| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Now the testing functions will skip the integration tests if a testing
filesystem is not specified.
|
|
|
|
Fixing fscrypt build system
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The commit reorganizes the Makefile, so that "make check" can run on
each PR to detect any errors.
|
|
Add PAM package
|
|
The commit changes how we get the username representation, and uses the
new pam API for checking the proposed login token.
|
|
|
|
This commit provides a Go interface to the PAM functions.
|
|
This commit adds in a C implementation for the pam_conv we will use in
login.go as well as adding three CleanupFuncs that will be used with
pam_set_data(). It also adds copyInfoSecret() which should be paired
with freeSecret().
|
|
|
|
Code pulled from github.com/msteinert/pam
|
|
|
|
Refactor ReadLine functions
|
|
|
|
|
|
Separate encryption support from metadata support
|
|
Now that we can distinguish between lacking encryption support and
lacking fscrypt metadata, "fscrypt status" can now display this
additional information.
|
|
Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.
|
|
This commit splits two pieces of functionality. Detecting if the fscrypt
metadata exists is now in CheckSetup() and checking if the filesystem
supports encryption is now in CheckSupport().
|
|
Polices can now be directly unlocked with Protectors
|
|
|
|
In addition to using callbacks, unlocked Protectors can now directly
unlock a policy. The error codes are updated to make more sense.
|
|
Use Description when placing keys in the keyring
|
|
|
|
Instead of using the service+descriptor parameters (which are always
combined in the same way), use a single description parameter.
|
|
Bug fixing for "fscrypt encrypt"
|
|
Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.
|
|
During an earlier commit the vendor directory was self-referencing
various "fscrypt/<pkg>" packages. This no longer occurs.
|
|
Version now uses git tags and releases
|
|
|
|
|
|
Cleanup README.md
|
|
|
|
Some of the documentation was misspelled or incorrectly formatted.
|
|
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.
Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).
Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
|
|
This commit updates the README and Makefile to get them ready for
external release. This includes adding some common pitfalls, including
example usage, and allowing for tarball creation.
Change-Id: I442338c7aff613a14bae449dbf091bfcaf73ed9d
|
|
This commit adds in the "fscrypt metadata add-protector-to-policy" and
the "fscrypt metadata remove-protector-from-policy" subcommands. These
commands allow for the creating of policies protected by multiple
protectors.
Change-Id: Id7e6c057448d15757c838a82d487a1b9806f585d
|
|
This command adds in the "fscrypt metadata" command. This command allows
advanced users to manipulate the metadata directly instead of just
creating a policy or protector as an option when encrypting a directory.
As some of these methods will require certain flags, error handling for
this case is also added. As the change passphrase method must indicate
when a old vs new password is necessary, additional KeyFuncs are added
which add this indicator.
Change-Id: Ibc92872088fae078df3c0eebd4f0cfcb7252d781
|
|
This commit adds in the status command, which has 2 functions, allowing
the user to query the state of the entire system or a specific
filesystem.
This commit also adds in the purge command to remove all policy keys
corresponding to a filesystem. This (along with getting the unlock
status for the status commands) uses additional keyctl functionality in
the crypto and actions packages.
Change-Id: Ic8e097b335c044c0b91973eff19753f363f4525d
|
|
This commit adds in the framework for adding commands and subcommands to
the fscrypt tool. This commit adds in the "setup", "encrypt", and
"unlock" commands. Additional information can be found by running:
fscrypt <command> --help.
This commit defines how flags are parsed and errors are handled. It also
creates an extensible framework for prompting the user for information.
Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce
|
|
This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.
This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.
This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.
Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8
|
