common/encrypt: check that contents encryption is usable

In _require_encryption_policy_support(), when checking whether the
encryption policy is usable, try creating a nonempty file rather
than an empty one.  This ensures that both the contents and
filenames encryption modes are available, rather than just the
filenames mode.

On f2fs this makes generic/549 be correctly skipped, rather than
failed, when run on a kernel built from the latest fscrypt.git tree
with CONFIG_CRYPTO_SHA256=n.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>

diff --git a/common/encrypt b/common/encrypt
index 13098d7fd3e8596decabbb8b66c386060c4fff45..06a56ed92a7dd5cf37a5e5fad2da102dc3c2352f 100644 (file)
--- a/common/encrypt
+++ b/common/encrypt
@@ -98,7 +98,9 @@ _require_encryption_policy_support()
        # without kernel crypto API support.  E.g. a policy using Adiantum
        # encryption can be set on a kernel without CONFIG_CRYPTO_ADIANTUM.
        # But actually trying to use such an encrypted directory will fail.
-       if ! touch $dir/file; then
+       # To reliably check for availability of both the contents and filenames
+       # encryption modes, try creating a nonempty file.
+       if ! echo foo > $dir/file; then
                _notrun "encryption policy '$set_encpolicy_args' is unusable; probably missing kernel crypto API support"
        fi
        $KEYCTL_PROG clear @s