From fb99b37a05696db4ceabb793e5f16727ec854ed1 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Sat, 9 May 2020 14:17:17 -0700
Subject: keyring/user_keyring: switch to KEYCTL_UNLINK

KEYCTL_INVALIDATE has complicated semantics: it doesn't remove the key
from the keyring right away but rather marks it as being invalidated,
and then removes it asynchronously.  This nondeterministically breaks
the heuristic I'm implementing to detect v1-encrypted directories being
incompletely locked.

Instead, switch to KEYCTL_UNLINK, which has simpler semantics.

Note that Android uses KEYCTL_UNLINK too.
---
 keyring/keyring.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'keyring/keyring.go')

diff --git a/keyring/keyring.go b/keyring/keyring.go
index 6623943..fb9cc0e 100644
--- a/keyring/keyring.go
+++ b/keyring/keyring.go
@@ -173,7 +173,7 @@ func GetEncryptionKeyStatus(descriptor string, options *Options) (KeyStatus, err
 	if useFsKeyring {
 		return fsGetEncryptionKeyStatus(descriptor, options.Mount, options.User)
 	}
-	_, err = userFindKey(buildKeyDescription(options, descriptor), options.User)
+	_, _, err = userFindKey(buildKeyDescription(options, descriptor), options.User)
 	if err != nil {
 		return KeyAbsent, nil
 	}
-- 
cgit v1.2.3