| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
According to the MSRV in Cargo.toml, we can use this now.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
This requires something other than literally zero code to replace, but
is another opportunity to deny packagers the fun of experimenting with
replacing crate versions with incompatible patched crate versions.
|
|
This would allow to supply the password via the plymouth password input.
If systemd-ask-password does not exist or fails to start, falls back to
the old-style password request.
Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
|
|
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
because rpassword unconditionally open()s /dev/tty, it fails with ENXIO
on the console without workarounds like busybox's cttyhack. in contrast,
bcachefs unlock works fine on console, so change the passphrase prompt
logic in mount to be closer to what it is in unlock.
Signed-off-by: Lauri Tirkkonen <lauri@hacktheplanet.fi>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
We already can check if an fs is encrypted with `bcachefs unlock -c`.
With this option we can now instead check if we have a key but not
actually mount by not specifying a mount point. e.g.
```sh
if bcachefs mount -k fail "$blkdev"`; then
echo "device is unlocked!"
fi
```
Not sure what the original intent for this was. For scenarios where
encryption is simply not supported on principle?
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
This is more similar to the existing C code, which is already in nice
small chunks.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
This changes the semantics of some arguments related to unlocking and
slightly changes the unlocking logic. Also update help formatting/text.
Instead of defaulting to `UnlockPolicy::Ask`, the argument becomes
optional. That means if it is specified, the user really wants that
specific policy. Similar to how `passphrase_file` also works.
This also extends `UnlockPolicy` to override `isatty` detection.
Fixes: #292
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
We lose that bit of info but it's weird to require a parameter simply
because we want to use it for a log message.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
The keyctl_search() C function returns a long, which is already
reflected in the KeyHandle._id type. The search_keyring() helper
function currently returns a Result<i64>, which breaks 32-bit builds for
e.g. armv7l:
error[E0308]: mismatched types
--> src/key.rs:121:16
|
121 | Ok(key_id)
| -- ^^^^^^ expected `i64`, found `i32`
| |
| arguments to this enum variant are incorrect
...
error[E0308]: mismatched types
--> src/key.rs:135:24
|
135 | _id: id,
| ^^ expected `i32`, found `i64`
Fix this by changing search_keyring() to return a Result<c_long>.
Fixes: f72ded6a ("fix(key): search for key in all relevant keyrings")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Previously, using `bcachefs unlock -k session` would still cause mount
to ask for a passphrase.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
To match the behavior of the C code and because there may be newlines
under some conditions.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
It's kind of stupid to use this macro if we have to deref the parameter
first. I was too enthusiastic about using this macro instead of `as`
because it's nicer to read (imo).
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Prefer using `ptr::addr_of!()` and `pointer::cast()` instead of raw `as`
where clippy complains and other type casting lints.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
- Introduce `KeyHandle` and `Passphrase` types
- Refactor the functions into associated functions
- Add `zeroizing` crate to handle passphrase memory safely
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Note that we're using struct/enum align options, which require nightly.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
let's always first check if there is already a key in the keyring
available before we try to get the key from some more involved means.
Fixes: #261
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Also key_location to key_policy
Improve help description key policy
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
- Add key_file option to Cli
- Rework decryption flow logic to first attempt key_file
- Read password from file and pass to decrypt_master_key
Explicity specify '-k' for key_location
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
is_terminal() is part of rust 1.70 std, no need for isatty
Signed-off-by: Alexander Fougner <fougner89@gmail.com>
|
|
Including a tiny API change.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
This moves the Rust sources out of rust_src/ and into the top level.
Running the bcachefs executable out of the development tree is now:
$ ./target/release/bcachefs command
or
$ cargo run --profile release -- command
instead of "./bcachefs command".
Building and installing is still:
$ make && make install
Signed-off-by: Thomas Bertschinger <tahbertschinger@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
