Merge pull request #23 from google/fix

travis CI: Test config file

12 files changed, 295 insertions, 171 deletions

diff --git a/.gitignore b/.gitignore
index 01f4f15..2491d40 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 /fscrypt
-fscrypt.*
+fscrypt_image
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..2a186aa
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,24 @@
+language: go
+sudo: required
+go:
+  - 1.8.x
+dist: trusty
+
+addons:
+  apt:
+    sources:
+      - sourceline: 'deb http://en.archive.ubuntu.com/ubuntu/ artful main universe'
+    packages:
+      - libargon2-0-dev
+      - libblkid-dev
+      - libpam0g-dev
+      - e2fsprogs
+      - protobuf-compiler
+      - git # Needed to stop git from getting deleted
+
+install:
+  - make go-tools
+  - make test-setup
+
+script:
+  - make check
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1f69c12..45c5487 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -22,33 +22,82 @@ use GitHub pull requests for this purpose. Consult
 [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
 information on using pull requests.
 
-## Before you submit a pull request
-
-If you are making changes to the `fscrypt` component, you will need to have
-[govendor](https://github.com/kardianos/govendor) installed, and you will want
-to use the following additional commands:
-*   `make update` - Updates the dependencies in the `vendor/` directory and
-    updates the `VENDOR_LICENSES` file.
-*   `make go` - Generates, builds, and tests all the Go code. Requires
-    [protoc (v3.0 or later)](https://github.com/google/protobuf/releases) and
-    [protoc-gen-go](https://github.com/golang/protobuf).
-*   `make format` - Formats all of the go code.
-*   `make lint` - Checks the code for style errors. Requires
-    [`golint`](https://github.com/golang/lint).
-*   `make all` - Runs the above commands and builds `fscrypt`.
-
-These commands should be run before submitting a pull request.
-
-Make sure that `$GOPATH/bin` is in you `$PATH`. All the above dependencies can
-be installed with:
-``` bash
-# Grab the latest version of protoc from github.com/google/protobuf/releases
-> curl -L <download_link_for_your_architecture> > protoc.zip
-> unzip protoc.zip -d protoc
-> sudo mv protoc/bin/protoc /usr/local/bin/
-> rm -rf protoc.zip protoc/
-# Grab the go packages in the standard manner
-> go get -u github.com/golang/protobuf/protoc-gen-go
-> go get -u github.com/kardianos/govendor
-> go get -u github.com/golang/lint/golint
+## Working on fscrypt
+
+On every pull request, [Travis CI](https://travis-ci.org/google/fscrypt) runs
+unit tests, integration tests, code formatters, and linters. You can also run
+these commands when writing your code.
+
+### Building and Testing
+
+As mentioned in `README.md`, running `make` will build the fscrypt executable.
+Running `make go` will build each package and run the tests, but just running
+`make go` with nothing else will skip the integration tests.
+
+To run the integration tests, you will need a filesystem that supports
+encryption. If you already have some empty filesystem at `/foo/bar`, just run:
+```bash
+make go MOUNT=/foo/bar
 ```
+
+Otherwise, you can use the `make test-setup` and `make test-teardown` commands
+to create a fake filesystem for testing. Note that the commands require `sudo`,
+and the `make test-setup` command requires `e2fsprogs` version 1.43 or later.
+For example:
+```bash
+make test-setup
+make go
+make test-teardown
+```
+
+### Formatting and Linting
+
+The `make format` command formats all the code in fscrypt with either `gofmt`
+(for Go code) or [`clang-format`](https://clang.llvm.org/docs/ClangFormat.html)
+(for C code). `gofmt` comes with any Go distribution, and `clang-format` can be
+installed with your package manager.
+
+The `make lint` command runs a series of static analysis checks on your code.
+This requires the
+[megacheck](https://github.com/dominikh/go-tools/tree/master/cmd/megacheck) and
+[golint](https://github.com/golang/lint) tools.
+
+### Changing proto files
+
+If you make any changes to files ending in `.proto`, the corresponding `.pb.go`
+files have to be regenerated with `make gen`. This requires version 3.0.0 or
+later of `protoc` the
+[protobuf compiler](https://github.com/google/protobuf) and
+[protoc-gen-go](https://github.com/golang/protobuf).
+
+### Changing dependencies
+
+fscrypt vendors all of it's Go dependencies. If you add or remove a dependency
+on an external Go package, be sure to run `make update` to resync the `vendor/`
+directory. This requires [govendor](https://github.com/kardianos/govendor).
+
+Also, if adding in an external Go package, be sure that he license of the
+package is compatible with the
+[Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). See the
+[FSF's article](https://www.gnu.org/licenses/license-list.html) for more
+information. This (unfortunately) means we cannot use external packages under
+the [GPL](https://choosealicense.com/licenses/gpl-3.0) or
+[LGPL](https://choosealicense.com/licenses/lgpl-3.0/). We also cannot use
+packages with missing or joke licenses (see [Unlicense](http://unlicense.org/), 
+[WTFPL](http://www.wtfpl.net/), or
+[CC0](https://creativecommons.org/publicdomain/zero/1.0/)).
+
+### Putting it all together
+
+Run `make go-tools` to install all the Go tools mentioned above (make sure that
+`$GOPATH/bin` is in you `$PATH`). Install `protoc` and `clang-format` with your
+system's package manager. In the case of `protoc`, your system's version might
+be older than v3.0.0. In that case, just get the build
+[directly from GitHub](https://github.com/google/protobuf/releases/latest).
+
+After installing everything, running `make all` will run all the commands
+mentioned above. As with `make test`, you can run the integration tests by
+either using `make all MOUNT=/path/to/my/filesystem` or using the
+`make test-setup` and `make test-teardown` commands.
+
+`make all` should always be run before submitting a pull request.
diff --git a/Makefile b/Makefile
index 5adec6e..e2f0bd9 100644
--- a/Makefile
+++ b/Makefile
@@ -24,9 +24,24 @@ CMD_PKG = github.com/google/$(NAME)/cmd/$(NAME)
 
 SRC_FILES = $(shell find . -type f -name '*.go' -o -name "*.h" -o -name "*.c")
 GO_FILES = $(shell find . -type f -name '*.go' -not -path "./vendor/*")
+PROTO_FILES = $(shell find . -type f -name '*.proto' -not -path "./vendor/*")
 C_FILES = $(shell find . -type f -name "*.h" -o -name "*.c" -not -path "./vendor/*")
 GO_PKGS = $(shell go list ./... | grep -v /vendor/)
 
+# IMAGE will be the path to our test ext4 image file.
+IMAGE ?= $(NAME)_image
+
+# MOUNT will be the path to the filesystem where our tests are run.
+#
+# Running "make test-setup MOUNT=/foo/bar" creates a test filesystem at that
+#	location. Be sure to also run "make test-teardown MOUNT=/foo/bar".
+# Running "make all MOUNT=/foo/bar" (or "make go") will run all tests on that
+# 	filesystem. By default, it is the one created with "make test-setup".
+MOUNT ?= /mnt/$(NAME)_mount
+# Only run the integration tests if our root exists.
+ifneq ("$(wildcard $(MOUNT))","")
+export TEST_FILESYSTEM_ROOT = $(MOUNT)
+endif
 # The flags code below lets the caller of the makefile change the build flags
 # for fscrypt in a familiar manner.
 #	CFLAGS
@@ -67,22 +82,25 @@ override GO_FLAGS += --ldflags '$(GO_LINK_FLAGS)'
 
 .PHONY: default all
 default: $(NAME)
-all: update go format lint default
+all: gen update format lint default test
 
 $(NAME): $(SRC_FILES)
 	go build $(GO_FLAGS) -o $(NAME) $(CMD_PKG)
 
 .PHONY: clean
 clean:
-	rm -rf $(NAME)
+	rm -rf $(NAME) $(IMAGE)
 
 # Make sure go files build and tests pass.
-.PHONY: go
-go:
-	@go generate $(GO_FLAGS) $(GO_PKGS)
-	@go build $(GO_FLAGS) $(GO_PKGS)
+.PHONY: test
+test:
 	@go test -p 1 $(GO_FLAGS) $(GO_PKGS)
 
+# Make sure the protocol buffers are generated
+.PHONY: gen
+gen:
+	protoc --go_out=. $(PROTO_FILES)
+
 # Update the vendored dependencies.
 .PHONY: update
 update:
@@ -91,6 +109,7 @@ update:
 	@govendor add +external
 	@govendor remove +unused
 
+# Format all the Go and C code
 .PHONY: format
 format:
 	@gofmt -l -s -w $(GO_FILES)
@@ -103,15 +122,6 @@ lint:
 	@golint $(GO_PKGS) | grep -v "pb.go" | ./input_fail.py
 	@megacheck -unused.exported $(GO_PKGS)
 
-# Check all files
-.PHONY: check
-check: all 
-	@govendor list +missing +external +unused \
-	| ./input_fail.py "Incorrect vendored dependencies. Run \"make update\""
-	@git diff
-	@git status -s \
-	| ./input_fail.py "Files have changed unexpectedly. Run \"make all\""
-
 .PHONY: install
 install: $(NAME)
 	$(INSTALL) -d $(DESTDIR)
@@ -120,3 +130,39 @@ install: $(NAME)
 .PHONY: uninstall
 uninstall:
 	rm -rf $(DESTDIR)/$(NAME)
+
+# Install the go tools used for checking/generating the code
+.PHONY: go-tools
+go-tools:
+	go get -u github.com/golang/protobuf/protoc-gen-go
+	go get -u github.com/golang/lint/golint
+	go get -u github.com/kardianos/govendor
+	go get -u honnef.co/go/tools/cmd/megacheck
+
+##### Setup/Teardown for integration tests (need root permissions) #####
+.PHONY: test-setup test-teardown
+test-setup:
+	dd if=/dev/zero of=$(IMAGE) bs=1M count=20
+	mkfs.ext4 -b 4096 -O encrypt $(IMAGE) -F
+	sudo mkdir -p $(MOUNT)
+	sudo mount -o rw,loop $(IMAGE) $(MOUNT)
+	sudo chmod +777 $(MOUNT)
+	# Add UUID to BLKID cache
+	sudo blkid $$(df $(MOUNT) --output=source | grep /dev/)
+
+test-teardown:
+	sudo umount $(MOUNT)
+	sudo rmdir $(MOUNT)
+	rm -f $(IMAGE)
+
+##### Commands for Travis CI #####
+
+.PHONY: check
+check: lint default test
+	@govendor list +missing +external +unused \
+	| ./input_fail.py "Incorrect vendored dependencies. Run \"make update\"."
+	@gofmt -s -d $(GO_FILES) \
+	| ./input_fail.py "Incorrectly formatted Go files. Run \"make format\"."
+	@clang-format -i -style=Google -output-replacements-xml $(C_FILES) \
+	| grep "<replacement " \
+	| ./input_fail.py "Incorrectly formatted C files. Run \"make format\"." 
diff --git a/README.md b/README.md
index d69cc07..59df8e4 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 
 [![GitHub version](https://badge.fury.io/gh/google%2Ffscrypt.svg)](https://github.com/google/fscrypt/releases)
 [![GoDoc](https://godoc.org/github.com/google/fscrypt?status.svg)](https://godoc.org/github.com/google/fscrypt)
+[![Build Status](https://travis-ci.org/google/fscrypt.svg?branch=master)](https://travis-ci.org/google/fscrypt)
 [![Go Report Card](https://goreportcard.com/badge/github.com/google/fscrypt)](https://goreportcard.com/report/github.com/google/fscrypt)
 
 fscrypt is a high-level tool for the management of
@@ -102,62 +103,59 @@ The following functionality is planned:
 See the example usage section below or run `fscrypt COMMAND --help` for more
 information about each of the commands.
 
-## Building
-
-fscrypt is written in Go, so to build the program you will need to
-[setup Go](https://golang.org/doc/install),
-[setup your `GOPATH`](https://golang.org/doc/code.html#GOPATH), and clone the
-repository into the correct location by running:
-```shell
-go get -d github.com/google/fscrypt
-```
-Alternatively, just copy or checkout the source into
-`$GOPATH/src/github.com/google/fscrypt`. If you only want to install the fscrypt
-binary to `$GOPATH/bin`, it is enough to run:
-```shell
-go get github.com/google/fscrypt/cmd/fscrypt
-```
+## Building and Installing
 
 fscrypt has the following build dependencies:
-*   `make`
+*   [Go](https://golang.org/doc/install)
 *   A C compiler (`gcc` or `clang`)
-*   Go
-*   [Argon2 Passphrase Hash](https://github.com/P-H-C/phc-winner-argon2), a C
-    library which can be installed (both the header `argon2.h` and library
-    `libargon2`) by running:
+*   `make` 
+*   The [Argon2 Passphrase Hash](https://github.com/P-H-C/phc-winner-argon2)
+    library, which can be
+    [directly installed on Artful Ubuntu](https://packages.ubuntu.com/artful/libargon2-0-dev),
+    or installed from source by running:
     ```bash
     >>>>> git clone https://github.com/P-H-C/phc-winner-argon2 argon2
     >>>>> cd argon2
     >>>>> make
     >>>>> sudo make install
     ```
-*   Headers for `libblkid` (specifically `blkid/blkid.h`) and `libpam`
-    (specifically `security/pam_appl.h`). These can be installed with your
+*   Headers for `libblkid` and `libpam`. These can be installed with the
     appropriate package manager.
     - `sudo apt-get install libblkid-dev libpam0g-dev`
     - `sudo yum install libblkid-devel pam-devel`
     - `pam` and `util-liux` packages for Arch
 
-Once this is setup, you can run `make fscrypt` to build the executable in the
-current directory. See the `Makefile` for instructions on building a static
-executable. The C libraries used by fscrypt will be dynamically linked by
-default.
+Once all the dependencies are installed, you can get the repository by running:
+```shell
+go get -d github.com/google/fscrypt
+```
+and then you can run `make` in `$GOPATH/github.com/google/fscrypt` to build the
+executable in that directory. Running `sudo make install` installs the binary to
+`/usr/local/bin`.
+
+See the `Makefile` for instructions on how to customize the build. This includes
+building a static binary (C libraries used by fscrypt will be dynamically linked
+by default).
+
+Alternatively, if you only want to install the fscrypt binary to `$GOPATH/bin`,
+it is enough to just run:
+```shell
+go get github.com/google/fscrypt/cmd/fscrypt
+```
 
-## Running and Installing
+### Runtime Dependencies
 
 fscrypt has the following runtime dependencies:
 *   Kernel support for filesystem encryption (this will depend on your kernel
     configuration and specific filesystem)
-*   `libargon2` (see the above installation instructions for Argon2), unless you
-    built a static executable.
-*   `libblkid` and `libpam` (which are almost certainly already on your system),
-    unless you built a static executable.
+*   `libargon2.so` (see the above installation instructions for Argon2)
+*   `libblkid.so` and `libpam.so`. These libraries are almost certainly already
+    on your system.
 
-Installing it just requires placing it in your path or running `make install`.
-Change `$GOBIN` to change the install location of fscrypt. By default,
-fscrypt is installed to `$GOPATH/bin`.
+The dynamic libraries are not needed if you built a static executable.
 
 ## Note about stability
+
 fscrypt follows [semantic versioning](http://semver.org). As such, all versions
 below `1.0.0` should be considered development versions. This means no
 guarantees are make about the stability of APIs or formats of config files. As
@@ -497,9 +495,8 @@ Protector 2c75f519b9c9959d no longer protecting policy 16382f282d7b29ee.
 
 ## Contributing
 
-We would love to accept your contributions to fscrypt. See the
-`CONTRIBUTING.md` file for more information about singing the CLA and submitting
-a pull request.
+We would love to accept your contributions to fscrypt. See the `CONTRIBUTING.md`
+file for more information about singing the CLA and submitting a pull request.
 
 ## Troubleshooting
 
@@ -534,10 +531,10 @@ To turn on the encryption feature flag for your filesystem, run
 ```
 tune2fs -O encrypt /dev/device
 ```
-This command may require root privileges. Once the flag is enabled, older
-kernels may not be able to mount the filesystem. Note that there was a bug in an
-older kernel version that allowed encryption policies to be set on ext4
-filesystems without enabling this encryption feature flag.
+This command requires root privileges and `e2fsprogs` v1.43 or later. Once the
+filesystem flag is enabled, older kernels may not be able to mount this
+filesystem. Note that there was a bug in older kernel versions that allowed
+encryption policies to be set on ext4 filesystems without this flag.
 
 ## Legal
 
diff --git a/actions/context_test.go b/actions/context_test.go
index a92ef34..4b38a33 100644
--- a/actions/context_test.go
+++ b/actions/context_test.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/google/fscrypt/util"
+	"github.com/pkg/errors"
 )
 
 const testTime = 10 * time.Millisecond
@@ -38,7 +39,7 @@ var testContext *Context
 // Makes a context using the testing locations for the filesystem and
 // configuration file.
 func setupContext() (ctx *Context, err error) {
-	mountpoint, err := util.TestPath()
+	mountpoint, err := util.TestRoot()
 	if err != nil {
 		return nil, err
 	}
@@ -83,8 +84,11 @@ func TestMain(m *testing.M) {
 	var err error
 	testContext, err = setupContext()
 	if err != nil {
-		fmt.Printf("setupContext() = %v\n", err)
-		os.Exit(1)
+		fmt.Println(err)
+		if errors.Cause(err) != util.ErrSkipIntegration {
+			os.Exit(1)
+		}
+		os.Exit(0)
 	}
 
 	returnCode := m.Run()
diff --git a/filesystem/filesystem_test.go b/filesystem/filesystem_test.go
index 2a6baab..04d5123 100644
--- a/filesystem/filesystem_test.go
+++ b/filesystem/filesystem_test.go
@@ -40,13 +40,12 @@ var (
 )
 
 // Gets the mount corresponding to the integration test path.
-func getTestMount() (*Mount, error) {
-	mountpoint, err := util.TestPath()
+func getTestMount(t *testing.T) (*Mount, error) {
+	mountpoint, err := util.TestRoot()
 	if err != nil {
-		return nil, err
+		t.Skip(err)
 	}
-	mnt, err := GetMount(mountpoint)
-	return mnt, errors.Wrapf(err, util.TestEnvVarName)
+	return GetMount(mountpoint)
 }
 
 func getFakeProtector() *metadata.ProtectorData {
@@ -72,8 +71,8 @@ func getFakePolicy() *metadata.PolicyData {
 }
 
 // Gets the mount and sets it up
-func getSetupMount() (*Mount, error) {
-	mnt, err := getTestMount()
+func getSetupMount(t *testing.T) (*Mount, error) {
+	mnt, err := getTestMount(t)
 	if err != nil {
 		return nil, err
 	}
@@ -82,7 +81,7 @@ func getSetupMount() (*Mount, error) {
 
 // Tests that the setup works and creates the correct files
 func TestSetup(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -96,7 +95,7 @@ func TestSetup(t *testing.T) {
 
 // Tests that we can remove all of the metadata
 func TestRemoveAllMetadata(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -112,7 +111,7 @@ func TestRemoveAllMetadata(t *testing.T) {
 
 // Adding a good Protector should succeed, adding a bad one should fail
 func TestAddProtector(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -151,7 +150,7 @@ func TestAddProtector(t *testing.T) {
 
 // Adding a good Policy should succeed, adding a bad one should fail
 func TestAddPolicy(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -190,7 +189,7 @@ func TestAddPolicy(t *testing.T) {
 
 // Tests that we can set a policy and get it back
 func TestSetPolicy(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -214,7 +213,7 @@ func TestSetPolicy(t *testing.T) {
 
 // Tests that we can set a normal protector and get it back
 func TestSetProtector(t *testing.T) {
-	mnt, err := getSetupMount()
+	mnt, err := getSetupMount(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -236,8 +235,8 @@ func TestSetProtector(t *testing.T) {
 }
 
 // Gets a setup mount and a fake second mount
-func getTwoSetupMounts() (realMnt, fakeMnt *Mount, err error) {
-	if realMnt, err = getSetupMount(); err != nil {
+func getTwoSetupMounts(t *testing.T) (realMnt, fakeMnt *Mount, err error) {
+	if realMnt, err = getSetupMount(t); err != nil {
 		return
 	}
 
@@ -259,7 +258,7 @@ func cleanupTwoMounts(realMnt, fakeMnt *Mount) {
 
 // Tests that we can set a linked protector and get it back
 func TestLinkedProtector(t *testing.T) {
-	realMnt, fakeMnt, err := getTwoSetupMounts()
+	realMnt, fakeMnt, err := getTwoSetupMounts(t)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/metadata/config.go b/metadata/config.go
index 8c7be55..0f95fbe 100644
--- a/metadata/config.go
+++ b/metadata/config.go
@@ -26,7 +26,6 @@
 //    * Reasonable defaults for a Policy's EncryptionOptions
 package metadata
 
-//go:generate protoc --go_out=. metadata.proto
 import (
 	"io"
 	"strings"
diff --git a/metadata/metadata.pb.go b/metadata/metadata.pb.go
index 37087ef..49a9f3c 100644
--- a/metadata/metadata.pb.go
+++ b/metadata/metadata.pb.go
@@ -1,12 +1,12 @@
 // Code generated by protoc-gen-go.
-// source: metadata.proto
+// source: metadata/metadata.proto
 // DO NOT EDIT!
 
 /*
 Package metadata is a generated protocol buffer package.
 
 It is generated from these files:
-	metadata.proto
+	metadata/metadata.proto
 
 It has these top-level messages:
 	HashingCosts
@@ -368,48 +368,48 @@ func init() {
 	proto.RegisterEnum("metadata.EncryptionOptions_Mode", EncryptionOptions_Mode_name, EncryptionOptions_Mode_value)
 }
 
-func init() { proto.RegisterFile("metadata.proto", fileDescriptor0) }
+func init() { proto.RegisterFile("metadata/metadata.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 626 bytes of a gzipped FileDescriptorProto
+	// 630 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x94, 0xdf, 0x6a, 0xdb, 0x3e,
-	0x14, 0xc7, 0x7f, 0xb6, 0xd3, 0xa4, 0x39, 0xf9, 0xf3, 0x73, 0xd5, 0xae, 0x98, 0xed, 0x26, 0x78,
-	0x1b, 0x94, 0x51, 0x0a, 0xcb, 0xe8, 0x60, 0x30, 0x06, 0x5b, 0x5a, 0xb6, 0xae, 0x94, 0x75, 0x4a,
-	0x69, 0x37, 0x18, 0x04, 0xd5, 0x56, 0x1b, 0x51, 0xdb, 0x12, 0x92, 0x42, 0xf0, 0xdd, 0x2e, 0xf6,
-	0x06, 0x7b, 0x97, 0x3d, 0xc4, 0x9e, 0x6a, 0x48, 0x4e, 0x1c, 0xa7, 0x85, 0x92, 0xed, 0xc6, 0x1c,
-	0x7d, 0x25, 0x9d, 0xef, 0xd1, 0x47, 0x3a, 0x86, 0x6e, 0x4a, 0x35, 0x89, 0x89, 0x26, 0x7b, 0x42,
-	0x72, 0xcd, 0xd1, 0xfa, 0x7c, 0x1c, 0x7e, 0x83, 0xf6, 0x07, 0xa2, 0xc6, 0x2c, 0xbb, 0x1e, 0x70,
-	0xa5, 0x15, 0x42, 0x50, 0xd3, 0x2c, 0xa5, 0x81, 0xdb, 0x73, 0x76, 0x3c, 0x6c, 0x63, 0xb4, 0x0d,
-	0xf5, 0x94, 0xa6, 0x5c, 0xe6, 0x81, 0x67, 0xd5, 0xd9, 0x08, 0xf5, 0xa0, 0x25, 0x88, 0x24, 0x49,
-	0x42, 0x13, 0xa6, 0xd2, 0xa0, 0x66, 0x27, 0xab, 0x52, 0xf8, 0x15, 0xba, 0x17, 0x92, 0x08, 0x41,
-	0xe3, 0x63, 0x9a, 0x1f, 0x10, 0x4d, 0x50, 0x17, 0xdc, 0xa3, 0xf3, 0xc0, 0xe9, 0x39, 0x3b, 0x6d,
-	0xec, 0x1e, 0x9d, 0xa3, 0xc7, 0xd0, 0xa1, 0x59, 0x24, 0x73, 0xa1, 0x69, 0x3c, 0xba, 0xa1, 0xb9,
-	0x35, 0x6e, 0xe3, 0x76, 0x29, 0x1e, 0xd3, 0xdc, 0x14, 0x35, 0x4e, 0x49, 0x64, 0xed, 0xdb, 0xd8,
-	0xc6, 0xe1, 0x4f, 0x17, 0x3a, 0xa7, 0x92, 0x6b, 0x1a, 0x69, 0x2e, 0x6d, 0xea, 0xe7, 0xb0, 0x25,
-	0xe6, 0xc2, 0x28, 0xa6, 0x2a, 0x92, 0x4c, 0x68, 0x2e, 0xad, 0x59, 0x13, 0x6f, 0x96, 0x73, 0x07,
-	0xe5, 0x14, 0xda, 0x85, 0xba, 0xe2, 0x13, 0x19, 0x15, 0xe7, 0xed, 0xf6, 0xb7, 0xf6, 0x4a, 0x50,
-	0x43, 0xab, 0x9f, 0xe5, 0x82, 0xe2, 0xd9, 0x1a, 0x53, 0x46, 0x46, 0x52, 0x6a, 0xcb, 0x68, 0x62,
-	0x1b, 0xa3, 0x5d, 0x58, 0x8b, 0x0c, 0x38, 0x7b, 0xfa, 0x56, 0x7f, 0x7b, 0x91, 0xa0, 0x8a, 0x15,
-	0x17, 0x8b, 0x4c, 0x06, 0x45, 0x12, 0x1d, 0xac, 0x15, 0x07, 0x31, 0x31, 0xf2, 0xc1, 0x9b, 0xb0,
-	0x38, 0xa8, 0x5b, 0x7a, 0x26, 0x44, 0xaf, 0xa0, 0x35, 0x2d, 0xa8, 0x59, 0x22, 0x0d, 0x9b, 0x39,
-	0x58, 0x64, 0x5e, 0x46, 0x8a, 0x61, 0x5a, 0x8e, 0xc3, 0x1f, 0x2e, 0x6c, 0x1c, 0x16, 0xe8, 0x18,
-	0xcf, 0x3e, 0xd9, 0xaf, 0x42, 0x01, 0x34, 0x04, 0x89, 0x63, 0x96, 0x5d, 0x5b, 0x18, 0x1e, 0x9e,
-	0x0f, 0xd1, 0x6b, 0x58, 0x8f, 0x78, 0xa6, 0x69, 0xa6, 0xd5, 0x0c, 0x41, 0x6f, 0xe1, 0x73, 0x27,
-	0xd1, 0xde, 0x09, 0x8f, 0x29, 0x2e, 0x77, 0xa0, 0x37, 0xd0, 0xbc, 0x62, 0x09, 0x35, 0x20, 0x94,
-	0xa5, 0xb2, 0xca, 0xf6, 0xc5, 0x96, 0xf0, 0x02, 0x6a, 0x46, 0x42, 0x2d, 0x68, 0xc4, 0xf4, 0x8a,
-	0x4c, 0x12, 0xed, 0xff, 0x87, 0xfe, 0x87, 0xd6, 0xdb, 0xc3, 0xe1, 0xa8, 0xbf, 0xff, 0x72, 0xf4,
-	0xe5, 0x6c, 0xe8, 0x3b, 0x55, 0xe1, 0xfd, 0xe0, 0xc4, 0x77, 0xab, 0xc2, 0xe0, 0xdd, 0xc0, 0xf7,
-	0x96, 0x84, 0xb3, 0xa1, 0x5f, 0x0b, 0xbf, 0x3b, 0xe0, 0xcf, 0x28, 0x9d, 0xf2, 0x84, 0x45, 0xb9,
-	0x79, 0x45, 0xff, 0xf0, 0x3e, 0x6e, 0xdd, 0x84, 0xfb, 0x17, 0x37, 0xf1, 0xcb, 0x01, 0x28, 0xbc,
-	0xed, 0xe3, 0x7c, 0x0a, 0xdd, 0x1b, 0x9a, 0xdf, 0xb5, 0xed, 0xdc, 0xd0, 0xbc, 0x62, 0xb8, 0x0f,
-	0x0d, 0x5e, 0xc0, 0x9a, 0x99, 0x3d, 0xba, 0x87, 0x27, 0x9e, 0xaf, 0x45, 0x1f, 0x61, 0x73, 0x5e,
-	0xa7, 0xb0, 0x9e, 0xa6, 0x5c, 0x73, 0x25, 0xde, 0x4e, 0xab, 0xff, 0xf0, 0x4e, 0xbd, 0x25, 0x13,
-	0xbc, 0x31, 0xbd, 0xa5, 0xa8, 0xf0, 0xb7, 0x03, 0xf5, 0x01, 0xcf, 0xae, 0xd8, 0x75, 0xa5, 0x3d,
-	0x9c, 0x15, 0xda, 0x63, 0x1f, 0x60, 0x4c, 0xd4, 0x78, 0x54, 0xf4, 0x83, 0x7b, 0x6f, 0x3f, 0x34,
-	0xcd, 0xca, 0xe2, 0x8f, 0xf3, 0x04, 0x3a, 0x11, 0x4f, 0x05, 0xd1, 0xec, 0x92, 0x25, 0x4c, 0xe7,
-	0xb3, 0xf6, 0x5a, 0x16, 0xab, 0x60, 0x6a, 0xab, 0x83, 0x79, 0xf6, 0x19, 0x60, 0x51, 0xe9, 0xf2,
-	0x3b, 0x43, 0xd0, 0x15, 0x24, 0x1d, 0x09, 0xa2, 0x94, 0x18, 0x4b, 0xa2, 0xa8, 0xef, 0xa0, 0x07,
-	0xb0, 0x11, 0x4d, 0x94, 0xe6, 0x4b, 0xb2, 0x6b, 0xf6, 0x49, 0x32, 0x35, 0x4c, 0x7d, 0xef, 0xb2,
-	0x6e, 0x7f, 0xa1, 0x2f, 0xfe, 0x04, 0x00, 0x00, 0xff, 0xff, 0x75, 0xb7, 0xbf, 0x4e, 0x54, 0x05,
-	0x00, 0x00,
+	0x14, 0xc7, 0x7f, 0xb6, 0xd3, 0xa4, 0x39, 0xf9, 0xf3, 0x73, 0xd5, 0xae, 0x33, 0xdb, 0x4d, 0xf0,
+	0x36, 0x28, 0xa3, 0x74, 0x2c, 0xa3, 0x83, 0xc1, 0x18, 0x6c, 0x69, 0xd9, 0xba, 0x52, 0xd6, 0x29,
+	0xa5, 0xdd, 0x60, 0x10, 0x54, 0x5b, 0x6d, 0x44, 0x6d, 0x4b, 0x48, 0x0a, 0xc1, 0x77, 0xbb, 0xd8,
+	0x1b, 0xec, 0x5d, 0xf6, 0x10, 0x7b, 0xaa, 0x21, 0x39, 0x71, 0x9c, 0x16, 0x4a, 0xb7, 0x1b, 0x73,
+	0xf4, 0x95, 0x74, 0xbe, 0x47, 0x1f, 0xe9, 0x18, 0xee, 0xa7, 0x54, 0x93, 0x98, 0x68, 0xf2, 0x6c,
+	0x1e, 0xec, 0x08, 0xc9, 0x35, 0x47, 0xab, 0xf3, 0x71, 0xf8, 0x0d, 0xda, 0x1f, 0x88, 0x1a, 0xb3,
+	0xec, 0x72, 0xc0, 0x95, 0x56, 0x08, 0x41, 0x4d, 0xb3, 0x94, 0x06, 0x6e, 0xcf, 0xd9, 0xf2, 0xb0,
+	0x8d, 0xd1, 0x26, 0xd4, 0x53, 0x9a, 0x72, 0x99, 0x07, 0x9e, 0x55, 0x67, 0x23, 0xd4, 0x83, 0x96,
+	0x20, 0x92, 0x24, 0x09, 0x4d, 0x98, 0x4a, 0x83, 0x9a, 0x9d, 0xac, 0x4a, 0xe1, 0x57, 0xe8, 0x9e,
+	0x49, 0x22, 0x04, 0x8d, 0x0f, 0x69, 0xbe, 0x47, 0x34, 0x41, 0x5d, 0x70, 0x0f, 0x4e, 0x03, 0xa7,
+	0xe7, 0x6c, 0xb5, 0xb1, 0x7b, 0x70, 0x8a, 0x1e, 0x41, 0x87, 0x66, 0x91, 0xcc, 0x85, 0xa6, 0xf1,
+	0xe8, 0x8a, 0xe6, 0xd6, 0xb8, 0x8d, 0xdb, 0xa5, 0x78, 0x48, 0x73, 0x53, 0xd4, 0x38, 0x25, 0x91,
+	0xb5, 0x6f, 0x63, 0x1b, 0x87, 0x3f, 0x5d, 0xe8, 0x1c, 0x4b, 0xae, 0x69, 0xa4, 0xb9, 0xb4, 0xa9,
+	0x9f, 0xc3, 0x86, 0x98, 0x0b, 0xa3, 0x98, 0xaa, 0x48, 0x32, 0xa1, 0xb9, 0xb4, 0x66, 0x4d, 0xbc,
+	0x5e, 0xce, 0xed, 0x95, 0x53, 0x68, 0x1b, 0xea, 0x8a, 0x4f, 0x64, 0x54, 0x9c, 0xb7, 0xdb, 0xdf,
+	0xd8, 0x29, 0x41, 0x0d, 0xad, 0x7e, 0x92, 0x0b, 0x8a, 0x67, 0x6b, 0x4c, 0x19, 0x19, 0x49, 0xa9,
+	0x2d, 0xa3, 0x89, 0x6d, 0x8c, 0xb6, 0x61, 0x25, 0x32, 0xe0, 0xec, 0xe9, 0x5b, 0xfd, 0xcd, 0x45,
+	0x82, 0x2a, 0x56, 0x5c, 0x2c, 0x32, 0x19, 0x14, 0x49, 0x74, 0xb0, 0x52, 0x1c, 0xc4, 0xc4, 0xc8,
+	0x07, 0x6f, 0xc2, 0xe2, 0xa0, 0x6e, 0xe9, 0x99, 0x10, 0xbd, 0x82, 0xd6, 0xb4, 0xa0, 0x66, 0x89,
+	0x34, 0x6c, 0xe6, 0x60, 0x91, 0x79, 0x19, 0x29, 0x86, 0x69, 0x39, 0x0e, 0x7f, 0xb8, 0xb0, 0xb6,
+	0x5f, 0xa0, 0x63, 0x3c, 0xfb, 0x64, 0xbf, 0x0a, 0x05, 0xd0, 0x10, 0x24, 0x8e, 0x59, 0x76, 0x69,
+	0x61, 0x78, 0x78, 0x3e, 0x44, 0xaf, 0x61, 0x35, 0xe2, 0x99, 0xa6, 0x99, 0x56, 0x33, 0x04, 0xbd,
+	0x85, 0xcf, 0x8d, 0x44, 0x3b, 0x47, 0x3c, 0xa6, 0xb8, 0xdc, 0x81, 0xde, 0x40, 0xf3, 0x82, 0x25,
+	0xd4, 0x80, 0x50, 0x96, 0xca, 0x5d, 0xb6, 0x2f, 0xb6, 0x84, 0x67, 0x50, 0x33, 0x12, 0x6a, 0x41,
+	0x23, 0xa6, 0x17, 0x64, 0x92, 0x68, 0xff, 0x3f, 0xf4, 0x3f, 0xb4, 0xde, 0xee, 0x0f, 0x47, 0xfd,
+	0xdd, 0x97, 0xa3, 0x2f, 0x27, 0x43, 0xdf, 0xa9, 0x0a, 0xef, 0x07, 0x47, 0xbe, 0x5b, 0x15, 0x06,
+	0xef, 0x06, 0xbe, 0xb7, 0x24, 0x9c, 0x0c, 0xfd, 0x5a, 0xf8, 0xdd, 0x01, 0x7f, 0x46, 0xe9, 0x98,
+	0x27, 0x2c, 0xca, 0xcd, 0x2b, 0xfa, 0x87, 0xf7, 0x71, 0xed, 0x26, 0xdc, 0xbf, 0xb8, 0x89, 0x5f,
+	0x0e, 0x40, 0xe1, 0x6d, 0x1f, 0xe7, 0x13, 0xe8, 0x5e, 0xd1, 0xfc, 0xa6, 0x6d, 0xe7, 0x8a, 0xe6,
+	0x15, 0xc3, 0x5d, 0x68, 0xf0, 0x02, 0xd6, 0xcc, 0xec, 0xe1, 0x2d, 0x3c, 0xf1, 0x7c, 0x2d, 0xfa,
+	0x08, 0xeb, 0xf3, 0x3a, 0x85, 0xf5, 0x34, 0xe5, 0x9a, 0x2b, 0xf1, 0xb6, 0x5a, 0xfd, 0x07, 0x37,
+	0xea, 0x2d, 0x99, 0xe0, 0xb5, 0xe9, 0x35, 0x45, 0x85, 0xbf, 0x1d, 0xa8, 0x0f, 0x78, 0x76, 0xc1,
+	0x2e, 0x2b, 0xed, 0xe1, 0xdc, 0xa1, 0x3d, 0x76, 0x01, 0xc6, 0x44, 0x8d, 0x47, 0x45, 0x3f, 0xb8,
+	0xb7, 0xf6, 0x43, 0xd3, 0xac, 0x2c, 0xfe, 0x38, 0x8f, 0xa1, 0x13, 0xf1, 0x54, 0x10, 0xcd, 0xce,
+	0x59, 0xc2, 0x74, 0x3e, 0x6b, 0xaf, 0x65, 0xb1, 0x0a, 0xa6, 0x76, 0x77, 0x30, 0x4f, 0x3f, 0x03,
+	0x2c, 0x2a, 0x5d, 0x7e, 0x67, 0x08, 0xba, 0x82, 0xa4, 0x23, 0x41, 0x94, 0x12, 0x63, 0x49, 0x14,
+	0xf5, 0x1d, 0x74, 0x0f, 0xd6, 0xa2, 0x89, 0xd2, 0x7c, 0x49, 0x76, 0xcd, 0x3e, 0x49, 0xa6, 0x86,
+	0xa9, 0xef, 0x9d, 0xd7, 0xed, 0x2f, 0xf4, 0xc5, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf9, 0xff,
+	0x1e, 0x31, 0x5d, 0x05, 0x00, 0x00,
 }
diff --git a/metadata/metadata.proto b/metadata/metadata.proto
index 395cdff..1bec64f 100644
--- a/metadata/metadata.proto
+++ b/metadata/metadata.proto
@@ -19,6 +19,7 @@
  * the License.
  */
 
+// If you modify this file, be sure to run "go generate" on this package.
 syntax = "proto3";
 package metadata;
 
diff --git a/metadata/policy_test.go b/metadata/policy_test.go
index cc6b36f..783a784 100644
--- a/metadata/policy_test.go
+++ b/metadata/policy_test.go
@@ -37,14 +37,13 @@ var goodPolicy = &PolicyData{
 }
 
 // Creates a temporary directory for testing.
-func createTestDirectory() (directory string, err error) {
-	baseDirectory, err := util.TestPath()
+func createTestDirectory(t *testing.T) (directory string, err error) {
+	baseDirectory, err := util.TestRoot()
 	if err != nil {
-		return
+		t.Skip(err)
 	}
 	if s, err := os.Stat(baseDirectory); err != nil || !s.IsDir() {
-		return "", fmt.Errorf("%s: %q is not a valid directory",
-			util.TestEnvVarName, baseDirectory)
+		return "", fmt.Errorf("test directory %q is not valid", baseDirectory)
 	}
 
 	directoryPath := filepath.Join(baseDirectory, "test")
@@ -53,8 +52,8 @@ func createTestDirectory() (directory string, err error) {
 
 // Makes a test directory, makes a file in the directory, and fills the file
 // with data. Returns the directory name, file name, and error (if one).
-func createTestFile() (directory, file string, err error) {
-	if directory, err = createTestDirectory(); err != nil {
+func createTestFile(t *testing.T) (directory, file string, err error) {
+	if directory, err = createTestDirectory(t); err != nil {
 		return
 	}
 	// Cleanup if the file creation fails
@@ -77,7 +76,7 @@ func createTestFile() (directory, file string, err error) {
 
 // Tests that we can set a policy on an empty directory
 func TestSetPolicyEmptyDirectory(t *testing.T) {
-	directory, err := createTestDirectory()
+	directory, err := createTestDirectory(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -90,7 +89,7 @@ func TestSetPolicyEmptyDirectory(t *testing.T) {
 
 // Tests that we cannot set a policy on a nonempty directory
 func TestSetPolicyNonemptyDirectory(t *testing.T) {
-	directory, _, err := createTestFile()
+	directory, _, err := createTestFile(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -103,7 +102,7 @@ func TestSetPolicyNonemptyDirectory(t *testing.T) {
 
 // Tests that we cannot set a policy on a file
 func TestSetPolicyFile(t *testing.T) {
-	directory, file, err := createTestFile()
+	directory, file, err := createTestFile(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -120,7 +119,7 @@ func TestSetPolicyBadDescriptors(t *testing.T) {
 	badDescriptors := []string{"123456789abcde", "xxxxxxxxxxxxxxxx", "0123456789abcdef00"}
 	for _, badDescriptor := range badDescriptors {
 		badPolicy := &PolicyData{KeyDescriptor: badDescriptor, Options: DefaultOptions}
-		directory, err := createTestDirectory()
+		directory, err := createTestDirectory(t)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -134,7 +133,7 @@ func TestSetPolicyBadDescriptors(t *testing.T) {
 
 // Tests that we get back the same policy that we set on a directory
 func TestGetPolicyEmptyDirectory(t *testing.T) {
-	directory, err := createTestDirectory()
+	directory, err := createTestDirectory(t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -155,7 +154,7 @@ func TestGetPolicyEmptyDirectory(t *testing.T) {
 
 // Tests that we cannot get a policy on an unencrypted directory
 func TestGetPolicyUnencrypted(t *testing.T) {
-	directory, err := createTestDirectory()
+	directory, err := createTestDirectory(t)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/util/errors.go b/util/errors.go
index 2a865a3..f10569e 100644
--- a/util/errors.go
+++ b/util/errors.go
@@ -24,6 +24,8 @@ import (
 	"io"
 	"log"
 	"os"
+
+	"github.com/pkg/errors"
 )
 
 // ErrReader wraps an io.Reader, passing along calls to Read() until a read
@@ -113,17 +115,21 @@ func NeverError(err error) {
 	}
 }
 
-// TestEnvVarName is the name on an environment variable that should be set to
-// an empty mountpoint. This is only used for integration tests.
-var TestEnvVarName = "TEST_FILESYSTEM_ROOT"
+var (
+	// testEnvVarName is the name on an environment variable that should be
+	// set to an empty mountpoint. This is only used for integration tests.
+	// If not set, integration tests are skipped.
+	testEnvVarName = "TEST_FILESYSTEM_ROOT"
+	// ErrSkipIntegration indicates integration tests shouldn't be run.
+	ErrSkipIntegration = errors.New("skipping integration test")
+)
 
-// TestPath returns a the path specified by TestEnvVarName. The function
-// panics if the environment variable is not set. This function is only used for
-// integration tests.
-func TestPath() (string, error) {
-	path := os.Getenv(TestEnvVarName)
+// TestRoot returns a the root of a filesystem specified by testEnvVarName. This
+// function is only used for integration tests.
+func TestRoot() (string, error) {
+	path := os.Getenv(testEnvVarName)
 	if path == "" {
-		return "", fmt.Errorf("%s: environment variable not set", TestEnvVarName)
+		return "", ErrSkipIntegration
 	}
 	return path, nil
 }