fscrypt icon indicating copy to clipboard operation
fscrypt copied to clipboard
verified publisher icon google

add a custom path for /etc/fscrypt.conf

Open limbo127 opened this issue 8 years ago • 6 comments

Hello, We need to specify an other path for /etc/fscrypt.conf , as parameter to each command. Regards, Nicolas

limbo127 avatar Oct 06 '17 08:10 limbo127

@limbo127 do you not want to have to create /etc/fscrypt.conf at all? Or do you just need a way to override parameters in it for a specific call?

josephlr avatar Oct 08 '17 07:10 josephlr

Hello, It’s ok by modify path in code, so a mention in readme should be fine Regards, Nicolas

Le dim. 8 oct. 2017 à 09:16, Joseph Richey [email protected] a écrit :

@limbo127 https://github.com/limbo127 do you not want to have to create /etc/fscrypt.conf at all? Or do you just need a way to override parameters in it for a specific call?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/google/fscrypt/issues/72#issuecomment-334988130, or mute the thread https://github.com/notifications/unsubscribe-auth/ABgm0BAMxswOGl-6yuE7AHR6BtrHq8Pfks5sqHbLgaJpZM4PwIqZ .

limbo127 avatar Oct 08 '17 14:10 limbo127

@josephlr What are we planning to do in this. I think providing a command line flag to specify custom configuration file is a good idea, or else we can also have an environment variable(like FSCRYPT_CONFIG) specifying the config file path. I can work on this.

fristonio avatar Aug 30 '18 15:08 fristonio

@fristonio My idea here was to basically allow /etc/fscrypt.conf to exist in multiple places, and then define a sane ordering to look though them, overriding settings as we go. My thoughts on the order (basically from lower to higher priority):

  1. Compiled in application defaults
  2. /etc/fscrypt.conf
  3. User configuration dirs as specified by the XDG Specification. This basically means we search for $XDG_CONFIG_HOME/fscrypt/fscrypt.config aka ~/.config/fscrypt/fscrypt.conf.
  4. A flag passed in naming a file to be used. This could also be parameters for each option, but a command line flag seems better.

Thoughts? This change also means that we could remove certain things we write to /etc/fscrypt.conf by default. For example, if the file encryption mode isn't set, the fscrypt binary could chose the "best" algorithm avalible on the system.

josephlr avatar Aug 30 '18 22:08 josephlr

Yeah, this looks good to me. A few things though.

Compiled in application defaults

I don't understand this. Are you trying to say that /etc/fscrypt.conf shouldn't be the default but the one specified by user during compile time should be used as default?

if the file encryption mode isn't set, the fscrypt binary could chose the "best" algorithm avalible on the system?

We don't do this now?

fristonio avatar Sep 01 '18 12:09 fristonio

A while ago, 31bc8c843e1862b2d28f31eff85eca3d1dbd4754 added a FSCRYPT_CONF environmental variable for testing purposes. I'm not sure whether we should just document that and consider this issue closed, or whether we should still implement the more complex design described in https://github.com/google/fscrypt/issues/72#issuecomment-417481368. It might be best to keep things simple for now.

ebiggers avatar Dec 23 '21 04:12 ebiggers