depot/third_party/nixpkgs/pkgs/os-specific/linux/fscryptctl/legacy.nix

52 lines
2.1 KiB
Nix
Raw Normal View History

{ lib, stdenv, fetchFromGitHub }:
# Don't use this for anything important!
# TODO: Drop fscryptctl-experimental after the NixOS 21.03/21.05 release.
stdenv.mkDerivation rec {
pname = "fscryptctl";
version = "0.1.0";
goPackagePath = "github.com/google/fscrypt";
src = fetchFromGitHub {
owner = "google";
repo = "fscryptctl";
rev = "v${version}";
sha256 = "1853hlpklisbqnkb7a921dsf0vp2nr2im26zpmrs592cnpsvk3hb";
};
makeFlags = [ "DESTDIR=$(out)/bin" ];
meta = with lib; {
description = "Small C tool for Linux filesystem encryption";
longDescription = ''
fscryptctl is a low-level tool written in C that handles raw keys and
manages policies for Linux filesystem encryption, specifically the
"fscrypt" kernel interface which is supported by the ext4, f2fs, and
UBIFS filesystems.
fscryptctl is mainly intended for embedded systems which can't use the
full-featured fscrypt tool, or for testing or experimenting with the
kernel interface to Linux filesystem encryption. fscryptctl does not
handle key generation, key stretching, key wrapping, or PAM integration.
Most users should use the fscrypt tool instead, which supports these
features and generally is much easier to use.
As fscryptctl is intended for advanced users, you should read the kernel
documentation for filesystem encryption before using fscryptctl.
'';
inherit (src.meta) homepage;
license = licenses.asl20;
platforms = platforms.linux;
maintainers = with maintainers; [ primeos ];
knownVulnerabilities = [ ''
fscryptctl version 1.0.0 was released and now uses v2 encryption
policies. fscryptctl-experimental will remain at version 0.1.0 which
still supports the v1 encryption policies. Please try to switch from the
"fscryptctl-experimental" package to "fscryptctl". The v1 encryption
policies can be insecure, are hard to use correctly, and have different
semantics from v2 policies (which is why they are no longer supported in
fscryptctl 1.0.0+).
'' ];
};
}