| Age | Commit message (Collapse) | Author |
|---|
|
Otherwise the cli tests fail when executed from GitHub Actions.
|
|
|
|
Now that Travis CI supports a version of Ubuntu that has a kernel that
supports v2 encryption policies, upgrade to it and enable the cli tests.
|
|
Set the terminal to raw mode *before* printing the prompt.
Otherwise the user (or the automated test) might enter the
passphrase before the terminal gets put into raw mode.
This is needed for some of the CLI tests to pass reliably in Travis CI.
|
|
Apparently, on some distros 'su' doesn't preserve $PATH. So, manually
export it in the command. Also, ensure that the shell stays as bash.
This is needed for some of the CLI tests to pass in Travis CI.
|
|
On an "incompletely locked" directory, isDirUnlockedHeuristic() is
supposed to return true, but on Linux v5.10-rc1 and later it returns
false since now creating a subdirectory fails rather than succeeds.
This change was intentional, so make isDirUnlockedHeuristic() apply a
second heuristic too: also return true if any filenames in the directory
don't appear to be valid no-key names.
This fixes cli-tests/t_v1_encrypt on Linux v5.10-rc1 and later.
|
|
|
|
|
|
Ubuntu's PAM configuration framework only recognizes files in /usr, not
/usr/local. So for installs from source, unfortunately we have to
recommend installing to /usr, despite this not being conventional.
Resolves https://github.com/google/fscrypt/issues/240
|
|
|
|
Adjust status message for v1 policies unlocked by another user and fix cli-tests/t_v1_policy
|
|
When 'fscrypt status DIR' detects that a v1-encrypted directory is still
usable but its key seems to be absent, it shows the status as
"Unlocked: Partially (incompletely locked)". But actually it can also
be the case that the directory is unlocked by another user. Adjust the
status message accordingly.
This commit also fixes cli-tests/t_v1_policy.
|
|
The test user's user keyring is still linked into root's user keyring at
the end of the test. This is making the test flaky, as there is a
failure that only occurs the first time it is run. Fix the test to
restore the initial state. This makes it consistently fail (to be fixed
by the next commit).
|
|
* cmd/fscrypt: fix 32-bit build
* travis.yml: build 32-bit binary
|
|
statfs.Bsize actually has platform-dependent type, despite the Go
documentation listing it as int64. Fix the build for 32-bit platforms
by casting it to int64.
Resolves https://github.com/google/fscrypt/issues/233
|
|
Don't let people check in code that breaks 32-bit builds.
Update https://github.com/google/fscrypt/issues/233
|
|
|
|
Use %q, in case the paths contain whitespace. Also clean the directory
path to remove trailing slashes before appending the ".new" suffix.
|
|
Update https://github.com/google/fscrypt/issues/220
|
|
Explicitly mention that "fscrypt" here means the userspace tool, not the
kernel part. Also write `fscrypt` in code font to emphasize this.
|
|
|
|
Update https://github.com/google/fscrypt/issues/220
|
|
Update https://github.com/google/fscrypt/issues/220
|
|
This fixes link error with gcc 10 which defaults to -fno-common
|
|
Improve error messages and suggestions
|
|
In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.
Also improve the error message for when a directory is nonempty.
Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.
|
|
This isn't actually a valid error since crypto.NewKeyFromReader()
handles re-allocating the buffer to a larger size if it fills up.
|
|
Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them. Then make
these errors show much better suggestions.
Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context. Fix backwards
wrapping in lots of cases.
Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.
|
|
ErrBadOwners:
Rename to ErrDirectoryNotOwned for clarity, move it from
cmd/fscrypt/ to metadata/ where it better belongs, and improve
the message.
ErrEncrypted:
Rename to ErrAlreadyEncrypted for clarity, and include the path.
ErrNotEncrypted:
Include the path.
ErrBadEncryptionOptions:
Include the path and bad options.
ErrEncryptionNotSupported:
ErrEncryptionNotEnabled:
Don't wrap with "get encryption policy %s", in preparation for
wrapping these with filesystem-level context instead.
Also avoid mixing together the error handling for the "get policy" and
"set policy" ioctls. Make it very clear how we're handling the errors
from each ioctl.
|
|
ErrAccessUserKeyring:
Include the user, and fix the backwards wrapping.
ErrSessionUserKeyring:
Include the user.
ErrKeyAdd:
ErrKeyRemove:
ErrKeySearch:
ErrLinkUserKeyring:
Replace these with one-off unnamed errors because they are
never checked for, and this makes it easier for the callers to
provide better messages, e.g. fixing the backwards wrapping.
|
|
ErrKeyLock:
Rename to ErrMlockUlimit for clarity.
ErrGetrandomFail:
ErrKeyAlloc:
ErrKeyFree:
ErrNegativeLength:
Replace these with one-off unnamed errors because these were all
returned in only one place and were never checked for. Also
these were all either wrapped backwards or discarded an
underlying error, so fix that too.
|
|
ErrMissingPolicyMetadata:
Include the mount, directory path, and metadata path. Also move
the explanation into actions/ since it doesn't refer to any CLI
command.
ErrPolicyMetadataMismatch:
Include a lot more information. Also start checking for
consistency of the policy key descriptors, not just the
encryption options. Add a test for this.
ErrDifferentFilesystem:
Include the mountpoints.
ErrOnlyProtector:
Clarify the message and include the protector descriptor.
ErrAlreadyProtected:
ErrNotProtected:
Include the policy and protector descriptors.
ErrAccessDeniedPossiblyV2:
Make it slightly clearer what failed. Also move the explanation
into actions/ since it doesn't refer to any CLI command.
|
|
ErrProtectorName:
Rename to ErrLoginProtectorName for clarity, and include the
name and user.
ErrMissingProtectorName:
Include the correct protector source.
ErrDuplicateName:
Rename to ErrProtectorNameExists for clarity, and remove a level
of wrapping by including the name directly.
ErrDuplicateUID:
Rename to ErrLoginProtectorExists for clarity, and remove a
level of wrapping by including the user directly.
|
|
ErrBadConfig:
Fix backwards wrapping, include the bad config, and make it
clear that this is an internal error.
ErrBadConfigFile:
Fix backwards wrapping, include the config file location, and
adjust the suggestion slightly.
ErrConfigFileExists:
Include the config file location.
ErrNoConfigFile:
Include the config file location, and adjust the suggestion
slightly.
|
|
Allow the input text to contain "code blocks" denoted by lines beginning
with ">", e.g.:
Foo bar baz:
> echo foo
> echo bar
Instead of squashing these lines together, preserve the line breaks
between them and add indentation, e.g.:
Foo bar baz:
echo foo
echo bar
|
|
Try to detect incomplete locking of v1-encrypted directory
|
|
'fscrypt lock' on a v1-encrypted directory doesn't warn about in-use
files, as the kernel doesn't provide a way to easily detect it.
Instead, implement a heuristic where we check whether a subdirectory can
be created. If yes, then the directory must not be fully locked.
Make both 'fscrypt lock' and 'fscrypt status' use this heuristic.
Resolves https://github.com/google/fscrypt/issues/215
|
|
KEYCTL_INVALIDATE has complicated semantics: it doesn't remove the key
from the keyring right away but rather marks it as being invalidated,
and then removes it asynchronously. This nondeterministically breaks
the heuristic I'm implementing to detect v1-encrypted directories being
incompletely locked.
Instead, switch to KEYCTL_UNLINK, which has simpler semantics.
Note that Android uses KEYCTL_UNLINK too.
|
|
Add tests for command-line interface
Add tests that directly test the fscrypt command-line tool.
See cli-tests/README.md for information about the test framework.
The following test scripts are included:
* t_change_passphrase
* t_encrypt_custom
* t_encrypt_login
* t_encrypt_raw_key
* t_encrypt
* t_lock
* t_not_enabled
* t_not_supported
* t_passphrase_hashing
* t_setup
* t_status
* t_unlock
* t_v1_policy_fs_keyring
* t_v1_policy
Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.
|
|
Test using v1 encryption policies (deprecated) with
use_fs_keyring_for_v1_policies = true.
|
|
Test using v1 encryption policies (deprecated).
|
|
Test unlocking a directory.
|
|
Test getting global, filesystem, and unencrypted directory status when
the filesystem is or isn't set up for fscrypt.
|
|
Test 'fscrypt setup'.
|
|
Test that the passphrase hashing seems to take long enough.
|
|
Test that fscrypt fails when the filesystem doesn't support encryption.
|
|
Test that fscrypt fails when the filesystem doesn't have the encrypt
feature enabled. Then test enabling it.
|
|
Test locking a directory.
|
|
Test encrypting a directory using a raw_key protector.
|
|
Test encrypting a directory using a login (pam_passphrase) protector.
|
