From 66fb4c557644ba2c37951a7568c06c47a6c718a7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: filesystem: improve errors Introduce filesystem.ErrEncryptionNotEnabled and filesystem.ErrEncryptionNotSupported which include the Mount as context, and translate the corresponding metadata/ errors into them. Then make these errors show much better suggestions. Also replace lots of other filesystem/ errors with either custom types or with unnamed one-off errors that include more context. Fix backwards wrapping in lots of cases. Finally, don't include the mountpoint in places where it's not useful, like OS-level errors that already include the path. --- cli-tests/t_not_enabled.out | 51 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 12 deletions(-) (limited to 'cli-tests/t_not_enabled.out') diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out index 760f9dd..4553891 100644 --- a/cli-tests/t_not_enabled.out +++ b/cli-tests/t_not_enabled.out @@ -2,25 +2,52 @@ # Disable encryption on DEV # Try to encrypt a directory when encryption is disabled -[ERROR] fscrypt encrypt: encryption not enabled +[ERROR] fscrypt encrypt: encryption not enabled on filesystem + MNT (DEV). -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Try to unlock a directory when encryption is disabled -[ERROR] fscrypt unlock: encryption not enabled +[ERROR] fscrypt unlock: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Try to lock a directory when encryption is disabled -[ERROR] fscrypt lock: encryption not enabled +[ERROR] fscrypt lock: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. + +# Check for additional message when GRUB appears to be installed +[ERROR] fscrypt encrypt: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +WARNING: you seem to have GRUB installed on this filesystem. Before doing the +above, make sure you are using GRUB v2.04 or later; otherwise your system will +become unbootable. -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Enable encryption on DEV -- cgit v1.2.3