05-09T21:52:07+00:00

181600d6327ed34a3f62eda0dd03a6d2ae49e5f9

In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.

Also improve the error message for when a directory is nonempty.

Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.





In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.

Also improve the error message for when a directory is nonempty.

Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.







filesystem: improve errors
2020-05-09T22:21:31+00:00

Eric Biggers
ebiggers@google.com

2020-05-09T21:52:07+00:00

66fb4c557644ba2c37951a7568c06c47a6c718a7

Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them.  Then make
these errors show much better suggestions.

Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context.  Fix backwards
wrapping in lots of cases.

Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.





Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them.  Then make
these errors show much better suggestions.

Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context.  Fix backwards
wrapping in lots of cases.

Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.