main: add "-info" option
Pretty-prints the config while stripping out sensitive (and uninteresting) data https://github.com/rfjakob/gocryptfs/issues/111
This commit is contained in:
parent
ca5f469ea3
commit
1e598e96fc
|
@ -86,6 +86,16 @@ same name. By default, CIPHERDIR is used.
|
||||||
#### -fusedebug
|
#### -fusedebug
|
||||||
Enable fuse library debug output
|
Enable fuse library debug output
|
||||||
|
|
||||||
|
#### -h, -help
|
||||||
|
Print a short help text that shows the more-often used options.
|
||||||
|
|
||||||
|
#### -hh
|
||||||
|
Long help text, shows all available options.
|
||||||
|
|
||||||
|
#### -info
|
||||||
|
Pretty-print the contents of the config file for human consumption,
|
||||||
|
stripping out sensitive data.
|
||||||
|
|
||||||
#### -init
|
#### -init
|
||||||
Initialize encrypted directory
|
Initialize encrypted directory
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ type argContainer struct {
|
||||||
debug, init, zerokey, fusedebug, openssl, passwd, fg, version,
|
debug, init, zerokey, fusedebug, openssl, passwd, fg, version,
|
||||||
plaintextnames, quiet, nosyslog, wpanic,
|
plaintextnames, quiet, nosyslog, wpanic,
|
||||||
longnames, allow_other, ro, reverse, aessiv, nonempty, raw64,
|
longnames, allow_other, ro, reverse, aessiv, nonempty, raw64,
|
||||||
noprealloc, speed, hkdf, serialize_reads, forcedecode, hh bool
|
noprealloc, speed, hkdf, serialize_reads, forcedecode, hh, info bool
|
||||||
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
|
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
|
||||||
memprofile, ko, passfile, ctlsock, fsname string
|
memprofile, ko, passfile, ctlsock, fsname string
|
||||||
// Configuration file name override
|
// Configuration file name override
|
||||||
|
@ -126,6 +126,7 @@ func parseCliOpts() (args argContainer) {
|
||||||
flagSet.BoolVar(&args.forcedecode, "forcedecode", false, "Force decode of files even if integrity check fails."+
|
flagSet.BoolVar(&args.forcedecode, "forcedecode", false, "Force decode of files even if integrity check fails."+
|
||||||
" Requires gocryptfs to be compiled with openssl support and implies -openssl true")
|
" Requires gocryptfs to be compiled with openssl support and implies -openssl true")
|
||||||
flagSet.BoolVar(&args.hh, "hh", false, "Show this long help text")
|
flagSet.BoolVar(&args.hh, "hh", false, "Show this long help text")
|
||||||
|
flagSet.BoolVar(&args.info, "info", false, "Display information about CIPHERDIR")
|
||||||
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
|
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
|
||||||
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
|
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
|
||||||
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
|
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
|
||||||
|
|
3
help.go
3
help.go
|
@ -7,7 +7,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const tUsage = "" +
|
const tUsage = "" +
|
||||||
"Usage: " + tlog.ProgramName + " -init|-passwd [OPTIONS] CIPHERDIR\n" +
|
"Usage: " + tlog.ProgramName + " -init|-passwd|-info [OPTIONS] CIPHERDIR\n" +
|
||||||
" or " + tlog.ProgramName + " [OPTIONS] CIPHERDIR MOUNTPOINT\n"
|
" or " + tlog.ProgramName + " [OPTIONS] CIPHERDIR MOUNTPOINT\n"
|
||||||
|
|
||||||
// helpShort is what gets displayed when passed "-h" or on syntax error.
|
// helpShort is what gets displayed when passed "-h" or on syntax error.
|
||||||
|
@ -27,6 +27,7 @@ Common Options (use -hh to show all):
|
||||||
-h, -help This short help text
|
-h, -help This short help text
|
||||||
-hh Long help text with all options
|
-hh Long help text with all options
|
||||||
-init Initialize encrypted directory
|
-init Initialize encrypted directory
|
||||||
|
-info Display information about encrypted directory
|
||||||
-masterkey Mount with explicit master key instead of password
|
-masterkey Mount with explicit master key instead of password
|
||||||
-nonempty Allow mounting over non-empty directory
|
-nonempty Allow mounting over non-empty directory
|
||||||
-nosyslog Do not redirect log messages to syslog
|
-nosyslog Do not redirect log messages to syslog
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/configfile"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/exitcodes"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
||||||
|
)
|
||||||
|
|
||||||
|
// info pretty-prints the contents of the config file at "filename" for human
|
||||||
|
// consumption, stripping out sensitive data.
|
||||||
|
// This is called when you pass the "-info" option.
|
||||||
|
func info(filename string) {
|
||||||
|
// Read from disk
|
||||||
|
js, err := ioutil.ReadFile(filename)
|
||||||
|
if err != nil {
|
||||||
|
tlog.Fatal.Printf("info: ReadFile: %#v\n", err)
|
||||||
|
os.Exit(exitcodes.LoadConf)
|
||||||
|
}
|
||||||
|
// Unmarshal
|
||||||
|
var cf configfile.ConfFile
|
||||||
|
err = json.Unmarshal(js, &cf)
|
||||||
|
if err != nil {
|
||||||
|
tlog.Fatal.Printf("Failed to unmarshal config file")
|
||||||
|
os.Exit(exitcodes.LoadConf)
|
||||||
|
}
|
||||||
|
if cf.Version != contentenc.CurrentVersion {
|
||||||
|
tlog.Fatal.Printf("Unsupported on-disk format %d", cf.Version)
|
||||||
|
os.Exit(exitcodes.LoadConf)
|
||||||
|
}
|
||||||
|
// Pretty-print
|
||||||
|
fmt.Printf("Creator: %s\n", cf.Creator)
|
||||||
|
fmt.Printf("FeatureFlags: %s\n", strings.Join(cf.FeatureFlags, " "))
|
||||||
|
fmt.Printf("EncryptedKey: %dB\n", len(cf.EncryptedKey))
|
||||||
|
s := cf.ScryptObject
|
||||||
|
fmt.Printf("ScryptObject: Salt=%dB N=%d R=%d P=%d KeyLen=%d\n",
|
||||||
|
len(s.Salt), s.N, s.R, s.P, s.KeyLen)
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
14
main.go
14
main.go
|
@ -214,7 +214,19 @@ func main() {
|
||||||
} else {
|
} else {
|
||||||
tlog.Debug.Printf("OpenSSL enabled")
|
tlog.Debug.Printf("OpenSSL enabled")
|
||||||
}
|
}
|
||||||
// Operation flags: -init or -passwd; otherwise: mount
|
// Operation flags
|
||||||
|
if args.info && args.init || args.info && args.passwd || args.passwd && args.init {
|
||||||
|
tlog.Fatal.Printf("At most one of -info, -init, -passwd is allowed")
|
||||||
|
os.Exit(exitcodes.Usage)
|
||||||
|
}
|
||||||
|
// "-info"
|
||||||
|
if args.info {
|
||||||
|
if flagSet.NArg() > 1 {
|
||||||
|
tlog.Fatal.Printf("Usage: %s -info CIPHERDIR", tlog.ProgramName)
|
||||||
|
os.Exit(exitcodes.Usage)
|
||||||
|
}
|
||||||
|
info(args.config) // does not return
|
||||||
|
}
|
||||||
// "-init"
|
// "-init"
|
||||||
if args.init {
|
if args.init {
|
||||||
if flagSet.NArg() > 1 {
|
if flagSet.NArg() > 1 {
|
||||||
|
|
Loading…
Reference in New Issue