Update README and MANPAGE for v1.5

Also update the performance numbers. I see some slowdown, reason
is not yet clear, but nothing to block the release.
This commit is contained in:
Jakob Unterwurzacher 2018-06-10 19:30:10 +02:00
parent e925e1b78e
commit 009cc0ae8b
3 changed files with 46 additions and 9 deletions

View File

@ -54,6 +54,11 @@ be suitable.
#### -d, -debug
Enable debug output.
#### -dev, -nodev
Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount
(default: `-nodev`). If both are specified, `-nodev` takes precedence.
You need root permissions to use `-dev`.
#### -devrandom
Use /dev/random for generating the master key instead of the default Go
implementation. This is especially useful on embedded systems with Go versions
@ -61,6 +66,10 @@ prior to 1.9, which fall back to weak random data when the getrandom syscall
is blocking. Using this option can block indefinitely when the kernel cannot
harvest enough entropy.
#### -exec, -noexec
Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount
(default: `-exec`). If both are specified, `-noexec` takes precedence.
#### -extpass string
Use an external program (like ssh-askpass) for the password prompt.
The program should return the password on stdout, a trailing newline is
@ -172,6 +181,12 @@ Examples:
Write memory profile to the specified file. This is useful when debugging
memory usage of gocryptfs.
#### -nodev
See `-dev, -nodev`.
#### -noexec
See `-exec, -noexec`.
#### -nonempty
Allow mounting over non-empty directories. FUSE by default disallows
this to prevent accidental shadowing of files.
@ -197,6 +212,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs
daemonizes. This option disables the redirection and messages will
continue be printed to stdout and stderr.
#### -nosuid
See `-suid, -nosuid`.
#### -notifypid int
Send USR1 to the specified process after successful mount. This is
used internally for daemonization.
@ -222,7 +240,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
option.
#### -passfile string/
#### -passfile string
Read password from the specified file. This is a shortcut for
specifying '-extpass="/bin/cat -- FILE"'.
@ -253,8 +271,9 @@ mounted using gocryptfs v1.2 and higher.
Reverse mode shows a read-only encrypted view of a plaintext
directory. Implies "-aessiv".
#### -ro
Mount the filesystem read-only.
#### -rw, -ro
Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`).
If both are specified, `-ro` takes precence.
#### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
@ -311,6 +330,11 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
(if available). The library that will be selected on "-openssl=auto"
(the default) is marked as such.
#### -suid, -nosuid
Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs
mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence.
You need root permissions to use `-suid`.
#### -trace string
Write execution trace to file. View the trace using "go tool trace FILE".
@ -363,4 +387,4 @@ other: please check the error message
SEE ALSO
========
fuse(8) fallocate(2)
mount(2) fuse(8) fallocate(2)

View File

@ -41,6 +41,7 @@ v1.4-45-gd5671b7 183 282 14.9 7.3 1.1 2.9
v1.4-45-gd5671b7 252 285 15.5 7.2 1.1 2.9 go1.8.3, Linux 4.11
v1.4.1 253 285 16.0 7.4 1.3 3.0 go1.9, Linux 4.12.5
v1.4.1-6-g276567e 258 289 16.1 7.5 1.3 3.0
v1.5 228 292 17.6 9.3 1.5 3.5 go1.10.2, Linux 4.16.8
Results for EncFS for comparison (benchmark.bash -encfs):

View File

@ -153,13 +153,25 @@ RM: 4.42
Changelog
---------
vNEXT, in progress
v1.5, 2018-06-12
* **Support extended attributes (xattr)** in forward mode
([#217](https://github.com/rfjakob/gocryptfs/issues/217)). Older gocryptfs versions
will ignore the extended attributes.
* **Add `-fsck` function**
([#191](https://github.com/rfjakob/gocryptfs/issues/191))
* Fix clobbered timestamps on MacOS High Sierra
([#229](https://github.com/rfjakob/gocryptfs/issues/229))
* Add `-masterkey=stdin` functionality
([#218](https://github.com/rfjakob/gocryptfs/issues/218))
* Support extended attributes (xattr) in forward mode
([#217](https://github.com/rfjakob/gocryptfs/issues/217))
* Add `-fsck` function
([#191](https://github.com/rfjakob/gocryptfs/issues/191))
* Accept `-dev`/`-nodev`, `suid`/`nosuid`, `-exec`/`-noexec`,
`-ro`/`-rw` flags to make mounting via `/etc/fstab` possible.
Thanks @mahkoh! ([#233](https://github.com/rfjakob/gocryptfs/pull/233),
[commit](https://github.com/rfjakob/gocryptfs/commit/53d6a9999dd0e4c31636d16179f284fff35a35d9),
[commit](https://github.com/rfjakob/gocryptfs/commit/10212d791a3196c2c8705a7a3cccdeb14a8efdbe))
* Fix a `logger` path issue on SuSE
[#225](https://github.com/rfjakob/gocryptfs/issues/225)
* Stop printing the help text on a "flag provided but not defined"
error ([commit](https://github.com/rfjakob/gocryptfs/commit/5ad26495fc86527bbfe75ac6b46528d49a373676))
v1.4.4, 2018-03-18
* Overwrite secrets in memory with zeros as soon as possible