fscrypt.git/filesystem/filesystem.go, branch v0.2.5 Go tool for managing Linux filesystem encryption writeDataAtomic() fixes (#140) 2019-09-09T20:41:32+00:00 ebiggers ebiggers@google.com 2019-09-09T20:41:32+00:00 237308a671bd2bbea2059bea9e75cb1272edbdbf * filesystem: ensure data is persisted before returning success Sync the temporary file before renaming it, to ensure that after a crash, the destination file isn't zero-length or otherwise incomplete. Also sync the directory after the rename, to ensure the rename has been persisted before returning success. * filesystem: don't use fixed temporary file name Using a fixed temporary file name in a world-writable sticky directory is problematic since another user can create the file first. Use ioutil.TempFile() to do it properly. It uses O_EXCL under the hood to ensure the file is newly created. 
* filesystem: ensure data is persisted before returning success

Sync the temporary file before renaming it, to ensure that after a
crash, the destination file isn't zero-length or otherwise incomplete.

Also sync the directory after the rename, to ensure the rename has been
persisted before returning success.

* filesystem: don't use fixed temporary file name

Using a fixed temporary file name in a world-writable sticky directory
is problematic since another user can create the file first.

Use ioutil.TempFile() to do it properly.  It uses O_EXCL under the hood
to ensure the file is newly created.
Fix various typos and grammatical errors (#141) 2019-09-09T02:46:59+00:00 ebiggers ebiggers@google.com 2019-09-09T02:46:59+00:00 6445dad7d66fa6a1867090fcd9602c98863649f6 These were found by a combination of manual review and a custom script that checks for common errors. Also removed an outdated sentence from the comment for setupBefore(). 
These were found by a combination of manual review and a custom script
that checks for common errors.

Also removed an outdated sentence from the comment for setupBefore().
 filesystem: libblkid -> search /dev/disk/by-uuid 2017-08-31T21:05:29+00:00 Joe Richey joerichey@google.com 2017-08-31T21:05:29+00:00 0fcb6601ca66b9e4c2349392663fe9baa30dbbc7 






filesystem: Distinguish support and setup for fs
2017-07-17T20:16:03+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-07-17T20:16:03+00:00

8136a700fa6c3efb7a469e45d846e9db4ec9b4e2

This commit splits two pieces of functionality. Detecting if the fscrypt
metadata exists is now in CheckSetup() and checking if the filesystem
supports encryption is now in CheckSupport().





This commit splits two pieces of functionality. Detecting if the fscrypt
metadata exists is now in CheckSetup() and checking if the filesystem
supports encryption is now in CheckSupport().







Finalize import paths and documentation
2017-06-28T22:15:21+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-28T20:57:55+00:00

2c52eca8727df744d093703bbcbd87fc39d57d30

This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280





This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.

Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).

Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280







Change error handling to new package
2017-06-28T21:06:52+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-21T16:52:40+00:00

77b226a90ef70b77ca556830528c013a23b01e57

This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.

This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
	* filesystem.AllFilesystems() now returns all the filesystems in
	  sorted order
	* certain path methods are now public

O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.

Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0





This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.

This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
	* filesystem.AllFilesystems() now returns all the filesystems in
	  sorted order
	* certain path methods are now public

O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.

Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0







filesystem: change support detection and bug-fixes
2017-06-16T05:32:35+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-06-01T00:52:15+00:00

67879f7a69e2040f2266d81ba239324534e24405

Instead of checking if the filesystem type is correct, we now detect if
a filesystem supports encryption by trying to read a policy on its root
directory. The error returned tells us if there is support or not.

This commit also fixes a bug in the use libblkid. Throughout all of
fscrypt, cannonicalizePath() is used before any path comparison or
lookup. However, the canonical device path in the blkid cache may differ
from our idea of a canonical path. Additional blkid functions are needed
to perform the necessary translation. This is noted in the documentation
of makeLink().

Finally, this commit makes a few API changes. AllSupporedFilesystems()
now returns an error, and a GetProtector() method now replaces the
GetLinkedProtector() and GetEitherProtector() methods. A PathSorter has
also been added so Mounts can be sorted in a reliable order.

Change-Id: I664f46fafd1483ebecb743c061b03d708b3233a4





Instead of checking if the filesystem type is correct, we now detect if
a filesystem supports encryption by trying to read a policy on its root
directory. The error returned tells us if there is support or not.

This commit also fixes a bug in the use libblkid. Throughout all of
fscrypt, cannonicalizePath() is used before any path comparison or
lookup. However, the canonical device path in the blkid cache may differ
from our idea of a canonical path. Additional blkid functions are needed
to perform the necessary translation. This is noted in the documentation
of makeLink().

Finally, this commit makes a few API changes. AllSupporedFilesystems()
now returns an error, and a GetProtector() method now replaces the
GetLinkedProtector() and GetEitherProtector() methods. A PathSorter has
also been added so Mounts can be sorted in a reliable order.

Change-Id: I664f46fafd1483ebecb743c061b03d708b3233a4







filesystem: creating the directories and files
2017-05-31T19:40:13+00:00

Joe Richey joerichey@google.com
joerichey@google.com

2017-05-24T01:45:58+00:00

f4f4f606718497a2f660cdb737b812e035f55311

This commit adds in the filesystem subpackage. The goal of this package
is to provide and interface for adding to and removing from the metadata
storage for a given filesystem. This is primarily done in filesystem.go.
To facilitate this functionality, mountpoint.go exposes an interface for
querying the system about the current mounted filesystems and their
information. Note that this operation is done with a lazy loading
mechanism.

To refer to other filesystems, we use link files that can be parsed by
libblkid. The README is also updated to account for this new dependancy.

This package uses the FSError type under the hood so that error messages
will include the filesystem name, but callers can still check for
specific error instances.

Change-Id: I74fe4e84b8e3a5b73f1337c35307ffe0bf7cdea9





This commit adds in the filesystem subpackage. The goal of this package
is to provide and interface for adding to and removing from the metadata
storage for a given filesystem. This is primarily done in filesystem.go.
To facilitate this functionality, mountpoint.go exposes an interface for
querying the system about the current mounted filesystems and their
information. Note that this operation is done with a lazy loading
mechanism.

To refer to other filesystems, we use link files that can be parsed by
libblkid. The README is also updated to account for this new dependancy.

This package uses the FSError type under the hood so that error messages
will include the filesystem name, but callers can still check for
specific error instances.

Change-Id: I74fe4e84b8e3a5b73f1337c35307ffe0bf7cdea9