fscrypt.git/cmd/fscrypt, branch v0.3.2 Go tool for managing Linux filesystem encryption cmd/fscrypt: don't load protector in remove-protector-from-policy 2021-12-23T17:44:13+00:00 Eric Biggers ebiggers@google.com 2021-12-23T17:39:08+00:00 6ebd5a54eae2dfb16b66da649e75848fe6030b7f Make remove-protector-from-policy work even if the protector cannot be loaded (for example, due to having been deleted already). Fixes https://github.com/google/fscrypt/issues/258 Fixes https://github.com/google/fscrypt/issues/272 
Make remove-protector-from-policy work even if the protector cannot be
loaded (for example, due to having been deleted already).

Fixes https://github.com/google/fscrypt/issues/258
Fixes https://github.com/google/fscrypt/issues/272
README: write "Linux native filesystem encryption" 2021-12-22T00:03:08+00:00 Eric Biggers ebiggers@google.com 2021-12-22T00:03:08+00:00 d6638ac45f6b6da373f7f724251aef03032915ad "Linux filesystem encryption" sounds too vague. Write "Linux native filesystem encryption" instead. 
"Linux filesystem encryption" sounds too vague.  Write "Linux native
filesystem encryption" instead.
cmd/fscrypt: read key from stdin 2021-11-30T03:35:21+00:00 Dimitry Ishenko dimitry.ishenko@gmail.com 2021-11-30T01:25:56+00:00 38d6cee5930f8109e8ef72a47a8496c875c49280 Fixes #123 
Fixes #123
Adjust recovery passphrase generation 2021-10-05T22:30:30+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:12:39+00:00 7fed63a84963cbd790e86a0e59ff14724bcf33c4 As per the feedback at https://github.com/google/fscrypt/issues/115 where users didn't understand that the recovery passphrase is important, restore the original behavior where recovery passphrase generation happens automatically without a prompt. This applies to the case where 'fscrypt encrypt' is using a login protector on a non-root filesystem. However, leave the --no-recovery option so that the recovery passphrase can still be disabled if the user really wants to. Also, clarify the information provided about the recovery passphrase. Update https://github.com/google/fscrypt/issues/115 
As per the feedback at https://github.com/google/fscrypt/issues/115
where users didn't understand that the recovery passphrase is important,
restore the original behavior where recovery passphrase generation
happens automatically without a prompt.  This applies to the case where
'fscrypt encrypt' is using a login protector on a non-root filesystem.

However, leave the --no-recovery option so that the recovery passphrase
can still be disabled if the user really wants to.  Also, clarify the
information provided about the recovery passphrase.

Update https://github.com/google/fscrypt/issues/115
cmd/fscrypt: recognize no-key names containing hyphen 2021-09-14T22:41:35+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:37:46+00:00 92b1e9a8670ccd3916a7d24a06cab1e4c9815bc4 In Linux 5.15, the no-key name format is changing again; see https://git.kernel.org/linus/ba47b515f5940603. isPossibleNoKeyName() sometimes doesn't recognize the new no-key names. Update it accordingly to recognize all possible no-key names. Note: isPossibleNoKeyName() is only used as a heuristic to check whether a v1-encrypted directory is incompletely locked or not. Therefore, it's not too important whether it works. However, this change is needed for cli-tests/t_v1_policy to pass. 
In Linux 5.15, the no-key name format is changing again; see
https://git.kernel.org/linus/ba47b515f5940603.  isPossibleNoKeyName()
sometimes doesn't recognize the new no-key names.  Update it accordingly
to recognize all possible no-key names.

Note: isPossibleNoKeyName() is only used as a heuristic to check whether
a v1-encrypted directory is incompletely locked or not.  Therefore, it's
not too important whether it works.  However, this change is needed for
cli-tests/t_v1_policy to pass.
cmd/fscrypt: fix detection of GRUB installation 2021-06-27T22:00:51+00:00 Eric Biggers ebiggers@google.com 2021-06-27T20:13:10+00:00 e248d2a99aff5bef7611ac0596b0aa2d1eda6629 Fix the GRUB detection logic to take into account that MOUNTPOINT/boot/grub might not be on the same filesystem as MOUNTPOINT, due to MOUNTPOINT/boot being another mountpoint. The warning is only appropriate when GRUB is installed on the same filesystem that encryption is going to be enabled on. 
Fix the GRUB detection logic to take into account that
MOUNTPOINT/boot/grub might not be on the same filesystem as MOUNTPOINT,
due to MOUNTPOINT/boot being another mountpoint.  The warning is only
appropriate when GRUB is installed on the same filesystem that
encryption is going to be enabled on.
cmd/fscrypt: fix word mismatch "protector" => "policy" 2021-04-27T19:16:36+00:00 Gibeom Gwon gb.gwon@stackframe.dev 2021-04-27T10:49:01+00:00 79795229bba45f6f58b8e0496a9a9e098f1c22aa Fix word mismatch in usage and description of metadata create policy command. 
Fix word mismatch in usage and description of metadata create policy
command.
cmd/fscrypt: use golang.org/x/term 2021-04-22T19:27:31+00:00 Tobias Klauser tklauser@distanz.ch 2021-04-22T11:53:56+00:00 db79840bc68f803c23477e7c093e3cff2a7633ba The golang.org/x/crypto/ssh/terminal package is deprecated and merely a wrapper around golang.org/x/term. Thus, use the latter directly. 
The golang.org/x/crypto/ssh/terminal package is deprecated and merely a
wrapper around golang.org/x/term. Thus, use the latter directly.
cmd/fscrypt: fix missing protector error format 2021-01-19T18:18:02+00:00 Alastair Hughes hobbitalastair@gmail.com 2021-01-15T10:08:54+00:00 99ef2db47957ed986c945574e6133abab8d76d45 Update #272 
Update #272
bash-completion: add completion script 2020-11-30T21:49:06+00:00 Henry-Joseph Audéoud henry-joseph.audeoud@univ-grenoble-alpes.fr 2020-10-30T10:41:52+00:00 b74cd30fd7b0ebf30ef570f7bfa78dfcd62d80d5