diff options
author | Michael Weiss <dev.primeos@gmail.com> | 2021-02-11 12:36:34 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-11 12:36:34 +0100 |
commit | 7fdadc140ce11aefe028b6d67f8a5f03b153a998 (patch) | |
tree | 6a0931853a9cc2689b0f481191fd15b0c5cf310c /pkgs/os-specific/linux/fscryptctl | |
parent | 3155a9e966ab674f8f228ae0d0f8b7f2de8a3bd5 (diff) | |
download | nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar.gz nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar.bz2 nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar.lz nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar.xz nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.tar.zst nixpkgs-7fdadc140ce11aefe028b6d67f8a5f03b153a998.zip |
fscryptctl: init at 1.0.0 (#112651)
Release notes: https://github.com/google/fscryptctl/releases/tag/v1.0.0 fscryptctl-experimental will remain at version 0.1.0 to ensure a smooth transition.
Diffstat (limited to 'pkgs/os-specific/linux/fscryptctl')
-rw-r--r-- | pkgs/os-specific/linux/fscryptctl/default.nix | 9 | ||||
-rw-r--r-- | pkgs/os-specific/linux/fscryptctl/legacy.nix | 51 |
2 files changed, 55 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/fscryptctl/default.nix b/pkgs/os-specific/linux/fscryptctl/default.nix index ae89cd43f25..bd1b414f4cb 100644 --- a/pkgs/os-specific/linux/fscryptctl/default.nix +++ b/pkgs/os-specific/linux/fscryptctl/default.nix @@ -1,10 +1,8 @@ { lib, stdenv, fetchFromGitHub }: -# Don't use this for anything important yet! - stdenv.mkDerivation rec { pname = "fscryptctl"; - version = "0.1.0"; + version = "1.0.0"; goPackagePath = "github.com/google/fscrypt"; @@ -12,10 +10,10 @@ stdenv.mkDerivation rec { owner = "google"; repo = "fscryptctl"; rev = "v${version}"; - sha256 = "1853hlpklisbqnkb7a921dsf0vp2nr2im26zpmrs592cnpsvk3hb"; + sha256 = "1hwj726mm0yhlcf6523n07h0yq1rvkv4km64h3ydpjcrcxklhw6l"; }; - makeFlags = [ "DESTDIR=$(out)/bin" ]; + makeFlags = [ "PREFIX=${placeholder "out"}" ]; meta = with lib; { description = "Small C tool for Linux filesystem encryption"; @@ -34,6 +32,7 @@ stdenv.mkDerivation rec { documentation for filesystem encryption before using fscryptctl. ''; inherit (src.meta) homepage; + changelog = "https://github.com/google/fscryptctl/releases/tag/v{version}"; license = licenses.asl20; platforms = platforms.linux; maintainers = with maintainers; [ primeos ]; diff --git a/pkgs/os-specific/linux/fscryptctl/legacy.nix b/pkgs/os-specific/linux/fscryptctl/legacy.nix new file mode 100644 index 00000000000..64a409fb58b --- /dev/null +++ b/pkgs/os-specific/linux/fscryptctl/legacy.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchFromGitHub }: + +# Don't use this for anything important! +# TODO: Drop fscryptctl-experimental after the NixOS 21.03/21.05 release. + +stdenv.mkDerivation rec { + pname = "fscryptctl"; + version = "0.1.0"; + + goPackagePath = "github.com/google/fscrypt"; + + src = fetchFromGitHub { + owner = "google"; + repo = "fscryptctl"; + rev = "v${version}"; + sha256 = "1853hlpklisbqnkb7a921dsf0vp2nr2im26zpmrs592cnpsvk3hb"; + }; + + makeFlags = [ "DESTDIR=$(out)/bin" ]; + + meta = with lib; { + description = "Small C tool for Linux filesystem encryption"; + longDescription = '' + fscryptctl is a low-level tool written in C that handles raw keys and + manages policies for Linux filesystem encryption, specifically the + "fscrypt" kernel interface which is supported by the ext4, f2fs, and + UBIFS filesystems. + fscryptctl is mainly intended for embedded systems which can't use the + full-featured fscrypt tool, or for testing or experimenting with the + kernel interface to Linux filesystem encryption. fscryptctl does not + handle key generation, key stretching, key wrapping, or PAM integration. + Most users should use the fscrypt tool instead, which supports these + features and generally is much easier to use. + As fscryptctl is intended for advanced users, you should read the kernel + documentation for filesystem encryption before using fscryptctl. + ''; + inherit (src.meta) homepage; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + knownVulnerabilities = [ '' + fscryptctl version 1.0.0 was released and now uses v2 encryption + policies. fscryptctl-experimental will remain at version 0.1.0 which + still supports the v1 encryption policies. Please try to switch from the + "fscryptctl-experimental" package to "fscryptctl". The v1 encryption + policies can be insecure, are hard to use correctly, and have different + semantics from v2 policies (which is why they are no longer supported in + fscryptctl 1.0.0+). + '' ]; + }; +} |