Compile without libpam?

[BlueMax]

Is it possible to compile fscrypt without libpam for systems that do not support it?

[ebiggers]

The following should do it:

make bin/fscrypt

That builds just the fscrypt binary, not the PAM module pam_fscrypt.so. See https://github.com/google/fscrypt/blob/master/README.md#building-and-installing

[BlueMax]

True, but i'm compiling a static binary and it always holds all the libpam data and it looks like it tries to make use of it at startup indeed (the error is due to missing /etc/passwd).

[ERROR] fscrypt setup: user: lookup userid 0:
no such file or directory

That's my compile command (cross-compile environment is set up):

GO_FLAGS=-buildmode=exe GOARCH=arm64 CGO_ENABLED=1 make LDFLAGS="-static -ldl -laudit -lcap-ng" CFLAGS="-O2 -g0 -s -static -pipe -pthread -Wp,-I/home/user/sysroot-aarch64/usr/include -Wl,-L/home/user/sysroot-aarch64/usr/lib" CGO_CFLAGS="--sysroot /home/user/sysroot-aarch64" CGO_LDFLAGS="--sysroot /home/user/sysroot-aarch64"

[josephlr]

So I think the issue here is that you just don't want to use user login passwords at all. @BlueMax is that right?

In that case, we should should have a way to compile the fscrypt binary without any PAM support whatsoever. We could do this with a nopam build constraint. That way:

• Building without support for PAM and user login passphrases is possible
• fscrypt by default still supports user passphrases.

[BlueMax]

Yes, a new make target nopam would be great that doesn't link libpam at all. The target system doesn't provide pam at all. Actually its an Android device (and fscrypt is on musl not bionic).
The current workaround is to create a dummy /etc/passwd file and it will pass the error above. Not sure if it has any more side effects.

[blubbafett]

@BlueMax did you get this running on the Android device? Looking to build binaries for both 32bit and 64bit arm to run on newer Android devices but not luck so far to make a static build, unfortunately.

@josephlr any updates on the flag to compile fscryptc without pam, ref. what you mentioned a few posts above.

[badhhui]

I also encountered this error when I copied the generated executable to qemu's linux kernel using static compilation, how should I solve it?

[BlueMax]

did you get this running on the Android device?

I could compile and run it but i haven't checked for actual functionality. It needs dummy/existing /etc/passwd file if i reckon correctly (error: cannot look up userids).

I used the compile line below. The make bin/fscrypt might be the trick. Can't remember anymore.

GO_FLAGS=-buildmode=exe GOARCH=arm64 CGO_ENABLED=1 make bin/fscrypt LDFLAGS="-static -ldl -laudit -lcap-ng" CFLAGS="-O2 -g0 -s -static -pipe -pthread -Wp,-I/home/user/android/sysroot-aarch64/usr/include -Wl,-L/home/user/android/sysroot-aarch64/usr/lib" CGO_CFLAGS="--sysroot /home/user/android/sysroot-aarch64" CGO_LDFLAGS="--sysroot /home/user/android/sysroot-aarch64"