diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-12-15 19:31:39 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-01-05 10:02:13 -0800 |
| commit | 462d166d5355d33a05271d24de4d52f30dd62f67 (patch) | |
| tree | 9bf53558105694002d442e0d997a9bb2b95140e2 /cmd/fscrypt | |
| parent | 80654f23ebfd552277ed217a2c5e1d0bb1374189 (diff) | |
Add keyring package
In preparation for introducing support for the new filesystem-level
keyrings, move the existing user keyring management code from
security/keyring.go and crypto/crypto.go into a new package, 'keyring'.
This package provides functions AddEncryptionKey, RemoveEncryptionKey,
and GetEncryptionKeyStatus which delegate to either the filesystem
keyring (added by a later patch) or to the user keyring. This provides
a common interface to both types of keyrings, to the extent possible.
Diffstat (limited to 'cmd/fscrypt')
| -rw-r--r-- | cmd/fscrypt/errors.go | 6 | ||||
| -rw-r--r-- | cmd/fscrypt/flags.go | 4 |
2 files changed, 5 insertions, 5 deletions
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 288e697..ed57dbe 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -34,8 +34,8 @@ import ( "github.com/google/fscrypt/actions" "github.com/google/fscrypt/crypto" "github.com/google/fscrypt/filesystem" + "github.com/google/fscrypt/keyring" "github.com/google/fscrypt/metadata" - "github.com/google/fscrypt/security" "github.com/google/fscrypt/util" ) @@ -94,11 +94,11 @@ func getErrorSuggestions(err error) string { needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 systems (and the risks of doing so).` - case security.ErrSessionUserKeying: + case keyring.ErrSessionUserKeying: return `This is usually the result of a bad PAM configuration. Either correct the problem in your PAM stack, enable pam_keyinit.so, or run "keyctl link @u @s".` - case security.ErrAccessUserKeyring: + case keyring.ErrAccessUserKeyring: return fmt.Sprintf(`You can only use %s to access the user keyring of another user if you are running as root.`, shortDisplay(userFlag)) diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index 16a75dc..2eea8de 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -33,7 +33,7 @@ import ( "github.com/urfave/cli" "github.com/google/fscrypt/actions" - "github.com/google/fscrypt/security" + "github.com/google/fscrypt/keyring" "github.com/google/fscrypt/util" ) @@ -300,7 +300,7 @@ func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) { } if checkKeyring { - _, err = security.UserKeyringID(targetUser, true) + _, err = keyring.UserKeyringID(targetUser, true) } return targetUser, err } |