forked from mirrors/nixpkgs
52 lines
2.1 KiB
Nix
52 lines
2.1 KiB
Nix
|
{ lib, stdenv, fetchFromGitHub }:
|
||
|
|
||
|
# Don't use this for anything important!
|
||
|
# TODO: Drop fscryptctl-experimental after the NixOS 21.03/21.05 release.
|
||
|
|
||
|
stdenv.mkDerivation rec {
|
||
|
pname = "fscryptctl";
|
||
|
version = "0.1.0";
|
||
|
|
||
|
goPackagePath = "github.com/google/fscrypt";
|
||
|
|
||
|
src = fetchFromGitHub {
|
||
|
owner = "google";
|
||
|
repo = "fscryptctl";
|
||
|
rev = "v${version}";
|
||
|
sha256 = "1853hlpklisbqnkb7a921dsf0vp2nr2im26zpmrs592cnpsvk3hb";
|
||
|
};
|
||
|
|
||
|
makeFlags = [ "DESTDIR=$(out)/bin" ];
|
||
|
|
||
|
meta = with lib; {
|
||
|
description = "Small C tool for Linux filesystem encryption";
|
||
|
longDescription = ''
|
||
|
fscryptctl is a low-level tool written in C that handles raw keys and
|
||
|
manages policies for Linux filesystem encryption, specifically the
|
||
|
"fscrypt" kernel interface which is supported by the ext4, f2fs, and
|
||
|
UBIFS filesystems.
|
||
|
fscryptctl is mainly intended for embedded systems which can't use the
|
||
|
full-featured fscrypt tool, or for testing or experimenting with the
|
||
|
kernel interface to Linux filesystem encryption. fscryptctl does not
|
||
|
handle key generation, key stretching, key wrapping, or PAM integration.
|
||
|
Most users should use the fscrypt tool instead, which supports these
|
||
|
features and generally is much easier to use.
|
||
|
As fscryptctl is intended for advanced users, you should read the kernel
|
||
|
documentation for filesystem encryption before using fscryptctl.
|
||
|
'';
|
||
|
inherit (src.meta) homepage;
|
||
|
license = licenses.asl20;
|
||
|
platforms = platforms.linux;
|
||
|
maintainers = with maintainers; [ primeos ];
|
||
|
knownVulnerabilities = [ ''
|
||
|
fscryptctl version 1.0.0 was released and now uses v2 encryption
|
||
|
policies. fscryptctl-experimental will remain at version 0.1.0 which
|
||
|
still supports the v1 encryption policies. Please try to switch from the
|
||
|
"fscryptctl-experimental" package to "fscryptctl". The v1 encryption
|
||
|
policies can be insecure, are hard to use correctly, and have different
|
||
|
semantics from v2 policies (which is why they are no longer supported in
|
||
|
fscryptctl 1.0.0+).
|
||
|
'' ];
|
||
|
};
|
||
|
}
|