From ae886a89f541a74255c9a41f7fa504a82ee6413e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 17 Mar 2020 21:10:58 -0700 Subject: Simplify choosing the key description prefix There's no real need to allow users to choose the key description prefix (a.k.a. the "service"), since on ext4 and f2fs we can just use "ext4" and "f2fs" for compatibility with all kernels both old and new, and on other filesystems we can just use "fscrypt". So, let's do that. Since this removes the point of the "--legacy" option to 'fscrypt setup' and the "compatibility" field in /etc/fscrypt.conf, remove those too. Specifically, we start ignoring the "compatibility" in existing config files and not writing it to new ones. The corresponding protobuf field number and name are reserved. We stop accepting the "--legacy" option at all, although since it was default true and there was no real reason for anyone to change it to false, probably no one will notice. If anyone does, they should just stop specifying the option. Note that this change only affects user keyrings and thus only affects v1 encryption policies, which are deprecated in favor of v2 anyway. --- cmd/fscrypt/commands.go | 2 +- cmd/fscrypt/flags.go | 8 +------- cmd/fscrypt/format.go | 7 +++---- cmd/fscrypt/setup.go | 2 +- 4 files changed, 6 insertions(+), 13 deletions(-) (limited to 'cmd/fscrypt') diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 4a59d30..f84102e 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -62,7 +62,7 @@ var Setup = cli.Command{ the README). This may require root privileges.`, mountpointArg, actions.ConfigFileLocation, shortDisplay(timeTargetFlag)), - Flags: []cli.Flag{timeTargetFlag, legacyFlag, forceFlag}, + Flags: []cli.Flag{timeTargetFlag, forceFlag}, Action: setupAction, } diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index ce2f30e..9679a8d 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -114,7 +114,7 @@ var ( // UPDATE THIS ARRAY WHEN ADDING NEW FLAGS!!! // TODO(joerichey) add presubmit rule to enforce this allFlags = []prettyFlag{helpFlag, versionFlag, verboseFlag, quietFlag, - forceFlag, legacyFlag, skipUnlockFlag, timeTargetFlag, + forceFlag, skipUnlockFlag, timeTargetFlag, sourceFlag, nameFlag, keyFileFlag, protectorFlag, unlockWithFlag, policyFlag, allUsersFlag, noRecoveryFlag} // universalFlags contains flags that should be on every command @@ -148,12 +148,6 @@ var ( WARNING: This bypasses confirmations for protective operations, use with care.`), } - legacyFlag = &boolFlag{ - Name: "legacy", - Usage: `Allow for support of older kernels with ext4 (before - v4.8) and F2FS (before v4.6) filesystems.`, - Default: true, - } skipUnlockFlag = &boolFlag{ Name: "skip-unlock", Usage: `Leave the directory in a locked state after setup. diff --git a/cmd/fscrypt/format.go b/cmd/fscrypt/format.go index 48a5a86..cc268aa 100644 --- a/cmd/fscrypt/format.go +++ b/cmd/fscrypt/format.go @@ -98,11 +98,10 @@ func shortDisplay(f prettyFlag) string { // // --help Prints help screen for commands and subcommands. // -// If a default is specified, this if appended to the usage. Example: +// If a default is specified, then it is appended to the usage. Example: // -// --legacy Allow for support of older kernels with ext4 -// (before v4.8) and F2FS (before v4.6) filesystems. -// (default: true) +// --time=TIME Calibrate passphrase hashing to take the +// specified amount of TIME (default: 1s) // func longDisplay(f prettyFlag, defaultString ...string) string { usage := f.GetUsage() diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go index 69787bb..328788a 100644 --- a/cmd/fscrypt/setup.go +++ b/cmd/fscrypt/setup.go @@ -51,7 +51,7 @@ func createGlobalConfig(w io.Writer, path string) error { } fmt.Fprintln(w, "Customizing passphrase hashing difficulty for this system...") - err = actions.CreateConfigFile(timeTargetFlag.Value, legacyFlag.Value) + err = actions.CreateConfigFile(timeTargetFlag.Value) if err != nil { return err } -- cgit v1.2.3