From c5716e866f180d208f0801904bc2d56416144522 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Wed, 17 Nov 2021 17:30:32 +0100 Subject: [PATCH] Add new 'metadata_dir' configuration file option The new 'metadata_dir' configuration file option specifies a path to store the fscrypt metadata directory (.fscrypt). This is useful if you want to put this outside of any filesystem or directory configured for encryption. --- README.md | 24 ++++--- actions/context.go | 2 + cli-tests/t_metadata_dir.out | 19 ++++++ cli-tests/t_metadata_dir.sh | 35 ++++++++++ filesystem/filesystem.go | 10 ++- metadata/config_test.go | 6 +- metadata/metadata.pb.go | 125 +++++++++++++++++++---------------- metadata/metadata.proto | 1 + 8 files changed, 154 insertions(+), 68 deletions(-) create mode 100644 cli-tests/t_metadata_dir.out create mode 100755 cli-tests/t_metadata_dir.sh diff --git a/README.md b/README.md index d24cd039..eeee8435 100644 --- a/README.md +++ b/README.md @@ -253,6 +253,7 @@ that looks like the following: "policy_version": "2" }, "use_fs_keyring_for_v1_policies": false + "metadata_dir": "" } ``` @@ -310,6 +311,10 @@ The fields are: kernels, it's better to not use this setting and instead (re-)create your encrypted directories with `"policy_version": "2"`. +* "metadata_dir" specifies a path to store the fscrypt metadata directory + (.fscrypt). This is useful if you want to put this outside + of any filesystem or directory configured for encryption. + ## Setting up for login protectors If you want any encrypted directories to be protected by your login passphrase, @@ -456,15 +461,18 @@ copy the contents of the source directory into it. For directories protected by a `custom_passphrase` or `raw_key` protector, all metadata needed to unlock the directory (excluding the actual passphrase or raw -key, of course) is located in the `.fscrypt` directory at the root of the -filesystem that contains the encrypted directory. For example, if you have an -encrypted directory `/home/$USER/private` that is protected by a custom +key, of course) is located by default in the `.fscrypt` directory at the root +of the filesystem that contains the encrypted directory. For example, if you +have an encrypted directory `/home/$USER/private` that is protected by a custom passphrase, all `fscrypt` metadata needed to unlock the directory with that -custom passphrase will be located in `/home/.fscrypt` if you are using a -dedicated `/home` filesystem or in `/.fscrypt` if you aren't. If desired, you -can back up the `fscrypt` metadata by making a copy of this directory, although -this isn't too important since this metadata is located on the same filesystem -as the encrypted directory(s). +custom passphrase will be located by default in `/home/.fscrypt` if you are +using a dedicated `/home` filesystem or in `/.fscrypt` if you aren't. +Alternately, you can specify a different location for fscrypt metadata by +setting the `"metadata_dir"` field in the [Configuration +file](#configuration-file). +If desired, you can back up the `fscrypt` metadata by making a copy of this +directory, although this isn't too important since this metadata is located on +the same filesystem as the encrypted directory(s). `pam_passphrase` (login passphrase) protectors are a bit different as they are always stored on the root filesystem, in `/.fscrypt`. This ties them to the diff --git a/actions/context.go b/actions/context.go index 26295ec5..2ccd698f 100644 --- a/actions/context.go +++ b/actions/context.go @@ -72,6 +72,7 @@ func NewContextFromPath(path string, targetUser *user.User) (*Context, error) { if ctx.Mount, err = filesystem.FindMount(path); err != nil { return nil, err } + ctx.Mount.MetadataPath = ctx.Config.MetadataDir log.Printf("%s is on %s filesystem %q (%s)", path, ctx.Mount.FilesystemType, ctx.Mount.Path, ctx.Mount.Device) @@ -90,6 +91,7 @@ func NewContextFromMountpoint(mountpoint string, targetUser *user.User) (*Contex if ctx.Mount, err = filesystem.GetMount(mountpoint); err != nil { return nil, err } + ctx.Mount.MetadataPath = ctx.Config.MetadataDir log.Printf("found %s filesystem %q (%s)", ctx.Mount.FilesystemType, ctx.Mount.Path, ctx.Mount.Device) diff --git a/cli-tests/t_metadata_dir.out b/cli-tests/t_metadata_dir.out new file mode 100644 index 00000000..93332e1c --- /dev/null +++ b/cli-tests/t_metadata_dir.out @@ -0,0 +1,19 @@ + +# fscrypt setup filesystem +Metadata directories created at "MNT_ROOT/fscrypt_metadata/.fscrypt". + +# fscrypt encrypt directory +policies +protectors +"MNT/dir" is encrypted with fscrypt. + +Policy: desc1 +Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 +Unlocked: Yes + +Protected with 1 protector: +PROTECTOR LINKED DESCRIPTION +desc2 No custom protector "prot" + +# Lock directory +"MNT/dir" is now locked. diff --git a/cli-tests/t_metadata_dir.sh b/cli-tests/t_metadata_dir.sh new file mode 100755 index 00000000..2f3ed04a --- /dev/null +++ b/cli-tests/t_metadata_dir.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Test metadata_dir config option. + +cd "$(dirname "$0")" +. common.sh + +# filesystem setup + +mddir=$MNT_ROOT/fscrypt_metadata +mkdir "$mddir" +sed -e "s+\"metadata_dir\": \"\"+\"metadata_dir\": \"$mddir\"+" \ + -i "$FSCRYPT_CONF" + +dir="$MNT/dir" +mkdir "$dir" + +_print_header "fscrypt setup filesystem" +_rm_metadata "$MNT" +fscrypt setup "$MNT" +[ ! -e "$MNT/.fscrypt" ] +[ -e "$mddir/.fscrypt" ] + +_print_header "fscrypt encrypt directory" +echo hunter2 | fscrypt encrypt --quiet --source=custom_passphrase --name=prot "$dir" +ls "$mddir"/.fscrypt +[ -n "$(find "$mddir"/.fscrypt/policies -type f)" ] +[ -n "$(find "$mddir"/.fscrypt/protectors -type f)" ] +fscrypt status "$dir" +echo contents > "$dir"/file + +_print_header "Lock directory" +fscrypt lock "$dir" + +rm -rf "$mddir" diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 9b5b7e22..ac2e38a6 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -148,6 +148,8 @@ var SortDescriptorsByLastMtime = false // "/", meaning that the entire filesystem is mounted, but // it can differ for bind mounts. // ReadOnly - True if this is a read-only mount +// MetadataPath - Absolute path to store metadata information, if +// different from mountpoint. // // In order to use a Mount to store fscrypt metadata, some directories must be // setup first. Specifically, the directories created look like: @@ -176,6 +178,7 @@ type Mount struct { DeviceNumber DeviceNumber Subtree string ReadOnly bool + MetadataPath string } // PathSorter allows mounts to be sorted by Path. @@ -211,7 +214,12 @@ func (m *Mount) String() string { // BaseDir returns the path to the base fscrypt directory for this filesystem. func (m *Mount) BaseDir() string { - rawBaseDir := filepath.Join(m.Path, baseDirName) + rawBaseDir := "" + if m.MetadataPath != "" { + rawBaseDir = filepath.Join(m.MetadataPath, baseDirName) + } else { + rawBaseDir = filepath.Join(m.Path, baseDirName) + } // We allow the base directory to be a symlink, but some callers need // the real path, so dereference the symlink here if needed. Since the // directory the symlink points to may not exist yet, we have to read diff --git a/metadata/config_test.go b/metadata/config_test.go index 52f83f2b..31fbe805 100644 --- a/metadata/config_test.go +++ b/metadata/config_test.go @@ -49,7 +49,8 @@ var testConfigString = `{ "filenames": "AES_256_CTS", "policy_version": "1" }, - "use_fs_keyring_for_v1_policies": false + "use_fs_keyring_for_v1_policies": false, + "metadata_dir": "" } ` @@ -104,6 +105,9 @@ func TestOptionalFields(t *testing.T) { if cfg.GetUseFsKeyringForV1Policies() { t.Error("use_fs_keyring_for_v1_policies should be false, but was true") } + if cfg.GetMetadataDir() != "" { + t.Errorf("metadata_dir should be empty, but was %s", cfg.GetMetadataDir()) + } if cfg.Options.PolicyVersion != 0 { t.Errorf("policy version should be 0, but was %d", cfg.Options.PolicyVersion) } diff --git a/metadata/metadata.pb.go b/metadata/metadata.pb.go index a2148cef..cad597e8 100644 --- a/metadata/metadata.pb.go +++ b/metadata/metadata.pb.go @@ -45,7 +45,7 @@ func (x SourceType) String() string { return proto.EnumName(SourceType_name, int32(x)) } func (SourceType) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{0} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{0} } // Type of encryption; should match declarations of unix.FSCRYPT_MODE @@ -87,7 +87,7 @@ func (x EncryptionOptions_Mode) String() string { return proto.EnumName(EncryptionOptions_Mode_name, int32(x)) } func (EncryptionOptions_Mode) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{3, 0} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{3, 0} } // Cost parameters to be used in our hashing functions. @@ -104,7 +104,7 @@ func (m *HashingCosts) Reset() { *m = HashingCosts{} } func (m *HashingCosts) String() string { return proto.CompactTextString(m) } func (*HashingCosts) ProtoMessage() {} func (*HashingCosts) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{0} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{0} } func (m *HashingCosts) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_HashingCosts.Unmarshal(m, b) @@ -159,7 +159,7 @@ func (m *WrappedKeyData) Reset() { *m = WrappedKeyData{} } func (m *WrappedKeyData) String() string { return proto.CompactTextString(m) } func (*WrappedKeyData) ProtoMessage() {} func (*WrappedKeyData) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{1} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{1} } func (m *WrappedKeyData) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WrappedKeyData.Unmarshal(m, b) @@ -219,7 +219,7 @@ func (m *ProtectorData) Reset() { *m = ProtectorData{} } func (m *ProtectorData) String() string { return proto.CompactTextString(m) } func (*ProtectorData) ProtoMessage() {} func (*ProtectorData) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{2} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{2} } func (m *ProtectorData) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ProtectorData.Unmarshal(m, b) @@ -303,7 +303,7 @@ func (m *EncryptionOptions) Reset() { *m = EncryptionOptions{} } func (m *EncryptionOptions) String() string { return proto.CompactTextString(m) } func (*EncryptionOptions) ProtoMessage() {} func (*EncryptionOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{3} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{3} } func (m *EncryptionOptions) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_EncryptionOptions.Unmarshal(m, b) @@ -363,7 +363,7 @@ func (m *WrappedPolicyKey) Reset() { *m = WrappedPolicyKey{} } func (m *WrappedPolicyKey) String() string { return proto.CompactTextString(m) } func (*WrappedPolicyKey) ProtoMessage() {} func (*WrappedPolicyKey) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{4} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{4} } func (m *WrappedPolicyKey) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_WrappedPolicyKey.Unmarshal(m, b) @@ -411,7 +411,7 @@ func (m *PolicyData) Reset() { *m = PolicyData{} } func (m *PolicyData) String() string { return proto.CompactTextString(m) } func (*PolicyData) ProtoMessage() {} func (*PolicyData) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{5} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{5} } func (m *PolicyData) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_PolicyData.Unmarshal(m, b) @@ -458,6 +458,7 @@ type Config struct { HashCosts *HashingCosts `protobuf:"bytes,2,opt,name=hash_costs,json=hashCosts,proto3" json:"hash_costs,omitempty"` Options *EncryptionOptions `protobuf:"bytes,4,opt,name=options,proto3" json:"options,omitempty"` UseFsKeyringForV1Policies bool `protobuf:"varint,5,opt,name=use_fs_keyring_for_v1_policies,json=useFsKeyringForV1Policies,proto3" json:"use_fs_keyring_for_v1_policies,omitempty"` + MetadataDir string `protobuf:"bytes,6,opt,name=metadata_dir,json=metadataDir,proto3" json:"metadata_dir,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -467,7 +468,7 @@ func (m *Config) Reset() { *m = Config{} } func (m *Config) String() string { return proto.CompactTextString(m) } func (*Config) ProtoMessage() {} func (*Config) Descriptor() ([]byte, []int) { - return fileDescriptor_metadata_20fa0d9b7a38c428, []int{6} + return fileDescriptor_metadata_1cc8b7f8aa81b4fa, []int{6} } func (m *Config) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Config.Unmarshal(m, b) @@ -515,6 +516,13 @@ func (m *Config) GetUseFsKeyringForV1Policies() bool { return false } +func (m *Config) GetMetadataDir() string { + if m != nil { + return m.MetadataDir + } + return "" +} + func init() { proto.RegisterType((*HashingCosts)(nil), "metadata.HashingCosts") proto.RegisterType((*WrappedKeyData)(nil), "metadata.WrappedKeyData") @@ -527,53 +535,54 @@ func init() { proto.RegisterEnum("metadata.EncryptionOptions_Mode", EncryptionOptions_Mode_name, EncryptionOptions_Mode_value) } -func init() { proto.RegisterFile("metadata/metadata.proto", fileDescriptor_metadata_20fa0d9b7a38c428) } - -var fileDescriptor_metadata_20fa0d9b7a38c428 = []byte{ - // 716 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0xdd, 0x6a, 0xdb, 0x48, - 0x14, 0x5e, 0x49, 0x8e, 0x7f, 0x8e, 0x7f, 0x56, 0x99, 0x64, 0xb3, 0xda, 0x5d, 0x58, 0x8c, 0x97, - 0x40, 0x58, 0x42, 0x16, 0x7b, 0x49, 0x69, 0xa1, 0x14, 0x52, 0x27, 0x69, 0x93, 0x10, 0x9a, 0x8e, - 0x8d, 0xdb, 0x42, 0x41, 0x4c, 0xa4, 0xb1, 0x3d, 0x58, 0xd2, 0x88, 0x99, 0x71, 0x8c, 0xee, 0x7a, - 0xd7, 0x07, 0xe8, 0xbb, 0xf4, 0x69, 0xfa, 0x28, 0xbd, 0x28, 0x1a, 0xc9, 0x7f, 0x09, 0x84, 0xa4, - 0x37, 0xe2, 0x9c, 0x6f, 0xce, 0xef, 0x77, 0xce, 0x11, 0xfc, 0x1e, 0x52, 0x45, 0x7c, 0xa2, 0xc8, - 0x7f, 0x73, 0xe1, 0x20, 0x16, 0x5c, 0x71, 0x54, 0x9e, 0xeb, 0xad, 0x8f, 0x50, 0x7b, 0x4d, 0xe4, - 0x98, 0x45, 0xa3, 0x2e, 0x97, 0x4a, 0x22, 0x04, 0x05, 0xc5, 0x42, 0xea, 0x98, 0x4d, 0x63, 0xcf, - 0xc2, 0x5a, 0x46, 0x3b, 0x50, 0x0c, 0x69, 0xc8, 0x45, 0xe2, 0x58, 0x1a, 0xcd, 0x35, 0xd4, 0x84, - 0x6a, 0x4c, 0x04, 0x09, 0x02, 0x1a, 0x30, 0x19, 0x3a, 0x05, 0xfd, 0xb8, 0x0a, 0xb5, 0x3e, 0x40, - 0xe3, 0x9d, 0x20, 0x71, 0x4c, 0xfd, 0x0b, 0x9a, 0x1c, 0x13, 0x45, 0x50, 0x03, 0xcc, 0xb3, 0x81, - 0x63, 0x34, 0x8d, 0xbd, 0x1a, 0x36, 0xcf, 0x06, 0xe8, 0x1f, 0xa8, 0xd3, 0xc8, 0x13, 0x49, 0xac, - 0xa8, 0xef, 0x4e, 0x68, 0xa2, 0x13, 0xd7, 0x70, 0x6d, 0x01, 0x5e, 0xd0, 0x24, 0x2d, 0x6a, 0x1c, - 0x12, 0x4f, 0xa7, 0xaf, 0x61, 0x2d, 0xb7, 0xbe, 0x98, 0x50, 0xbf, 0x12, 0x5c, 0x51, 0x4f, 0x71, - 0xa1, 0x43, 0xb7, 0x61, 0x3b, 0x9e, 0x03, 0xae, 0x4f, 0xa5, 0x27, 0x58, 0xac, 0xb8, 0xd0, 0xc9, - 0x2a, 0x78, 0x6b, 0xf1, 0x76, 0xbc, 0x78, 0x42, 0xfb, 0x50, 0x94, 0x7c, 0x2a, 0xbc, 0xac, 0xdf, - 0x46, 0x67, 0xfb, 0x60, 0x41, 0x54, 0x4f, 0xe3, 0xfd, 0x24, 0xa6, 0x38, 0xb7, 0x49, 0xcb, 0x88, - 0x48, 0x48, 0x75, 0x19, 0x15, 0xac, 0x65, 0xb4, 0x0f, 0x1b, 0x5e, 0x4a, 0x9c, 0xee, 0xbe, 0xda, - 0xd9, 0x59, 0x06, 0x58, 0xa5, 0x15, 0x67, 0x46, 0x69, 0x04, 0x49, 0x02, 0xe5, 0x6c, 0x64, 0x8d, - 0xa4, 0x32, 0xb2, 0xc1, 0x9a, 0x32, 0xdf, 0x29, 0x6a, 0xf6, 0x52, 0x11, 0x3d, 0x83, 0xea, 0x2c, - 0x63, 0x4d, 0x33, 0x52, 0xd2, 0x91, 0x9d, 0x65, 0xe4, 0x75, 0x4a, 0x31, 0xcc, 0x16, 0x7a, 0xeb, - 0x9b, 0x09, 0x9b, 0x27, 0x19, 0x75, 0x8c, 0x47, 0x6f, 0xf4, 0x57, 0x22, 0x07, 0x4a, 0x31, 0xf1, - 0x7d, 0x16, 0x8d, 0x34, 0x19, 0x16, 0x9e, 0xab, 0xe8, 0x39, 0x94, 0x3d, 0x1e, 0x29, 0x1a, 0x29, - 0x99, 0x53, 0xd0, 0x5c, 0xe6, 0xb9, 0x13, 0xe8, 0xe0, 0x92, 0xfb, 0x14, 0x2f, 0x3c, 0xd0, 0x0b, - 0xa8, 0x0c, 0x59, 0x40, 0x53, 0x22, 0xa4, 0x66, 0xe5, 0x21, 0xee, 0x4b, 0x17, 0xb4, 0x0b, 0x8d, - 0x98, 0x07, 0xcc, 0x4b, 0xdc, 0x1b, 0x2a, 0x24, 0xe3, 0x51, 0xbe, 0x43, 0xf5, 0x0c, 0x1d, 0x64, - 0x60, 0xeb, 0xb3, 0x01, 0x85, 0xd4, 0x15, 0x55, 0xa1, 0xe4, 0xd3, 0x21, 0x99, 0x06, 0xca, 0xfe, - 0x05, 0xfd, 0x0a, 0xd5, 0xa3, 0x93, 0x9e, 0xdb, 0x39, 0x7c, 0xe2, 0xbe, 0xef, 0xf7, 0x6c, 0x63, - 0x15, 0x78, 0xd5, 0xbd, 0xb4, 0xcd, 0x55, 0xa0, 0xfb, 0xb2, 0x6b, 0x5b, 0x6b, 0x40, 0xbf, 0x67, - 0x17, 0xe6, 0x40, 0xbb, 0xf3, 0x54, 0x5b, 0x6c, 0xac, 0x01, 0xfd, 0x9e, 0x5d, 0x44, 0x35, 0x28, - 0x1f, 0xf9, 0x8c, 0x44, 0x6a, 0x1a, 0xda, 0x95, 0xd6, 0x27, 0x03, 0xec, 0x9c, 0xfd, 0x2b, 0x5d, - 0x62, 0xba, 0x9d, 0x3f, 0xb1, 0x77, 0xb7, 0x26, 0x6c, 0x3e, 0x62, 0xc2, 0x5f, 0x0d, 0x80, 0x2c, - 0xb7, 0x5e, 0xfa, 0x5d, 0x68, 0x4c, 0x68, 0x72, 0x37, 0x6d, 0x7d, 0x42, 0x93, 0x95, 0x84, 0x87, - 0x50, 0xe2, 0xd9, 0x10, 0xf2, 0x64, 0x7f, 0xdd, 0x33, 0x27, 0x3c, 0xb7, 0x45, 0xe7, 0xb0, 0x35, - 0xaf, 0x33, 0x1f, 0xd4, 0x84, 0x26, 0xe9, 0xa8, 0xad, 0xbd, 0x6a, 0xe7, 0xcf, 0x3b, 0xf5, 0x2e, - 0x38, 0xc1, 0x9b, 0xb3, 0x5b, 0x88, 0x6c, 0x7d, 0x37, 0xa0, 0xd8, 0xe5, 0xd1, 0x90, 0x8d, 0x56, - 0xce, 0xce, 0x78, 0xc0, 0xd9, 0x1d, 0x02, 0x8c, 0x89, 0x1c, 0xbb, 0xd9, 0x9d, 0x99, 0xf7, 0xde, - 0x59, 0x25, 0xb5, 0xcc, 0xfe, 0x64, 0x2b, 0x2d, 0x17, 0x1e, 0xd1, 0xf2, 0x11, 0xfc, 0x3d, 0x95, - 0xd4, 0x1d, 0xca, 0xb4, 0x55, 0xc1, 0xa2, 0x91, 0x3b, 0xe4, 0xc2, 0xbd, 0x69, 0x67, 0x04, 0x30, - 0x2a, 0xf5, 0xf1, 0x96, 0xf1, 0x1f, 0x53, 0x49, 0x4f, 0xe5, 0x45, 0x66, 0x73, 0xca, 0xc5, 0xa0, - 0x7d, 0x95, 0x1b, 0x9c, 0x17, 0xca, 0x96, 0x5d, 0xc0, 0x75, 0x8f, 0x87, 0x31, 0x51, 0xec, 0x9a, - 0x05, 0x4c, 0x25, 0xff, 0xbe, 0x05, 0x58, 0xf6, 0xb6, 0xbe, 0xc9, 0x08, 0x1a, 0x31, 0x09, 0xdd, - 0x98, 0x48, 0x19, 0x8f, 0x05, 0x91, 0xd4, 0x36, 0xd0, 0x6f, 0xb0, 0xe9, 0x4d, 0xa5, 0xe2, 0x6b, - 0xb0, 0x99, 0xfa, 0x09, 0x32, 0x4b, 0x4b, 0xb3, 0xad, 0xeb, 0xa2, 0xfe, 0x99, 0xff, 0xff, 0x23, - 0x00, 0x00, 0xff, 0xff, 0x3d, 0x33, 0x9f, 0x0d, 0xe7, 0x05, 0x00, 0x00, +func init() { proto.RegisterFile("metadata/metadata.proto", fileDescriptor_metadata_1cc8b7f8aa81b4fa) } + +var fileDescriptor_metadata_1cc8b7f8aa81b4fa = []byte{ + // 736 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x54, 0x6d, 0x6b, 0xe3, 0x46, + 0x10, 0xae, 0x24, 0xc7, 0x2f, 0xe3, 0x97, 0x2a, 0x9b, 0x34, 0x55, 0x5b, 0x28, 0xae, 0x4b, 0x20, + 0x94, 0x90, 0x62, 0x97, 0x94, 0x16, 0x4a, 0x21, 0x75, 0x92, 0x36, 0x09, 0xa1, 0xb9, 0xb5, 0xf1, + 0xdd, 0xc1, 0x81, 0xd8, 0x48, 0x6b, 0x7b, 0xb1, 0xa4, 0x15, 0xbb, 0xeb, 0x18, 0x7d, 0xbb, 0x6f, + 0xf7, 0x03, 0xee, 0x07, 0xdc, 0xbf, 0xb8, 0x5f, 0x73, 0x3f, 0xe6, 0xd0, 0x4a, 0xf2, 0x4b, 0x02, + 0x21, 0xb9, 0x2f, 0x62, 0xf6, 0xd9, 0xd9, 0x79, 0x66, 0x9e, 0x99, 0x11, 0x7c, 0x1b, 0x52, 0x45, + 0x7c, 0xa2, 0xc8, 0xaf, 0x85, 0x71, 0x14, 0x0b, 0xae, 0x38, 0xaa, 0x16, 0xe7, 0xce, 0x1b, 0x68, + 0xfc, 0x47, 0xe4, 0x94, 0x45, 0x93, 0x3e, 0x97, 0x4a, 0x22, 0x04, 0x25, 0xc5, 0x42, 0xea, 0x98, + 0x6d, 0xe3, 0xc0, 0xc2, 0xda, 0x46, 0x7b, 0x50, 0x0e, 0x69, 0xc8, 0x45, 0xe2, 0x58, 0x1a, 0xcd, + 0x4f, 0xa8, 0x0d, 0xf5, 0x98, 0x08, 0x12, 0x04, 0x34, 0x60, 0x32, 0x74, 0x4a, 0xfa, 0x72, 0x1d, + 0xea, 0xbc, 0x86, 0xd6, 0x4b, 0x41, 0xe2, 0x98, 0xfa, 0x57, 0x34, 0x39, 0x25, 0x8a, 0xa0, 0x16, + 0x98, 0x17, 0x23, 0xc7, 0x68, 0x1b, 0x07, 0x0d, 0x6c, 0x5e, 0x8c, 0xd0, 0xcf, 0xd0, 0xa4, 0x91, + 0x27, 0x92, 0x58, 0x51, 0xdf, 0x9d, 0xd1, 0x44, 0x13, 0x37, 0x70, 0x63, 0x09, 0x5e, 0xd1, 0x24, + 0x4d, 0x6a, 0x1a, 0x12, 0x4f, 0xd3, 0x37, 0xb0, 0xb6, 0x3b, 0xef, 0x4d, 0x68, 0xde, 0x08, 0xae, + 0xa8, 0xa7, 0xb8, 0xd0, 0xa1, 0xbb, 0xb0, 0x1b, 0x17, 0x80, 0xeb, 0x53, 0xe9, 0x09, 0x16, 0x2b, + 0x2e, 0x34, 0x59, 0x0d, 0xef, 0x2c, 0xef, 0x4e, 0x97, 0x57, 0xe8, 0x10, 0xca, 0x92, 0xcf, 0x85, + 0x97, 0xd5, 0xdb, 0xea, 0xed, 0x1e, 0x2d, 0x85, 0x1a, 0x68, 0x7c, 0x98, 0xc4, 0x14, 0xe7, 0x3e, + 0x69, 0x1a, 0x11, 0x09, 0xa9, 0x4e, 0xa3, 0x86, 0xb5, 0x8d, 0x0e, 0x61, 0xcb, 0x4b, 0x85, 0xd3, + 0xd5, 0xd7, 0x7b, 0x7b, 0xab, 0x00, 0xeb, 0xb2, 0xe2, 0xcc, 0x29, 0x8d, 0x20, 0x49, 0xa0, 0x9c, + 0xad, 0xac, 0x90, 0xd4, 0x46, 0x36, 0x58, 0x73, 0xe6, 0x3b, 0x65, 0xad, 0x5e, 0x6a, 0xa2, 0x3f, + 0xa1, 0xbe, 0xc8, 0x54, 0xd3, 0x8a, 0x54, 0x74, 0x64, 0x67, 0x15, 0x79, 0x53, 0x52, 0x0c, 0x8b, + 0xe5, 0xb9, 0xf3, 0xc9, 0x84, 0xed, 0xb3, 0x4c, 0x3a, 0xc6, 0xa3, 0xff, 0xf5, 0x57, 0x22, 0x07, + 0x2a, 0x31, 0xf1, 0x7d, 0x16, 0x4d, 0xb4, 0x18, 0x16, 0x2e, 0x8e, 0xe8, 0x2f, 0xa8, 0x7a, 0x3c, + 0x52, 0x34, 0x52, 0x32, 0x97, 0xa0, 0xbd, 0xe2, 0x79, 0x10, 0xe8, 0xe8, 0x9a, 0xfb, 0x14, 0x2f, + 0x5f, 0xa0, 0xbf, 0xa1, 0x36, 0x66, 0x01, 0x4d, 0x85, 0x90, 0x5a, 0x95, 0xa7, 0x3c, 0x5f, 0x3d, + 0x41, 0xfb, 0xd0, 0x8a, 0x79, 0xc0, 0xbc, 0xc4, 0xbd, 0xa3, 0x42, 0x32, 0x1e, 0xe5, 0x33, 0xd4, + 0xcc, 0xd0, 0x51, 0x06, 0x76, 0xde, 0x19, 0x50, 0x4a, 0x9f, 0xa2, 0x3a, 0x54, 0x7c, 0x3a, 0x26, + 0xf3, 0x40, 0xd9, 0x5f, 0xa1, 0xaf, 0xa1, 0x7e, 0x72, 0x36, 0x70, 0x7b, 0xc7, 0xbf, 0xbb, 0xaf, + 0x86, 0x03, 0xdb, 0x58, 0x07, 0xfe, 0xed, 0x5f, 0xdb, 0xe6, 0x3a, 0xd0, 0xff, 0xa7, 0x6f, 0x5b, + 0x1b, 0xc0, 0x70, 0x60, 0x97, 0x0a, 0xa0, 0xdb, 0xfb, 0x43, 0x7b, 0x6c, 0x6d, 0x00, 0xc3, 0x81, + 0x5d, 0x46, 0x0d, 0xa8, 0x9e, 0xf8, 0x8c, 0x44, 0x6a, 0x1e, 0xda, 0xb5, 0xce, 0x5b, 0x03, 0xec, + 0x5c, 0xfd, 0x1b, 0x9d, 0x62, 0x3a, 0x9d, 0x5f, 0x30, 0x77, 0xf7, 0x3a, 0x6c, 0x3e, 0xa3, 0xc3, + 0x1f, 0x0d, 0x80, 0x8c, 0x5b, 0x0f, 0xfd, 0x3e, 0xb4, 0x66, 0x34, 0x79, 0x48, 0xdb, 0x9c, 0xd1, + 0x64, 0x8d, 0xf0, 0x18, 0x2a, 0x3c, 0x6b, 0x42, 0x4e, 0xf6, 0xc3, 0x23, 0x7d, 0xc2, 0x85, 0x2f, + 0xba, 0x84, 0x9d, 0x22, 0xcf, 0xbc, 0x51, 0x33, 0x9a, 0xa4, 0xad, 0xb6, 0x0e, 0xea, 0xbd, 0xef, + 0x1f, 0xe4, 0xbb, 0xd4, 0x04, 0x6f, 0x2f, 0xee, 0x21, 0xb2, 0xf3, 0xc1, 0x84, 0x72, 0x9f, 0x47, + 0x63, 0x36, 0x59, 0x5b, 0x3b, 0xe3, 0x09, 0x6b, 0x77, 0x0c, 0x30, 0x25, 0x72, 0xea, 0x66, 0x7b, + 0x66, 0x3e, 0xba, 0x67, 0xb5, 0xd4, 0x33, 0xfb, 0x93, 0xad, 0x95, 0x5c, 0x7a, 0x46, 0xc9, 0x27, + 0xf0, 0xe3, 0x5c, 0x52, 0x77, 0x2c, 0xd3, 0x52, 0x05, 0x8b, 0x26, 0xee, 0x98, 0x0b, 0xf7, 0xae, + 0x9b, 0x09, 0xc0, 0xa8, 0xd4, 0xcb, 0x5b, 0xc5, 0xdf, 0xcd, 0x25, 0x3d, 0x97, 0x57, 0x99, 0xcf, + 0x39, 0x17, 0xa3, 0xee, 0x4d, 0xee, 0x80, 0x7e, 0x82, 0x46, 0xc1, 0xe4, 0xfa, 0x4c, 0xe8, 0xd5, + 0xae, 0xe1, 0x7a, 0x81, 0x9d, 0x32, 0x71, 0x59, 0xaa, 0x5a, 0x76, 0x09, 0x37, 0x3d, 0x1e, 0xc6, + 0x44, 0xb1, 0x5b, 0x16, 0x30, 0x95, 0xfc, 0xf2, 0x02, 0x60, 0x55, 0xfe, 0xe6, 0xb0, 0x23, 0x68, + 0xc5, 0x24, 0x74, 0x63, 0x22, 0x65, 0x3c, 0x15, 0x44, 0x52, 0xdb, 0x40, 0xdf, 0xc0, 0xb6, 0x37, + 0x97, 0x8a, 0x6f, 0xc0, 0x66, 0xfa, 0x4e, 0x90, 0x45, 0x9a, 0xbd, 0x6d, 0xdd, 0x96, 0xf5, 0xff, + 0xfe, 0xb7, 0xcf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x7a, 0xe0, 0xce, 0xe3, 0x0a, 0x06, 0x00, 0x00, } diff --git a/metadata/metadata.proto b/metadata/metadata.proto index 8ffb4f6e..241527cc 100644 --- a/metadata/metadata.proto +++ b/metadata/metadata.proto @@ -99,6 +99,7 @@ message Config { HashingCosts hash_costs = 2; EncryptionOptions options = 4; bool use_fs_keyring_for_v1_policies = 5; + string metadata_dir = 6; // reserve the removed field 'string compatibility = 3;' reserved 3;