fscrypt.git/cmd/fscrypt/protector.go, branch sshd-bug-workaround Go tool for managing Linux filesystem encryption cmd/fscrypt: link to guide when interactively creating login protector (#225) 2020-05-14T02:14:13+00:00 Eric Biggers ebiggers@google.com 2020-05-14T02:14:13+00:00 bc9f5e542745f102de70ade555114eb28591fcd1 Update https://github.com/google/fscrypt/issues/220 
Update https://github.com/google/fscrypt/issues/220
 cmd/fscrypt: add FSCRYPT_ROOT_MNT environmental variable 2020-05-09T21:04:47+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:04:47+00:00 8ff53630f1cc90ae23835e9571f9096e211dce67 Allow overriding the mountpoint where login protectors are stored by setting the FSCRYPT_ROOT_MNT environmental variable. The CLI tests need this to avoid touching the real "/". 
Allow overriding the mountpoint where login protectors are stored by
setting the FSCRYPT_ROOT_MNT environmental variable.  The CLI tests need
this to avoid touching the real "/".
cmd/fscrypt: adjust user and keyring validation and preparation 2020-01-05T18:02:13+00:00 Eric Biggers ebiggers@google.com 2019-12-16T03:31:39+00:00 0829eb74863bd279ae012779e52040ecc7f7178e Don't force the user to provide a --user argument when running fscrypt as root if they're doing something where the TargetUser isn't actually needed, such as provisioning/deprovisioning a v1 encryption policy to/from the filesystem keyring, or creating a non-login protector. Also don't set up the user keyring (or check for it being set up) if it won't actually be used. Finally, if we'll be provisioning/deprovisioning a v1 encryption policy to/from the filesystem keyring, make sure the command is running as root, since the kernel requires this. 
Don't force the user to provide a --user argument when running fscrypt
as root if they're doing something where the TargetUser isn't actually
needed, such as provisioning/deprovisioning a v1 encryption policy
to/from the filesystem keyring, or creating a non-login protector.

Also don't set up the user keyring (or check for it being set up) if it
won't actually be used.

Finally, if we'll be provisioning/deprovisioning a v1 encryption policy
to/from the filesystem keyring, make sure the command is running as
root, since the kernel requires this.
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 cmd/fscrypt: Add --user flag for running as root 2017-08-31T01:16:16+00:00 Joe Richey joerichey@google.com 2017-08-31T01:16:16+00:00 11b31826334bc3faa4d4c7ee05a3b2996a88c969 The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring. 
The --user flag can now be used to have the targe user (the one whose
keyring and password will be used in fscrypt) be different than the
calling user. Very usefull for things like

	sudo fscrypt purge /media/joerichey/usb --user=joerichey

which will now have privileges to drop caches, but will properly clear
the keys from the user's keyring.
Finalize import paths and documentation 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-28T20:57:55+00:00 2c52eca8727df744d093703bbcbd87fc39d57d30 This commit changes all the internal import paths from `fscrypt/foo` to `github.com/google/fscrypt/foo` so that it can be built once we release externaly. The documentation in README.md is updated accordingly. Also, the README has a note noting that we do not make any guarantees about project stability before 1.0 (when it ships with Ubuntu). Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280 
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
cmd/fscrypt: setup, encrypt, unlock commands 2017-06-28T22:15:21+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-21T17:21:21+00:00 37c866e1e16a6d2dded11ba93c2e04af3764a139 This commit adds in the framework for adding commands and subcommands to the fscrypt tool. This commit adds in the "setup", "encrypt", and "unlock" commands. Additional information can be found by running: fscrypt <command> --help. This commit defines how flags are parsed and errors are handled. It also creates an extensible framework for prompting the user for information. Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce 
This commit adds in the framework for adding commands and subcommands to
the fscrypt tool. This commit adds in the "setup", "encrypt", and
"unlock" commands. Additional information can be found by running:
    fscrypt <command> --help.

This commit defines how flags are parsed and errors are handled. It also
creates an extensible framework for prompting the user for information.

Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce