diff options
Diffstat (limited to 'pkgs/os-specific/linux/fscryptctl/legacy.nix')
-rw-r--r-- | pkgs/os-specific/linux/fscryptctl/legacy.nix | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/fscryptctl/legacy.nix b/pkgs/os-specific/linux/fscryptctl/legacy.nix new file mode 100644 index 00000000000..64a409fb58b --- /dev/null +++ b/pkgs/os-specific/linux/fscryptctl/legacy.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchFromGitHub }: + +# Don't use this for anything important! +# TODO: Drop fscryptctl-experimental after the NixOS 21.03/21.05 release. + +stdenv.mkDerivation rec { + pname = "fscryptctl"; + version = "0.1.0"; + + goPackagePath = "github.com/google/fscrypt"; + + src = fetchFromGitHub { + owner = "google"; + repo = "fscryptctl"; + rev = "v${version}"; + sha256 = "1853hlpklisbqnkb7a921dsf0vp2nr2im26zpmrs592cnpsvk3hb"; + }; + + makeFlags = [ "DESTDIR=$(out)/bin" ]; + + meta = with lib; { + description = "Small C tool for Linux filesystem encryption"; + longDescription = '' + fscryptctl is a low-level tool written in C that handles raw keys and + manages policies for Linux filesystem encryption, specifically the + "fscrypt" kernel interface which is supported by the ext4, f2fs, and + UBIFS filesystems. + fscryptctl is mainly intended for embedded systems which can't use the + full-featured fscrypt tool, or for testing or experimenting with the + kernel interface to Linux filesystem encryption. fscryptctl does not + handle key generation, key stretching, key wrapping, or PAM integration. + Most users should use the fscrypt tool instead, which supports these + features and generally is much easier to use. + As fscryptctl is intended for advanced users, you should read the kernel + documentation for filesystem encryption before using fscryptctl. + ''; + inherit (src.meta) homepage; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + knownVulnerabilities = [ '' + fscryptctl version 1.0.0 was released and now uses v2 encryption + policies. fscryptctl-experimental will remain at version 0.1.0 which + still supports the v1 encryption policies. Please try to switch from the + "fscryptctl-experimental" package to "fscryptctl". The v1 encryption + policies can be insecure, are hard to use correctly, and have different + semantics from v2 policies (which is why they are no longer supported in + fscryptctl 1.0.0+). + '' ]; + }; +} |