Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fscryptctl: add new package #25716

Closed
wants to merge 1 commit into from
Closed

Conversation

graysky2
Copy link
Contributor

@graysky2 graysky2 commented Jan 9, 2025

Fscryptctl is mainly intended for embedded systems which can't use the full-featured fscrypt tool, or for testing or experimenting with the kernel interface to Linux filesystem encryption.

This could be a better option vs fscrypt when use cases are on embedded devices since it is more light-weight.

Upstream url: https://github.com/google/fscrypt/blob/master/README.md

Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712

Maintainer: me

Fscryptctl is mainly intended for embedded systems which can't use the
full-featured fscrypt tool, or for testing or experimenting with the
kernel interface to Linux filesystem encryption.

This could be a better option vs fscrypt when use cases are on embedded
devices since it is more light-weight.

Upstream url: https://github.com/google/fscrypt/blob/master/README.md

Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712

Signed-off-by: John Audia <[email protected]>
@Rondom
Copy link
Contributor

Rondom commented Jan 9, 2025

I will test and review tomorrow

Copy link
Contributor

@Rondom Rondom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments already. I will try to test tomorrow

PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=192e25733006b05592fd87038a3a51a014db22f462ce0b24d47c30e66d03ea2c

PKG_LICENSE:=Apache
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apache-2.0. See https://spdx.org/licenses/


PKG_LICENSE:=Apache
PKG_LICENSE_FILES:=LICENSE
PKG_CPE_ID:=cpe:/a:google:fscryptctl
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where did you get this CPE Id from? I cannot find it at https://nvd.nist.gov/products/cpe/search

PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the trailing ? intentional? If so, what is it for?

CATEGORY:=Utilities
SUBMENU:=Encryption
TITLE:=A tool that handles keys and manages policies for Linux filesystem encryption
URL:='https://github.com/google/fscryptctl'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove single quotes

Comment on lines +42 to +44
MAKE_FLAGS += \
CFLAGS="$(TARGET_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you elaborate why this is needed? What is going wrong when you remove this line? I would expect CFLAGS und LDFLAGS to be already set to TARGET_CFLAGS and TARGET_LDFLAGS by MAKE_VARS

Comment on lines +7 to +8
-all:fscryptctl fscryptctl.1
+all:fscryptctl
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you do not need to keep maintaining this patch if you set MAKE_FLAGS := fscryptctl in the Makefile instead.

@@ -0,0 +1,51 @@
include $(TOPDIR)/rules.mk
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this Makefile need a license, similar to other package Makefiles in this repo? (SPDX line)

PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/google/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with #25706 (comment), better not use the variable in the URL

@graysky2
Copy link
Contributor Author

Based on @BKPepe's comments here and quoted below, I am closing this PR.

Choose which one do you really need - if this one or #25716, because I can not accept such packages, if there is a lot of unmaintained packages already and we dont have simply manpower to handle this.

@graysky2 graysky2 closed this Jan 17, 2025
@Rondom
Copy link
Contributor

Rondom commented Jan 21, 2025

I have tested this and it works on ramips / mt7621. It requires kernel CONFIG_FS_ENCRYPTION to be enabled and the corresponding kmod-crypto-* algorithm modules to be enabled. See my comment in the other PR about the dependencies #25706 (comment)

# KEY_DESC=$(printf "eab78c9e9ff025ce2564ede9b94827d1b6de4be174d8c88e72b3caeaf4d1bd0c" | fscryptctl add_key /overlay/)
# rm -rf /overlay/test && mkdir /overlay/test
# fscryptctl set_policy "$KEY_DESC" /overlay/test
# echo foo > /overlay/test/bar
# fscryptctl get_policy /overlay/test/
Encryption policy for /overlay/test/:
        Policy version: 2
        Master key identifier: 62323549515cada2796b18810e7873c4
        Contents encryption mode: AES-256-XTS
        Filenames encryption mode: AES-256-CTS
        Flags: PAD_32
        Data unit size: default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants