| Age | Commit message (Collapse) | Author |
|---|
|
Apparently, on some distros 'su' doesn't preserve $PATH. So, manually
export it in the command. Also, ensure that the shell stays as bash.
This is needed for some of the CLI tests to pass in Travis CI.
|
|
When 'fscrypt status DIR' detects that a v1-encrypted directory is still
usable but its key seems to be absent, it shows the status as
"Unlocked: Partially (incompletely locked)". But actually it can also
be the case that the directory is unlocked by another user. Adjust the
status message accordingly.
This commit also fixes cli-tests/t_v1_policy.
|
|
The test user's user keyring is still linked into root's user keyring at
the end of the test. This is making the test flaky, as there is a
failure that only occurs the first time it is run. Fix the test to
restore the initial state. This makes it consistently fail (to be fixed
by the next commit).
|
|
Use %q, in case the paths contain whitespace. Also clean the directory
path to remove trailing slashes before appending the ".new" suffix.
|
|
Update https://github.com/google/fscrypt/issues/220
|
|
In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.
Also improve the error message for when a directory is nonempty.
Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.
|
|
Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them. Then make
these errors show much better suggestions.
Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context. Fix backwards
wrapping in lots of cases.
Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.
|
|
ErrBadOwners:
Rename to ErrDirectoryNotOwned for clarity, move it from
cmd/fscrypt/ to metadata/ where it better belongs, and improve
the message.
ErrEncrypted:
Rename to ErrAlreadyEncrypted for clarity, and include the path.
ErrNotEncrypted:
Include the path.
ErrBadEncryptionOptions:
Include the path and bad options.
ErrEncryptionNotSupported:
ErrEncryptionNotEnabled:
Don't wrap with "get encryption policy %s", in preparation for
wrapping these with filesystem-level context instead.
Also avoid mixing together the error handling for the "get policy" and
"set policy" ioctls. Make it very clear how we're handling the errors
from each ioctl.
|
|
ErrAccessUserKeyring:
Include the user, and fix the backwards wrapping.
ErrSessionUserKeyring:
Include the user.
ErrKeyAdd:
ErrKeyRemove:
ErrKeySearch:
ErrLinkUserKeyring:
Replace these with one-off unnamed errors because they are
never checked for, and this makes it easier for the callers to
provide better messages, e.g. fixing the backwards wrapping.
|
|
ErrMissingPolicyMetadata:
Include the mount, directory path, and metadata path. Also move
the explanation into actions/ since it doesn't refer to any CLI
command.
ErrPolicyMetadataMismatch:
Include a lot more information. Also start checking for
consistency of the policy key descriptors, not just the
encryption options. Add a test for this.
ErrDifferentFilesystem:
Include the mountpoints.
ErrOnlyProtector:
Clarify the message and include the protector descriptor.
ErrAlreadyProtected:
ErrNotProtected:
Include the policy and protector descriptors.
ErrAccessDeniedPossiblyV2:
Make it slightly clearer what failed. Also move the explanation
into actions/ since it doesn't refer to any CLI command.
|
|
ErrProtectorName:
Rename to ErrLoginProtectorName for clarity, and include the
name and user.
ErrMissingProtectorName:
Include the correct protector source.
ErrDuplicateName:
Rename to ErrProtectorNameExists for clarity, and remove a level
of wrapping by including the name directly.
ErrDuplicateUID:
Rename to ErrLoginProtectorExists for clarity, and remove a
level of wrapping by including the user directly.
|
|
ErrBadConfig:
Fix backwards wrapping, include the bad config, and make it
clear that this is an internal error.
ErrBadConfigFile:
Fix backwards wrapping, include the config file location, and
adjust the suggestion slightly.
ErrConfigFileExists:
Include the config file location.
ErrNoConfigFile:
Include the config file location, and adjust the suggestion
slightly.
|
|
'fscrypt lock' on a v1-encrypted directory doesn't warn about in-use
files, as the kernel doesn't provide a way to easily detect it.
Instead, implement a heuristic where we check whether a subdirectory can
be created. If yes, then the directory must not be fully locked.
Make both 'fscrypt lock' and 'fscrypt status' use this heuristic.
Resolves https://github.com/google/fscrypt/issues/215
|
|
Test using v1 encryption policies (deprecated) with
use_fs_keyring_for_v1_policies = true.
|
|
Test using v1 encryption policies (deprecated).
|
|
Test unlocking a directory.
|
|
Test getting global, filesystem, and unencrypted directory status when
the filesystem is or isn't set up for fscrypt.
|
|
Test 'fscrypt setup'.
|
|
Test that the passphrase hashing seems to take long enough.
|
|
Test that fscrypt fails when the filesystem doesn't support encryption.
|
|
Test that fscrypt fails when the filesystem doesn't have the encrypt
feature enabled. Then test enabling it.
|
|
Test locking a directory.
|
|
Test encrypting a directory using a raw_key protector.
|
|
Test encrypting a directory using a login (pam_passphrase) protector.
|
|
Test encrypting a directory using a custom_passphrase protector.
|
|
Add general tests for 'fscrypt encrypt'. For protector-specific tests,
see t_encrypt_custom, t_encrypt_login, and t_encrypt_raw_key.
|
|
Test changing the passphrase of a custom_passphrase protector.
|
|
Add a framework for writing automated tests of the fscrypt command-line
tool. See cli-tests/README.md for details.
|
