From bc9f5e542745f102de70ade555114eb28591fcd1 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 13 May 2020 19:14:13 -0700 Subject: [PATCH] cmd/fscrypt: link to guide when interactively creating login protector (#225) Update https://github.com/google/fscrypt/issues/220 --- cli-tests/t_encrypt_login.out | 5 +++++ cmd/fscrypt/protector.go | 16 +++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/cli-tests/t_encrypt_login.out b/cli-tests/t_encrypt_login.out index e8e0e41..0d77799 100644 --- a/cli-tests/t_encrypt_login.out +++ b/cli-tests/t_encrypt_login.out @@ -37,6 +37,11 @@ The following protector sources are available: 2 - A custom passphrase (custom_passphrase) 3 - A raw 256-bit key (raw_key) Enter the source number for the new protector [2 - custom_passphrase]: 1 + +IMPORTANT: Before continuing, ensure you have properly set up your system for + login protectors. See + https://github.com/google/fscrypt#setting-up-for-login-protectors + Enter login passphrase for fscrypt-test-user: Protector is on a different filesystem! Generate a recovery passphrase (recommended)? [Y/n] y See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions! diff --git a/cmd/fscrypt/protector.go b/cmd/fscrypt/protector.go index 6d35d9e..ac864dd 100644 --- a/cmd/fscrypt/protector.go +++ b/cmd/fscrypt/protector.go @@ -21,6 +21,7 @@ package main import ( + "fmt" "log" "github.com/google/fscrypt/actions" @@ -38,9 +39,18 @@ func createProtectorFromContext(ctx *actions.Context) (*actions.Protector, error } log.Printf("using source: %s", ctx.Config.Source.String()) - if ctx.Config.Source == metadata.SourceType_pam_passphrase && - userFlag.Value == "" && util.IsUserRoot() { - return nil, ErrSpecifyUser + if ctx.Config.Source == metadata.SourceType_pam_passphrase { + if userFlag.Value == "" && util.IsUserRoot() { + return nil, ErrSpecifyUser + } + if !quietFlag.Value { + fmt.Print(` +IMPORTANT: Before continuing, ensure you have properly set up your system for + login protectors. See + https://github.com/google/fscrypt#setting-up-for-login-protectors + +`) + } } name, err := promptForName(ctx) -- 2.39.5