Age | Commit message (Collapse) | Author |
|
We already can check if an fs is encrypted with `bcachefs unlock -c`.
With this option we can now instead check if we have a key but not
actually mount by not specifying a mount point. e.g.
```sh
if bcachefs mount -k fail "$blkdev"`; then
echo "device is unlocked!"
fi
```
Not sure what the original intent for this was. For scenarios where
encryption is simply not supported on principle?
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
This is more similar to the existing C code, which is already in nice
small chunks.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
This changes the semantics of some arguments related to unlocking and
slightly changes the unlocking logic. Also update help formatting/text.
Instead of defaulting to `UnlockPolicy::Ask`, the argument becomes
optional. That means if it is specified, the user really wants that
specific policy. Similar to how `passphrase_file` also works.
This also extends `UnlockPolicy` to override `isatty` detection.
Fixes: #292
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
We lose that bit of info but it's weird to require a parameter simply
because we want to use it for a log message.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
The keyctl_search() C function returns a long, which is already
reflected in the KeyHandle._id type. The search_keyring() helper
function currently returns a Result<i64>, which breaks 32-bit builds for
e.g. armv7l:
error[E0308]: mismatched types
--> src/key.rs:121:16
|
121 | Ok(key_id)
| -- ^^^^^^ expected `i64`, found `i32`
| |
| arguments to this enum variant are incorrect
...
error[E0308]: mismatched types
--> src/key.rs:135:24
|
135 | _id: id,
| ^^ expected `i32`, found `i64`
Fix this by changing search_keyring() to return a Result<c_long>.
Fixes: f72ded6a ("fix(key): search for key in all relevant keyrings")
Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Previously, using `bcachefs unlock -k session` would still cause mount
to ask for a passphrase.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
To match the behavior of the C code and because there may be newlines
under some conditions.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
It's kind of stupid to use this macro if we have to deref the parameter
first. I was too enthusiastic about using this macro instead of `as`
because it's nicer to read (imo).
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Prefer using `ptr::addr_of!()` and `pointer::cast()` instead of raw `as`
where clippy complains and other type casting lints.
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
- Introduce `KeyHandle` and `Passphrase` types
- Refactor the functions into associated functions
- Add `zeroizing` crate to handle passphrase memory safely
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Note that we're using struct/enum align options, which require nightly.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
let's always first check if there is already a key in the keyring
available before we try to get the key from some more involved means.
Fixes: #261
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Also key_location to key_policy
Improve help description key policy
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
- Add key_file option to Cli
- Rework decryption flow logic to first attempt key_file
- Read password from file and pass to decrypt_master_key
Explicity specify '-k' for key_location
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
|
|
is_terminal() is part of rust 1.70 std, no need for isatty
Signed-off-by: Alexander Fougner <fougner89@gmail.com>
|
|
Including a tiny API change.
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|
|
This moves the Rust sources out of rust_src/ and into the top level.
Running the bcachefs executable out of the development tree is now:
$ ./target/release/bcachefs command
or
$ cargo run --profile release -- command
instead of "./bcachefs command".
Building and installing is still:
$ make && make install
Signed-off-by: Thomas Bertschinger <tahbertschinger@gmail.com>
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
|