libgocryptfs/init_dir.go

package main

import (
	"os"
	"path/filepath"
	"strings"

	"github.com/rfjakob/gocryptfs/internal/configfile"
	"github.com/rfjakob/gocryptfs/internal/exitcodes"
	"github.com/rfjakob/gocryptfs/internal/nametransform"
	"github.com/rfjakob/gocryptfs/internal/readpassword"
	"github.com/rfjakob/gocryptfs/internal/tlog"
)

// initDir prepares a directory for use as a gocryptfs storage directory.
// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv
// files in an empty directory.
// In reverse mode, we create .gocryptfs.reverse.conf and the directory does
// not to be empty.
func initDir(args *argContainer) {
	var err error
	if args.reverse {
		_, err = os.Stat(args.config)
		if err == nil {
			tlog.Fatal.Printf("Config file %q already exists", args.config)
			os.Exit(exitcodes.Init)
		}
	} else {
		err = checkDirEmpty(args.cipherdir)
		if err != nil {
			tlog.Fatal.Printf("Invalid cipherdir: %v", err)
			os.Exit(exitcodes.Init)
		}
	}
	// Choose password for config file
	if args.extpass == "" {
		tlog.Info.Printf("Choose a password for protecting your files.")
	}
	{
		creator := tlog.ProgramName + " " + GitVersion
		password := readpassword.Twice(args.extpass)
		readpassword.CheckTrailingGarbage()
		err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.WriteConf)
		}
		// Note: cannot overwrite password because in Go, strings are
		// read-only byte slices.
		// password runs out of scope here
	}
	// Forward mode with filename encryption enabled needs a gocryptfs.diriv
	// in the root dir
	if !args.plaintextnames && !args.reverse {
		err = nametransform.WriteDirIV(nil, args.cipherdir)
		if err != nil {
			tlog.Fatal.Println(err)
			os.Exit(exitcodes.Init)
		}
	}
	mountArgs := ""
	fsName := "gocryptfs"
	if args.reverse {
		mountArgs = " -reverse"
		fsName = "gocryptfs-reverse"
	}
	tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,
		fsName)
	wd, _ := os.Getwd()
	friendlyPath, _ := filepath.Rel(wd, args.cipherdir)
	if strings.HasPrefix(friendlyPath, "../") {
		// A relative path that starts with "../" is pretty unfriendly, just
		// keep the absolute path.
		friendlyPath = args.cipherdir
	}
	if strings.Contains(friendlyPath, " ") {
		friendlyPath = "\"" + friendlyPath + "\""
	}
	tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,
		tlog.ProgramName, mountArgs, friendlyPath)
	os.Exit(0)
}
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`package main`

			`import (`
			`"os"`
			`"path/filepath"`
			`"strings"`

			`"github.com/rfjakob/gocryptfs/internal/configfile"`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`"github.com/rfjakob/gocryptfs/internal/exitcodes"`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`"github.com/rfjakob/gocryptfs/internal/nametransform"`
			`"github.com/rfjakob/gocryptfs/internal/readpassword"`
			`"github.com/rfjakob/gocryptfs/internal/tlog"`
			`)`

reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// initDir prepares a directory for use as a gocryptfs storage directory.`
			`// In forward mode, this means creating the gocryptfs.conf and gocryptfs.diriv`
			`// files in an empty directory.`
			`// In reverse mode, we create .gocryptfs.reverse.conf and the directory does`
			`// not to be empty.`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`func initDir(args *argContainer) {`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`var err error`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`if args.reverse {`
			`_, err = os.Stat(args.config)`
			`if err == nil {`
			`tlog.Fatal.Printf("Config file %q already exists", args.config)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: init: refuse overwriting .gocryptfs.reverse.conf 2016-09-20 22:49:23 +02:00			`}`
			`} else {`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`err = checkDirEmpty(args.cipherdir)`
			`if err != nil {`
			`tlog.Fatal.Printf("Invalid cipherdir: %v", err)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`}`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// Choose password for config file`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`if args.extpass == "" {`
			`tlog.Info.Printf("Choose a password for protecting your files.")`
			`}`
main: overwrite keys and let them run out of scope As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211 2018-02-18 12:42:22 +01:00			`{`
			`creator := tlog.ProgramName + " " + GitVersion`
			`password := readpassword.Twice(args.extpass)`
			`readpassword.CheckTrailingGarbage()`
			`err = configfile.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn, creator, args.aessiv, args.devrandom)`
			`if err != nil {`
			`tlog.Fatal.Println(err)`
			`os.Exit(exitcodes.WriteConf)`
			`}`
			`// Note: cannot overwrite password because in Go, strings are`
			`// read-only byte slices.`
			`// password runs out of scope here`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
reverse: enable init functionality 2016-09-20 20:15:55 +02:00			`// Forward mode with filename encryption enabled needs a gocryptfs.diriv`
			`// in the root dir`
			`if !args.plaintextnames && !args.reverse {`
fusefrontend: allow_other: close race between mkdir and chown Fixes the same problem as described in 72b975867a3b9bdf53fc2da62e2ba4a328d7e4ab, except for directories instead of device nodes. 2017-11-29 13:21:28 +01:00			`err = nametransform.WriteDirIV(nil, args.cipherdir)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`if err != nil {`
			`tlog.Fatal.Println(err)`
exitcodes: pull all exit code definitions into the package This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 . 2017-05-07 22:15:01 +02:00			`os.Exit(exitcodes.Init)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`}`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`mountArgs := ""`
			`fsName := "gocryptfs"`
			`if args.reverse {`
			`mountArgs = " -reverse"`
			`fsName = "gocryptfs-reverse"`
			`}`
			`tlog.Info.Printf(tlog.ColorGreen+"The %s filesystem has been created successfully."+tlog.ColorReset,`
			`fsName)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`wd, _ := os.Getwd()`
			`friendlyPath, _ := filepath.Rel(wd, args.cipherdir)`
			`if strings.HasPrefix(friendlyPath, "../") {`
			`// A relative path that starts with "../" is pretty unfriendly, just`
			`// keep the absolute path.`
			`friendlyPath = args.cipherdir`
			`}`
main: init: handle spaces in mount suggestion message Before: You can now mount it using: gocryptfs a x MOUNTPOINT After: You can now mount it using: gocryptfs "a x" MOUNTPOINT This is still not bulletproof but should handle the common case of having a space in the directory name. After all, it's only a suggestion. 2016-10-09 18:27:03 +02:00			`if strings.Contains(friendlyPath, " ") {`
			`friendlyPath = "\"" + friendlyPath + "\""`
			`}`
reverse: add gcmsiv flag and associated tests 2016-09-25 15:05:09 +02:00			`tlog.Info.Printf(tlog.ColorGrey+"You can now mount it using: %s%s %s MOUNTPOINT"+tlog.ColorReset,`
			`tlog.ProgramName, mountArgs, friendlyPath)`
main: move initDir into its own file 2016-09-20 19:59:08 +02:00			`os.Exit(0)`
			`}`