Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add keyfile option to mount #241

Merged
merged 14 commits into from Feb 22, 2024
Merged

Add keyfile option to mount #241

merged 14 commits into from Feb 22, 2024

Conversation

RlndVt
Copy link

@RlndVt RlndVt commented Feb 21, 2024

As discussed in #211; add a optional flag to specify a key file

  • Add key_file option to Cli
  • Rework decryption flow logic to first attempt key_file
  • Read password from file and pass to decrypt_master_key

Explicity specify '-k' for key_location

Tag @oz123

@RlndVt
Fix line check
466802d 
Output has become much more verbose:

mounting version 1.6: btree_subvolume_children opts=ro,errors=continue,degraded,nochanges,norecovery,read_only
recovering from clean shutdown, journal seq 9
alloc_read... done
stripes_read... done
snapshots_read... done
u64s 16 type inode_v3 0:4096:U32_MAX len 0 ver 0:   mode=40755
  flags= (16300000)
  journal_seq=1
  bi_size=0
  bi_sectors=0

  bi_version=0bi_atime=90363614
  bi_ctime=91363625
  bi_mtime=91363625
  bi_otime=90363614
  bi_uid=0
  bi_gid=0
  bi_nlink=1
  bi_generation=0
  bi_dev=0
  bi_data_checksum=0
  bi_compression=0
  bi_project=0
  bi_background_compression=0
  bi_data_replicas=0
  bi_promote_target=0
  bi_foreground_target=0
  bi_background_target=0
  bi_erasure_code=0
  bi_fields_set=0
  bi_dir=0
  bi_dir_offset=0
  bi_subvol=1
  bi_parent_subvol=0
  bi_nocow=0

u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0:   mode=40700
  flags= (15300000)
  journal_seq=1
  bi_size=0
  bi_sectors=0

  bi_version=0bi_atime=91363625
  bi_ctime=91363625
  bi_mtime=91363625
  bi_otime=91363625
  bi_uid=0
  bi_gid=0
  bi_nlink=0
  bi_generation=0
  bi_dev=0
  bi_data_checksum=0
  bi_compression=0
  bi_project=0
  bi_background_compression=0
  bi_data_replicas=0
  bi_promote_target=0
  bi_foreground_target=0
  bi_background_target=0
  bi_erasure_code=0
  bi_fields_set=0
  bi_dir=4096
  bi_dir_offset=453699834857023875
  bi_subvol=0
  bi_parent_subvol=0
  bi_nocow=0

Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Fix dirent test: lines have changed
0728677 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt RlndVt force-pushed the feature/add_keyfile_option_to_mount branch from 05f7c83 to 7ee83af Compare February 22, 2024 07:15
@RlndVt
Copy link
Author

RlndVt commented Feb 22, 2024

@koverstreet Added signed-of-by

@RlndVt
Copy link
Author

RlndVt commented Feb 22, 2024

I also think the code needs some nomenclature clean-up: key & password are used interchangeably and I think some cohesion would be benificial.

My suggestion would be to use key for the on disk master key, and the fs encryption/decryption; and password for the unlocking of the master key. That would result in the flow:

Password -> unlocks -> key -> decrypts -> filesystem.

If you agree I'll add/redo some work to align with this idea.

@RlndVt RlndVt force-pushed the feature/add_keyfile_option_to_mount branch from 23cc39e to 4155ae4 Compare February 22, 2024 07:41
@RlndVt
Refactor ask_for_key to call new decrypt_master_key
86049a1 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Add fmt::Display for KeyLocation
0ff96b2 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Add decryption by key_file
d67643f 
- Add key_file option to Cli
- Rework decryption flow logic to first attempt key_file
- Read password from file and pass to decrypt_master_key

Explicity specify '-k' for key_location

Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Remove unnecessary brackets
911c532 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Rephrase help message
b7c4399 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Rename sbs to block_devices_to_mount
46ed724 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Typo
ceb259b 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Rename KeyLocation to more appropriate KeyPolicy
37c0ae2 
Also key_location to key_policy

Improve help description key policy

Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Rename password{,_policy}
ceb9eaa 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Rename sb to block_device
eaf5575 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Improve error message
b582c9b 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt
Replace 7 spaces and a tab with a tab.
8a800c6 
Signed-off-by: Roland Vet <RlndVt@protonmail.com>
@RlndVt RlndVt force-pushed the feature/add_keyfile_option_to_mount branch from 4155ae4 to 8a800c6 Compare February 22, 2024 20:12
@koverstreet koverstreet merged commit 8a800c6 into koverstreet:master Feb 22, 2024
@RlndVt RlndVt deleted the feature/add_keyfile_option_to_mount branch February 23, 2024 09:27
This was referenced Apr 11, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@RlndVt @koverstreet