libcryfs/README.md

189 lines
7.4 KiB
Markdown
Raw Normal View History

2019-02-09 03:55:26 +01:00
# CryFS [![Build Status](https://travis-ci.org/cryfs/cryfs.svg?branch=master)](https://travis-ci.org/cryfs/cryfs) [![CircleCI](https://circleci.com/gh/cryfs/cryfs/tree/master.svg?style=svg)](https://circleci.com/gh/cryfs/cryfs/tree/master) [![Build status](https://ci.appveyor.com/api/projects/status/84ouutflsnap9dlv/branch/master?svg=true)](https://ci.appveyor.com/project/smessmer/cryfs/branch/master)
2017-09-11 23:59:21 +02:00
2015-12-17 20:36:15 +01:00
CryFS encrypts your files, so you can safely store them anywhere. It works well together with cloud services like Dropbox, iCloud, OneDrive and others.
2016-01-31 21:44:32 +01:00
See [https://www.cryfs.org](https://www.cryfs.org).
Install latest release
2015-12-17 19:49:06 +01:00
======================
Linux
------
2018-01-13 00:22:24 +01:00
This only works for Ubuntu 17.04 and later, and Debian Stretch and later.
You can also use CryFS on older versions of these distributions by following the **Building from source** instructions below.
2015-12-17 19:49:06 +01:00
2017-09-30 07:17:34 +02:00
sudo apt install cryfs
OSX
----
2019-12-25 09:20:10 +01:00
CryFS is distributed via Homebrew and MacPorts.
If you use Homebrew:
2019-01-21 20:25:31 +01:00
brew cask install osxfuse
brew install cryfs
2019-12-25 09:20:10 +01:00
If you use MacPorts (not available for OSX 10.15 at the moment):
port install cryfs
Windows (experimental)
----------------------
CryFS has experimental Windows support since the 0.10 release series. To install it, do:
1. Install [DokanY](https://github.com/dokan-dev/dokany/releases)
2020-02-24 04:34:02 +01:00
2. Install [Microsoft Visual C++ Redistributable for Visual Studio 2019](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads)
2019-01-21 20:24:41 +01:00
3. Install [CryFS](https://www.cryfs.org/#download)
2015-12-17 19:49:06 +01:00
2016-02-12 23:29:44 +01:00
GUI
===
2017-11-23 02:56:01 +01:00
Theres some GUI applications with CryFS support. You usually have to install the GUI **and** also CryFS itself for it to work.
- [SiriKali](https://mhogomchungu.github.io/sirikali/)
- [Plasma Vault](https://www.kde.org/announcements/plasma-5.11.0.php) in KDE Plasma >= 5.11
2015-09-29 15:47:05 +02:00
Building from source
====================
Requirements
------------
2016-02-15 02:40:56 +01:00
- Git (for getting the source code)
2019-11-02 20:11:05 +01:00
- GCC version >= 6.5 or Clang >= 4.0
2021-01-07 07:23:03 +01:00
- CMake version >= 3.9
- Conan package manager
- libcurl4 (including development headers)
2016-02-12 13:27:06 +01:00
- SSL development libraries (including development headers, e.g. libssl-dev)
2016-02-15 18:07:24 +01:00
- libFUSE version >= 2.8.6 (including development headers), on Mac OS X instead install osxfuse from https://osxfuse.github.io/
2020-07-09 10:18:10 +02:00
- Python >= 3.5
2018-05-21 00:00:25 +02:00
- OpenMP
You can use the following commands to install these requirements
2015-09-29 15:47:05 +02:00
# Ubuntu
$ sudo apt install git g++ cmake make libcurl4-openssl-dev libssl-dev libfuse-dev python python3-pip
$ sudo pip3 install conan
# Fedora
$ sudo dnf install git gcc-c++ cmake make libcurl-devel openssl-devel fuse-devel python python3-pip
$ sudo pip3 install conan
# Macintosh
$ brew install cmake openssl libomp
$ sudo pip3 install conan
2016-02-12 10:16:38 +01:00
Build & Install
---------------
2015-09-29 15:47:05 +02:00
1. Clone repository
2016-02-11 19:58:55 +01:00
$ git clone https://github.com/cryfs/cryfs.git cryfs
2015-09-29 15:47:05 +02:00
$ cd cryfs
2. Build
$ mkdir cmake && cd cmake
$ cmake ..
$ make
3. Install
2015-10-26 20:44:00 +01:00
$ sudo make install
You can pass the following variables to the *cmake* command (using *-Dvariablename=value*):
- **-DCMAKE_BUILD_TYPE**=[Release|Debug]: Whether to run code optimization or add debug symbols. Default: Release
- **-DBUILD_TESTING**=[on|off]: Whether to build the test cases (can take a long time). Default: off
- **-DCRYFS_UPDATE_CHECKS**=off: Build a CryFS that doesn't check online for updates and security vulnerabilities.
Building on Windows (experimental)
----------------------------------
2020-02-24 04:34:02 +01:00
Build with Visual Studio 2019 and pass in the following flags to CMake:
-DDOKAN_PATH=[dokan library location, e.g. "C:\Program Files\Dokan\DokanLibrary-1.2.1"]
2020-02-24 04:34:02 +01:00
If you set these variables correctly in the `CMakeSettings.json` file, you should be able to open the cryfs source folder with Visual Studio 2019.
Troubleshooting
---------------
2016-02-12 10:16:38 +01:00
On most systems, CMake should find the libraries automatically. However, that doesn't always work.
1. **Fuse/Osxfuse library not found**
Pass in the library path with
cmake .. -DFUSE_LIB_PATH=/path/to/fuse/or/osxfuse
2. **Fuse/Osxfuse headers not found**
Pass in the include path with
cmake .. -DCMAKE_CXX_FLAGS="-I/path/to/fuse/or/osxfuse/headers"
3. **Openssl headers not found**
Pass in the include path with
2016-02-15 18:12:23 +01:00
cmake .. -DCMAKE_C_FLAGS="-I/path/to/openssl/include"
2016-02-15 18:07:24 +01:00
4. **OpenMP not found (osx)**
Either build it without OpenMP
cmake .. -DDISABLE_OPENMP=on
but that will cause slower file system mount times (performance after mounting will be unaffected).
If you installed OpenMP with homebrew or macports, it should be autodetected.
If that doesn't work for some reason (or you want to use a different installation than the autodetected one),
pass in these flags:
cmake .. -DOpenMP_CXX_FLAGS='-Xpreprocessor -fopenmp -I/path/to/openmp/include' -DOpenMP_CXX_LIB_NAMES=omp -DOpenMP_omp_LIBRARY=/path/to/libomp.dylib
2016-02-12 10:16:38 +01:00
Using local dependencies
-------------------------------
Starting with CryFS 0.11, Conan is used for dependency management.
When you build CryFS, Conan downloads the exact version of each dependency library that was also used for development.
All dependencies are linked statically, so there should be no incompatibility with locally installed libraries.
This is the recommended way because it has the highest probability of working correctly.
However, some distributions prefer software packages to be built against dependencies dynamically and against locally installed versions of libraries.
So if you're building a package for such a distribution, you have the option of doing that, at the cost of potential incompatibilities.
If you follow this workflow, please make sure to extensively test your build of CryFS.
You're using a setup that wasn't tested by the CryFS developers.
To use local dependencies, you need to tell the CryFS build how to get these dependencies.
You can do this by writing a small CMake configuration file and passing it to the CryFS build using `-DDEPENDENCY_CONFIG=filename`.
This configuration file needs to define a cmake target for each of the dependencies.
Here's an [example config file](cmake-utils/DependenciesFromConan.cmake) that gets the dependencies from conan.
And here's another [example config file](cmake-utils/DependenciesFromLocalSystem.cmake) that works for getting dependencies that are locally installed in Ubuntu.
You can create your own configuration file to tell the build how to get its dependencies and, for example, mix and match. Get some dependencies from Conan and others from the local system.
Creating .deb and .rpm packages
-------------------------------
2016-02-12 10:16:38 +01:00
2019-12-29 10:13:52 +01:00
It is recommended to install CryFS using packages, because that allows for an easy way to uninstall it again once you don't need it anymore.
2020-07-02 12:03:00 +02:00
If you want to create a .rpm package, you need to install rpmbuild.
2016-02-12 10:16:38 +01:00
1. Clone repository
$ git clone https://github.com/cryfs/cryfs.git cryfs
$ cd cryfs
2. Build
$ mkdir cmake && cd cmake
$ cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_TESTING=off
2016-02-12 10:16:38 +01:00
$ make package
2016-09-19 23:48:05 +02:00
Disclaimer
----------------------
2020-07-02 12:03:00 +02:00
In the event of a password leak, you are strongly advised to create a new filesystem and copy all the data over from the previous one. Done this, all copies of the compromised filesystem and config file must be removed (e.g, from the "previous versions" feature of your cloud system) to prevent access to the key (and, as a result, your data) using the leaked password.