fscrypt.git/cmd/fscrypt/errors.go, branch v0.3.4 Go tool for managing Linux filesystem encryption Remove unnecessary uses of fmt.Sprintf() 2022-04-08T23:25:01+00:00 Eric Biggers ebiggers@google.com 2022-04-08T23:15:22+00:00 1f4543a97a862c4caf17eb69e0a21eb2ebb7de18 The latest version of 'staticcheck' warns about these. 
The latest version of 'staticcheck' warns about these.
Make 'fscrypt setup' offer a choice of directory modes 2022-02-23T20:35:04+00:00 Eric Biggers ebiggers@google.com 2022-02-23T20:35:04+00:00 6e355131670ad014e45f879475ddf800f0080d41 World-writable directories are not appropriate for some systems, so offer a choice of single-user-writable and world-writable modes, with single-user-writable being the default. Add a new documentation section to help users decide which one to use. 
World-writable directories are not appropriate for some systems, so
offer a choice of single-user-writable and world-writable modes, with
single-user-writable being the default.  Add a new documentation section
to help users decide which one to use.
cmd/fscrypt: fix detection of GRUB installation 2021-06-27T22:00:51+00:00 Eric Biggers ebiggers@google.com 2021-06-27T20:13:10+00:00 e248d2a99aff5bef7611ac0596b0aa2d1eda6629 Fix the GRUB detection logic to take into account that MOUNTPOINT/boot/grub might not be on the same filesystem as MOUNTPOINT, due to MOUNTPOINT/boot being another mountpoint. The warning is only appropriate when GRUB is installed on the same filesystem that encryption is going to be enabled on. 
Fix the GRUB detection logic to take into account that
MOUNTPOINT/boot/grub might not be on the same filesystem as MOUNTPOINT,
due to MOUNTPOINT/boot being another mountpoint.  The warning is only
appropriate when GRUB is installed on the same filesystem that
encryption is going to be enabled on.
cmd/fscrypt: fix 32-bit build 2020-06-03T00:50:30+00:00 Eric Biggers ebiggers@google.com 2020-06-03T00:17:54+00:00 3b075f2fda880256b3d9de2e6197a224adc0a39f statfs.Bsize actually has platform-dependent type, despite the Go documentation listing it as int64. Fix the build for 32-bit platforms by casting it to int64. Resolves https://github.com/google/fscrypt/issues/233 
statfs.Bsize actually has platform-dependent type, despite the Go
documentation listing it as int64.  Fix the build for 32-bit platforms
by casting it to int64.

Resolves https://github.com/google/fscrypt/issues/233
cmd/fscrypt: fix up path formatting in ErrDirNotEmpty suggestion (#229) 2020-05-15T02:48:23+00:00 Eric Biggers ebiggers@google.com 2020-05-15T02:48:23+00:00 636698bb79ab182b72f7da6172fa3fd7ffd58e3c Use %q, in case the paths contain whitespace. Also clean the directory path to remove trailing slashes before appending the ".new" suffix. 
Use %q, in case the paths contain whitespace.  Also clean the directory
path to remove trailing slashes before appending the ".new" suffix.
 cmd/fscrypt: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 181600d6327ed34a3f62eda0dd03a6d2ae49e5f9 In checkEncryptable(), check whether the directory is already encrypted before checking whether it's empty. Also improve the error message for when a directory is nonempty. Finally, translate keyring.ErrKeyAddedByOtherUsers and keyring.ErrKeyFilesOpen into errors which include the directory. 
In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.

Also improve the error message for when a directory is nonempty.

Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.
cmd/fscrypt: remove ErrMaxPassphrase 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 197eb371697aff066947372d10732387454fd88a This isn't actually a valid error since crypto.NewKeyFromReader() handles re-allocating the buffer to a larger size if it fills up. 
This isn't actually a valid error since crypto.NewKeyFromReader()
handles re-allocating the buffer to a larger size if it fills up.
filesystem: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 66fb4c557644ba2c37951a7568c06c47a6c718a7 Introduce filesystem.ErrEncryptionNotEnabled and filesystem.ErrEncryptionNotSupported which include the Mount as context, and translate the corresponding metadata/ errors into them. Then make these errors show much better suggestions. Also replace lots of other filesystem/ errors with either custom types or with unnamed one-off errors that include more context. Fix backwards wrapping in lots of cases. Finally, don't include the mountpoint in places where it's not useful, like OS-level errors that already include the path. 
Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them.  Then make
these errors show much better suggestions.

Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context.  Fix backwards
wrapping in lots of cases.

Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.
metadata: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 fbc161a77962fe64e3caad80efb535d28d8c1f74 ErrBadOwners: Rename to ErrDirectoryNotOwned for clarity, move it from cmd/fscrypt/ to metadata/ where it better belongs, and improve the message. ErrEncrypted: Rename to ErrAlreadyEncrypted for clarity, and include the path. ErrNotEncrypted: Include the path. ErrBadEncryptionOptions: Include the path and bad options. ErrEncryptionNotSupported: ErrEncryptionNotEnabled: Don't wrap with "get encryption policy %s", in preparation for wrapping these with filesystem-level context instead. Also avoid mixing together the error handling for the "get policy" and "set policy" ioctls. Make it very clear how we're handling the errors from each ioctl. 
ErrBadOwners:
	Rename to ErrDirectoryNotOwned for clarity, move it from
	cmd/fscrypt/ to metadata/ where it better belongs, and improve
	the message.

ErrEncrypted:
	Rename to ErrAlreadyEncrypted for clarity, and include the path.

ErrNotEncrypted:
	Include the path.

ErrBadEncryptionOptions:
	Include the path and bad options.

ErrEncryptionNotSupported:
ErrEncryptionNotEnabled:
	Don't wrap with "get encryption policy %s", in preparation for
	wrapping these with filesystem-level context instead.

Also avoid mixing together the error handling for the "get policy" and
"set policy" ioctls.  Make it very clear how we're handling the errors
from each ioctl.
keyring: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 fb88d74f0335cdf8218bb8dfbaa03f23773318cf ErrAccessUserKeyring: Include the user, and fix the backwards wrapping. ErrSessionUserKeyring: Include the user. ErrKeyAdd: ErrKeyRemove: ErrKeySearch: ErrLinkUserKeyring: Replace these with one-off unnamed errors because they are never checked for, and this makes it easier for the callers to provide better messages, e.g. fixing the backwards wrapping. 
ErrAccessUserKeyring:
	Include the user, and fix the backwards wrapping.

ErrSessionUserKeyring:
	Include the user.

ErrKeyAdd:
ErrKeyRemove:
ErrKeySearch:
ErrLinkUserKeyring:
	Replace these with one-off unnamed errors because they are
	never checked for, and this makes it easier for the callers to
	provide better messages, e.g. fixing the backwards wrapping.