From: Eric Biggers <ebiggers@xxxxxxxxxx> In _require_encryption_policy_support(), when checking whether the encryption policy is usable, try creating a nonempty file rather than an empty one. This ensures that both the contents and filenames encryption modes are available, rather than just the filenames mode. On f2fs this makes generic/549 be correctly skipped, rather than failed, when run on a kernel built from the latest fscrypt.git tree with CONFIG_CRYPTO_SHA256=n. Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> --- common/encrypt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/encrypt b/common/encrypt index 13098d7f..06a56ed9 100644 --- a/common/encrypt +++ b/common/encrypt @@ -98,7 +98,9 @@ _require_encryption_policy_support() # without kernel crypto API support. E.g. a policy using Adiantum # encryption can be set on a kernel without CONFIG_CRYPTO_ADIANTUM. # But actually trying to use such an encrypted directory will fail. - if ! touch $dir/file; then + # To reliably check for availability of both the contents and filenames + # encryption modes, try creating a nonempty file. + if ! echo foo > $dir/file; then _notrun "encryption policy '$set_encpolicy_args' is unusable; probably missing kernel crypto API support" fi $KEYCTL_PROG clear @s -- 2.22.0.410.gd8fdbe21b5-goog
|