fscrypt.git/cmd/fscrypt/format.go, branch v0.3.4 Go tool for managing Linux filesystem encryption Adjust recovery passphrase generation 2021-10-05T22:30:30+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:12:39+00:00 7fed63a84963cbd790e86a0e59ff14724bcf33c4 As per the feedback at https://github.com/google/fscrypt/issues/115 where users didn't understand that the recovery passphrase is important, restore the original behavior where recovery passphrase generation happens automatically without a prompt. This applies to the case where 'fscrypt encrypt' is using a login protector on a non-root filesystem. However, leave the --no-recovery option so that the recovery passphrase can still be disabled if the user really wants to. Also, clarify the information provided about the recovery passphrase. Update https://github.com/google/fscrypt/issues/115 
As per the feedback at https://github.com/google/fscrypt/issues/115
where users didn't understand that the recovery passphrase is important,
restore the original behavior where recovery passphrase generation
happens automatically without a prompt.  This applies to the case where
'fscrypt encrypt' is using a login protector on a non-root filesystem.

However, leave the --no-recovery option so that the recovery passphrase
can still be disabled if the user really wants to.  Also, clarify the
information provided about the recovery passphrase.

Update https://github.com/google/fscrypt/issues/115
cmd/fscrypt: use golang.org/x/term 2021-04-22T19:27:31+00:00 Tobias Klauser tklauser@distanz.ch 2021-04-22T11:53:56+00:00 db79840bc68f803c23477e7c093e3cff2a7633ba The golang.org/x/crypto/ssh/terminal package is deprecated and merely a wrapper around golang.org/x/term. Thus, use the latter directly. 
The golang.org/x/crypto/ssh/terminal package is deprecated and merely a
wrapper around golang.org/x/term. Thus, use the latter directly.
cmd/fscrypt: make wrapText() support code blocks 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:06+00:00 1a47ab1e565f7052e34b0677a1df6789e6ecf3a9 Allow the input text to contain "code blocks" denoted by lines beginning with ">", e.g.: Foo bar baz: > echo foo > echo bar Instead of squashing these lines together, preserve the line breaks between them and add indentation, e.g.: Foo bar baz: echo foo echo bar 
Allow the input text to contain "code blocks" denoted by lines beginning
with ">", e.g.:

    Foo bar baz:

    > echo foo
    > echo bar

Instead of squashing these lines together, preserve the line breaks
between them and add indentation, e.g.:

    Foo bar baz:

        echo foo
        echo bar
Simplify choosing the key description prefix 2020-03-23T20:20:27+00:00 Eric Biggers ebiggers@google.com 2020-03-18T04:10:58+00:00 ae886a89f541a74255c9a41f7fa504a82ee6413e There's no real need to allow users to choose the key description prefix (a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4" and "f2fs" for compatibility with all kernels both old and new, and on other filesystems we can just use "fscrypt". So, let's do that. Since this removes the point of the "--legacy" option to 'fscrypt setup' and the "compatibility" field in /etc/fscrypt.conf, remove those too. Specifically, we start ignoring the "compatibility" in existing config files and not writing it to new ones. The corresponding protobuf field number and name are reserved. We stop accepting the "--legacy" option at all, although since it was default true and there was no real reason for anyone to change it to false, probably no one will notice. If anyone does, they should just stop specifying the option. Note that this change only affects user keyrings and thus only affects v1 encryption policies, which are deprecated in favor of v2 anyway. 
There's no real need to allow users to choose the key description prefix
(a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4"
and "f2fs" for compatibility with all kernels both old and new, and on
other filesystems we can just use "fscrypt".  So, let's do that.

Since this removes the point of the "--legacy" option to 'fscrypt setup'
and the "compatibility" field in /etc/fscrypt.conf, remove those too.

Specifically, we start ignoring the "compatibility" in existing config
files and not writing it to new ones.  The corresponding protobuf field
number and name are reserved.  We stop accepting the "--legacy" option
at all, although since it was default true and there was no real reason
for anyone to change it to false, probably no one will notice.  If
anyone does, they should just stop specifying the option.

Note that this change only affects user keyrings and thus only affects
v1 encryption policies, which are deprecated in favor of v2 anyway.
cmd/fscrypt: preserve paragraphs in wrapText() 2019-11-27T19:55:28+00:00 Eric Biggers ebiggers@google.com 2019-11-27T19:55:28+00:00 e7d77aba6d717f995e65c74b5b85412bb13a28b0 Preserve empty lines rather than squashing them into a single space. This allows having command descriptions that contain multiple paragraphs. This also eliminates the need to have a special case for ordered lists. 
Preserve empty lines rather than squashing them into a single space.
This allows having command descriptions that contain multiple
paragraphs.  This also eliminates the need to have a special case for
ordered lists.
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 Finalize import paths and documentation 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-28T20:57:55+00:00 2c52eca8727df744d093703bbcbd87fc39d57d30 This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280 
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
cmd/fscrypt: setup, encrypt, unlock commands 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-21T17:21:21+00:00 37c866e1e16a6d2dded11ba93c2e04af3764a139 This commit adds in the framework for adding commands and subcommands to the fscrypt tool. This commit adds in the "setup", "encrypt", and "unlock" commands. Additional information can be found by running: fscrypt <command> --help. This commit defines how flags are parsed and errors are handled. It also creates an extensible framework for prompting the user for information. Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce 
This commit adds in the framework for adding commands and subcommands to
the fscrypt tool. This commit adds in the "setup", "encrypt", and
"unlock" commands. Additional information can be found by running:
    fscrypt <command> --help.

This commit defines how flags are parsed and errors are handled. It also
creates an extensible framework for prompting the user for information.

Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce