filesystem: improve errors

Introduce filesystem.ErrEncryptionNotEnabled and filesystem.ErrEncryptionNotSupported which include the Mount as context, and translate the corresponding metadata/ errors into them. Then make these errors show much better suggestions. Also replace lots of other filesystem/ errors with either custom types or with unnamed one-off errors that include more context. Fix backwards wrapping in lots of cases. Finally, don't include the mountpoint in places where it's not useful, like OS-level errors that already include the path.
author: Eric Biggers <ebiggers@google.com> 2020-05-09 14:52:07 -0700
committer: Eric Biggers <ebiggers@google.com> 2020-05-09 15:21:31 -0700
commit: 66fb4c557644ba2c37951a7568c06c47a6c718a7 (patch)
tree: 10ee55fb8f2753dc39b3e0435b43291f27c46908 /cli-tests
parent: fbc161a77962fe64e3caad80efb535d28d8c1f74 (diff)
6 files changed, 62 insertions, 30 deletions
diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out
index 760f9dd..4553891 100644
--- a/cli-tests/t_not_enabled.out
+++ b/cli-tests/t_not_enabled.out
@@ -2,25 +2,52 @@
 # Disable encryption on DEV
 
 # Try to encrypt a directory when encryption is disabled
-[ERROR] fscrypt encrypt: encryption not enabled
+[ERROR] fscrypt encrypt: encryption not enabled on filesystem
+                         MNT (DEV).
 
-Encryption is either disabled in the kernel config, or needs to be enabled for
-this filesystem. See the documentation on how to enable encryption on ext4
-systems (and the risks of doing so).
+To enable encryption support on this filesystem, run:
+
+     sudo tune2fs -O encrypt "DEV"
+
+Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation
+for more details.
 
 # Try to unlock a directory when encryption is disabled
-[ERROR] fscrypt unlock: encryption not enabled
+[ERROR] fscrypt unlock: encryption not enabled on filesystem
+                        MNT (DEV).
+
+To enable encryption support on this filesystem, run:
 
-Encryption is either disabled in the kernel config, or needs to be enabled for
-this filesystem. See the documentation on how to enable encryption on ext4
-systems (and the risks of doing so).
+     sudo tune2fs -O encrypt "DEV"
+
+Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation
+for more details.
 
 # Try to lock a directory when encryption is disabled
-[ERROR] fscrypt lock: encryption not enabled
+[ERROR] fscrypt lock: encryption not enabled on filesystem
+                      MNT (DEV).
+
+To enable encryption support on this filesystem, run:
+
+     sudo tune2fs -O encrypt "DEV"
+
+Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation
+for more details.
+
+# Check for additional message when GRUB appears to be installed
+[ERROR] fscrypt encrypt: encryption not enabled on filesystem
+                         MNT (DEV).
+
+To enable encryption support on this filesystem, run:
+
+     sudo tune2fs -O encrypt "DEV"
+
+WARNING: you seem to have GRUB installed on this filesystem. Before doing the
+above, make sure you are using GRUB v2.04 or later; otherwise your system will
+become unbootable.
 
-Encryption is either disabled in the kernel config, or needs to be enabled for
-this filesystem. See the documentation on how to enable encryption on ext4
-systems (and the risks of doing so).
+Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation
+for more details.
 
 # Enable encryption on DEV
 
diff --git a/cli-tests/t_not_enabled.sh b/cli-tests/t_not_enabled.sh
index 3c7d22c..fae1094 100755
--- a/cli-tests/t_not_enabled.sh
+++ b/cli-tests/t_not_enabled.sh
@@ -26,6 +26,11 @@ _expect_failure "fscrypt unlock '$dir'"
 _print_header "Try to lock a directory when encryption is disabled"
 _expect_failure "fscrypt lock '$dir'"
 
+_print_header "Check for additional message when GRUB appears to be installed"
+mkdir -p "$MNT/boot/grub"
+_expect_failure "fscrypt encrypt '$dir'"
+rm -r "${MNT:?}/boot"
+
 _print_header "Enable encryption on $DEV"
 _run_noisy_command "tune2fs -O encrypt '$DEV'"
 
diff --git a/cli-tests/t_not_supported.out b/cli-tests/t_not_supported.out
index dd71599..ecee56a 100644
--- a/cli-tests/t_not_supported.out
+++ b/cli-tests/t_not_supported.out
@@ -5,6 +5,5 @@
 Metadata directories created at "MNT/.fscrypt".
 
 # Try to encrypt a directory on tmpfs
-[ERROR] fscrypt encrypt: encryption not supported
-
-Encryption for this type of filesystem is not supported on this kernel version.
+[ERROR] fscrypt encrypt: This kernel doesn't support encryption on tmpfs
+                         filesystems.
diff --git a/cli-tests/t_setup.out b/cli-tests/t_setup.out
index 7d597bd..ef0d133 100644
--- a/cli-tests/t_setup.out
+++ b/cli-tests/t_setup.out
@@ -34,8 +34,8 @@ Use --force to automatically run destructive operations.
 Metadata directories created at "MNT/.fscrypt".
 
 # fscrypt setup filesystem (already set up)
-[ERROR] fscrypt setup: filesystem MNT: already setup for use
-                       with fscrypt
+[ERROR] fscrypt setup: filesystem MNT is already setup for
+                       use with fscrypt
 
 # no config file
 [ERROR] fscrypt setup: "FSCRYPT_CONF" doesn't exist
diff --git a/cli-tests/t_status.out b/cli-tests/t_status.out
index 08ce3b2..0d478b5 100644
--- a/cli-tests/t_status.out
+++ b/cli-tests/t_status.out
@@ -24,21 +24,25 @@ ext4 supported No
 ext4 supported No
 
 # Get status of not-setup mountpoint
-[ERROR] fscrypt status: filesystem MNT: not setup for use
+[ERROR] fscrypt status: filesystem MNT is not setup for use
                         with fscrypt
 
-Run "fscrypt setup MOUNTPOINT" to use fscrypt on this filesystem.
-[ERROR] fscrypt status: filesystem MNT: not setup for use
+Run "sudo fscrypt setup MNT" to use fscrypt on this
+filesystem.
+[ERROR] fscrypt status: filesystem MNT is not setup for use
                         with fscrypt
 
-Run "fscrypt setup MOUNTPOINT" to use fscrypt on this filesystem.
+Run "sudo fscrypt setup MNT" to use fscrypt on this
+filesystem.
 
 # Get status of unencrypted directory on not-setup mountpoint
-[ERROR] fscrypt status: filesystem MNT: not setup for use
+[ERROR] fscrypt status: filesystem MNT is not setup for use
                         with fscrypt
 
-Run "fscrypt setup MOUNTPOINT" to use fscrypt on this filesystem.
-[ERROR] fscrypt status: filesystem MNT: not setup for use
+Run "sudo fscrypt setup MNT" to use fscrypt on this
+filesystem.
+[ERROR] fscrypt status: filesystem MNT is not setup for use
                         with fscrypt
 
-Run "fscrypt setup MOUNTPOINT" to use fscrypt on this filesystem.
+Run "sudo fscrypt setup MNT" to use fscrypt on this
+filesystem.
diff --git a/cli-tests/t_unlock.out b/cli-tests/t_unlock.out
index 710b063..25430a0 100644
--- a/cli-tests/t_unlock.out
+++ b/cli-tests/t_unlock.out
@@ -81,12 +81,9 @@ contents
 desc1  Yes       desc2
 
 # Try to unlock with corrupt policy metadata
-[ERROR] fscrypt unlock: filesystem "MNT" does not contain
-                        the policy metadata for "MNT/dir".
-                        This directory has either been encrypted with another
-                        tool (such as e4crypt), or the file
+[ERROR] fscrypt unlock: fscrypt metadata file at
                         "MNT/.fscrypt/policies/desc1"
-                        has been deleted.
+                        is corrupt: unexpected EOF
 
 # Try to unlock with missing policy metadata
 [ERROR] fscrypt unlock: filesystem "MNT" does not contain
author	Eric Biggers <ebiggers@google.com>	2020-05-09 14:52:07 -0700
committer	Eric Biggers <ebiggers@google.com>	2020-05-09 15:21:31 -0700
commit	66fb4c557644ba2c37951a7568c06c47a6c718a7 (patch)
tree	10ee55fb8f2753dc39b3e0435b43291f27c46908 /cli-tests
parent	fbc161a77962fe64e3caad80efb535d28d8c1f74 (diff)