routine

package
v0.0.0-...-7eb09aa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2021 License: GPL-3.0 Imports: 16 Imported by: 1

Documentation

Overview

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

Index

Constants

View Source 
const (
	DM_NAME_PREFIX                = "cryptctl-unlocked-"
	SRC_DIR_NEW_NAME_PREFIX       = "cryptctl-moved-"
	MSG_E_ILLEGAL_PATH            = "Please specify absolute directory/file path in all path parameters"
	MSG_E_SRC_DIR_MOUNT_NOT_FOUND = "Failed to determine the mount point of directory \"%s\"."
	MSG_E_ENCRYPT_DISK_NOT_FOUND  = "Cannot find disk \"%s\". See output of \"lsblk\" command to determine available disks."
	MSG_E_MOUNT_UNDERNEATH        = "" /* 135-byte string literal not displayed */
	MSG_E_ENC_ALREADY_OPEN        = "The disk to encrypt (\"%s\") is being actively used as an encrypted disk (\"%s\"), please destroy its data and try again."
	MSG_E_CALC_DIR_SIZE           = "Failed to calculate size of directory \"%s - %v"
	MSG_E_DISK_TOO_SMALL          = "Disk \"%s\" is too small to hold encrypted data. It should have at least %d MBytes in capacity."
	MSG_E_WALK_PROC               = "Failed to inspect running processes - %v"
	MSG_E_SRC_DIR_NESTED_IN_DISK  = "The directory to encrypt \"%s\" is located on disk \"%s\". Please choose a different disk to be the encrypted disk."
	MSG_E_SAP_RUNNING             = "You appear to be encrypting an SAP directory, but an SAP process (\"%s\") is still running, please shut it down."
	MSG_E_ENC_REMOTE_FS           = "\"%s\" appear to be a remote file system (e.g. NFS or CIFS), but this utility can only encrypt local file systems."
	MSG_STEP_1                    = "\n1. Completely erase disk \"%s\" and install encryption key on it.\n"
	MSG_STEP_2                    = "\n2. Copy data from \"%s\" into the disk.\n"
	MSG_STEP_3                    = "\n3. Announce the encrypted disk to key server \"%s\".\n"
	MSG_E_MKDIR                   = "Failed to make directory \"%s\" - %v"
	MSG_E_RENAME_DIR              = "Failed to rename directory \"%s\" into \"%s\" - %v"
	MSG_E_NO_DEV_INFO             = "Failed to retrieve block device information of \"%s\""
	MSG_E_RPC_KEY_CREATE          = "Failed to create an encryption key: %v"
	MSG_OK_CONGRATS               = "" /* 141-byte string literal not displayed */
)
View Source 
const (
	AUTO_UNLOCK_RETRY_INTERVAL_SEC = 5
	REPORT_ALIVE_INTERVAL_SEC      = 10
)
View Source 
const (
	BIN_OPENSSL = "/usr/bin/openssl"
)

Variables

This section is empty.

Functions

func AutoOnlineUnlockFS 

func AutoOnlineUnlockFS(progressOut io.Writer, client *keyserv.CryptClient, uuid string, maxRetrySec int64) error

Make continuous attempts to retrieve encryption key from key server to unlock a file system specified by the UUID. If maxRetrySec is zero or negative, then only one attempt will be made to unlock the file system.

func EncryptFS 

func EncryptFS(progressOut io.Writer, client *keyserv.CryptClient,
	password, srcDir, encDisk string,
	keyMaxActive, keyAliveIntervalSec, keyAliveCount int) (string, error)

Set up encryption on a file system using a randomly generated key and upload the key to key server. Return UUID of now encrypted block device and any error encountered during the routine.

func EncryptFSPreCheck 

func EncryptFSPreCheck(srcDir, encDisk string) error

Validate all pre-conditions for setting up encryption on the disk.

func EraseKey 

func EraseKey(progressOut io.Writer, client *keyserv.CryptClient, password, uuid string) error

Erase encryption metadata on the specified disk, and then ask server to erase its key. This process renders all data on the disk irreversibly lost.

func GenerateSelfSignedCertificate 

func GenerateSelfSignedCertificate(commonName, certFilePath, keyFilePath string) error

Invoke openssl command to make a self-signed certificate for this host.

func MakeDeviceMapperName 

func MakeDeviceMapperName(devName string) string

Return a computed mapper device name from a crypto device name.

func MakeUUID 

func MakeUUID() string

Create a new UUID.

func ManOnlineUnlockFS 

func ManOnlineUnlockFS(progressOut io.Writer, client *keyserv.CryptClient, password string) error

Forcibly unlock all file systems that have their keys on a key server.

func ReportAlive 

func ReportAlive(progressOut io.Writer, client *keyserv.CryptClient, uuid string) error

Continuously send alive reports to server to indicate that this computer is still holding onto the encrypted disk. Block caller until the program quits or server rejects this computer.

func UnlockFS 

func UnlockFS(progressOut io.Writer, rec keydb.Record, maxAttempts int) error

Unlock a single file systems using a key record file.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.