fscrypt icon indicating copy to clipboard operation
fscrypt copied to clipboard

Published 20 hours ago verified publisher icon google

Compile without libpam?

Open BlueMax opened this issue 4 years ago • 7 comments

Is it possible to compile fscrypt without libpam for systems that do not support it?

BlueMax avatar May 19 '20 16:05 BlueMax

The following should do it:

make bin/fscrypt

That builds just the fscrypt binary, not the PAM module pam_fscrypt.so. See https://github.com/google/fscrypt/blob/master/README.md#building-and-installing

ebiggers avatar May 19 '20 16:05 ebiggers

True, but i'm compiling a static binary and it always holds all the libpam data and it looks like it tries to make use of it at startup indeed (the error is due to missing /etc/passwd).

[ERROR] fscrypt setup: user: lookup userid 0:
no such file or directory

That's my compile command (cross-compile environment is set up):

GO_FLAGS=-buildmode=exe GOARCH=arm64 CGO_ENABLED=1 make LDFLAGS="-static -ldl -laudit -lcap-ng" CFLAGS="-O2 -g0 -s -static -pipe -pthread -Wp,-I/home/user/sysroot-aarch64/usr/include -Wl,-L/home/user/sysroot-aarch64/usr/lib" CGO_CFLAGS="--sysroot /home/user/sysroot-aarch64" CGO_LDFLAGS="--sysroot /home/user/sysroot-aarch64"

BlueMax avatar May 19 '20 16:05 BlueMax

So I think the issue here is that you just don't want to use user login passwords at all. @BlueMax is that right?

In that case, we should should have a way to compile the fscrypt binary without any PAM support whatsoever. We could do this with a nopam build constraint. That way:

  • Building without support for PAM and user login passphrases is possible
  • fscrypt by default still supports user passphrases.

josephlr avatar May 20 '20 10:05 josephlr

Yes, a new make target nopam would be great that doesn't link libpam at all. The target system doesn't provide pam at all. Actually its an Android device (and fscrypt is on musl not bionic). The current workaround is to create a dummy /etc/passwd file and it will pass the error above. Not sure if it has any more side effects.

BlueMax avatar May 20 '20 22:05 BlueMax

@BlueMax did you get this running on the Android device? Looking to build binaries for both 32bit and 64bit arm to run on newer Android devices but not luck so far to make a static build, unfortunately.

@josephlr any updates on the flag to compile fscryptc without pam, ref. what you mentioned a few posts above.

blubbafett avatar Feb 18 '23 06:02 blubbafett

I also encountered this error when I copied the generated executable to qemu's linux kernel using static compilation, how should I solve it?

badhhui avatar Mar 06 '23 09:03 badhhui

did you get this running on the Android device?

I could compile and run it but i haven't checked for actual functionality. It needs dummy/existing /etc/passwd file if i reckon correctly (error: cannot look up userids).

I used the compile line below. The make bin/fscrypt might be the trick. Can't remember anymore.

GO_FLAGS=-buildmode=exe GOARCH=arm64 CGO_ENABLED=1 make bin/fscrypt LDFLAGS="-static -ldl -laudit -lcap-ng" CFLAGS="-O2 -g0 -s -static -pipe -pthread -Wp,-I/home/user/android/sysroot-aarch64/usr/include -Wl,-L/home/user/android/sysroot-aarch64/usr/lib" CGO_CFLAGS="--sysroot /home/user/android/sysroot-aarch64" CGO_LDFLAGS="--sysroot /home/user/android/sysroot-aarch64"

BlueMax avatar Mar 06 '23 13:03 BlueMax