diff options
| author | Joseph Richey <joerichey@google.com> | 2020-03-23 14:24:23 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-23 14:24:23 -0700 |
| commit | ab531eea551598170e4dd973fa5955f01b5c0318 (patch) | |
| tree | ad01ed9d6ffa3d9715c40ff14041f95978107ba7 /actions/config.go | |
| parent | b43cb6970da16fea7aa2c073a83891909a2833b1 (diff) | |
| parent | 02ec13d8d96fc16282998f8355074dad53271591 (diff) | |
Merge pull request #205 from ebiggers/autoselect-v2
Automatically enable policy_version 2 when kernel support is detected
Diffstat (limited to 'actions/config.go')
| -rw-r--r-- | actions/config.go | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/actions/config.go b/actions/config.go index 6b019df..2463b95 100644 --- a/actions/config.go +++ b/actions/config.go @@ -36,10 +36,6 @@ import ( "github.com/google/fscrypt/util" ) -// LegacyConfig indicates that keys should be inserted into the keyring with the -// legacy service prefixes. Needed for kernels before v4.8. -const LegacyConfig = "legacy" - // ConfigFileLocation is the location of fscrypt's global settings. This can be // overridden by the user of this package. var ConfigFileLocation = "/etc/fscrypt.conf" @@ -61,12 +57,10 @@ var ( ) // CreateConfigFile creates a new config file at the appropriate location with -// the appropriate hashing costs and encryption parameters. This creation is -// configurable in two ways. First, a time target must be specified. This target -// will determine the hashing costs, by picking parameters that make the hashing -// take as long as the specified target. Second, the config can include the -// legacy option, which is needed for systems with kernels older than v4.8. -func CreateConfigFile(target time.Duration, useLegacy bool) error { +// the appropriate hashing costs and encryption parameters. The hashing will be +// configured to take as long as the specified time target. In addition, the +// version of encryption policy to use may be overridden from the default of v1. +func CreateConfigFile(target time.Duration, policyVersion int64) error { // Create the config file before computing the hashing costs, so we fail // immediately if the program has insufficient permissions. configFile, err := filesystem.OpenFileOverridingUmask(ConfigFileLocation, @@ -83,9 +77,9 @@ func CreateConfigFile(target time.Duration, useLegacy bool) error { Source: metadata.DefaultSource, Options: metadata.DefaultOptions, } - if useLegacy { - config.Compatibility = LegacyConfig - log.Printf("Using %q compatibility option\n", LegacyConfig) + + if policyVersion != 0 { + config.Options.PolicyVersion = policyVersion } if config.HashCosts, err = getHashingCosts(target); err != nil { |