Conversation
719cf7e to
6f64325
Compare
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
6f64325 to
803b42e
Compare
24fd517 to
b8c0bb8
Compare
|
@yehudasa Please enable the qa test cases for fscrypt for libephfs at the same time and make sure all the test pass before we merging it. |
70617d0 to
ebf3ead
Compare
ebf3ead to
1c54d80
Compare
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
when opening encrypted files for write, also get the read cap Signed-off-by: Yehuda Sadeh <[email protected]>
round physical size, and update fscrypt_file to reflect requested size Signed-off-by: Yehuda Sadeh <[email protected]>
The previous behavior was returning it unconditionally Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
encrypt a directory, and execute regular tests on it Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
c81c97d to
8fc5199
Compare
Add more fscrypt unitest coverage, specifically it also tests the nonblocking api. Signed-off-by: Yehuda Sadeh <[email protected]>
to trigger more fscrypt related cases Signed-off-by: Yehuda Sadeh <[email protected]>
Signed-off-by: Yehuda Sadeh <[email protected]>
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
|
@gregsfortytwo is there a new PR that replaces this one? |
I know @chrisphoffman has been doing work on top of this at https://github.com/chrisphoffman/ceph/commits/wip-fscrypt/, but I don't think we have another PR for it? |
That branch isn't ready for PR yet, the plan is to create one soon. |
|
This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days. |
|
This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution! |
This implements fscrypt support in libcephfs, and the cephfs userspace client that is interoperable with the cephfs kernel client (see: https://lwn.net/Articles/889912/).
Note that this is still in heavy development.
Currently implemented:
TODO:
Currently cannot select encryption types (uses defaults)Add libcephfs API to control crypto keysLong file names supportCleanly deal with the read caps needed when writing datasymlinks implementationsnapshotsasync APIWe currently only support the default encryption types that the fscrypt control tool sets. The code does handle selection of encryption types dynamically, and gracefully handles the case where it cannot support an encryption type. Since the fscrypt tool does not make it easy to set encryption types, and since libopenssl does not support every type/mode out of the box, we should consider in the future which encryption types we want to support, however this is beyond the scope of this PR.
[1] fscrypt utility is modified due to use of ioctls that are not well formed (a problem with fuse), see https://github.com/yehudasa/fscrypt/tree/wip-ceph-fuse
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "pacific"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
Checklist
Show available Jenkins commands
jenkins retest this pleasejenkins test classic perfjenkins test crimson perfjenkins test signedjenkins test make checkjenkins test make check arm64jenkins test submodulesjenkins test dashboardjenkins test dashboard cephadmjenkins test apijenkins test docsjenkins render docsjenkins test ceph-volume alljenkins test ceph-volume toxjenkins test windows