MANPAGE: reformat to GFM (github flavored markdown)

This makes it render properly on the github webinterface.
2017-03-28 19:55:46 +02:00 · 2017-03-28 19:55:46 +02:00 · 602f62b821
parent 912ef72cc8
commit 602f62b821
1 changed files with 169 additions and 175 deletions
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@ -10,226 +10,220 @@ gocryptfs - mount an encrypted directory
 SYNOPSIS
 ========
-Initialize encrypted filesystem
+#### Initialize encrypted filesystem
 -------------------------------
 gocryptfs -init [OPTIONS] CIPHERDIR
-Mount
+#### Mount
 -----
 gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT [-o COMMA-SEPARATED-OPTIONS]
-Change password
+#### Change password
 ---------------
 gocryptfs -passwd [OPTIONS] CIPHERDIR
 DESCRIPTION
 ===========
-Options:
+Available options are listed below.
-**-aessiv**
+#### -aessiv
-:	Use the AES-SIV encryption mode. This is slower than GCM but is
+Use the AES-SIV encryption mode. This is slower than GCM but is
-	secure with deterministic nonces as used in "-reverse" mode.
+secure with deterministic nonces as used in "-reverse" mode.
-**-allow_other**
+#### -allow_other
-:	By default, the Linux kernel prevents any other user (even root) to
+By default, the Linux kernel prevents any other user (even root) to
-	access a mounted FUSE filesystem. Settings this option allows access for
+access a mounted FUSE filesystem. Settings this option allows access for
-	other users, subject to file permission checking. Only works if
+other users, subject to file permission checking. Only works if
-	user_allow_other is set in /etc/fuse.conf. This option is equivalent to
+user_allow_other is set in /etc/fuse.conf. This option is equivalent to
-	"allow_other" plus "default_permissions" described in fuse(8).
+"allow_other" plus "default_permissions" described in fuse(8).
-**-config string**
+#### -config string
-:	Use specified config file instead of CIPHERDIR/gocryptfs.conf
+Use specified config file instead of CIPHERDIR/gocryptfs.conf
-**-cpuprofile string**
+#### -cpuprofile string
-:	Write cpu profile to specified file
+Write cpu profile to specified file
-**-ctlsock string**
+#### -ctlsock string
-:	Create a control socket at the specified location. The socket can be
+Create a control socket at the specified location. The socket can be
-	used to decrypt and encrypt paths inside the filesystem. When using
+used to decrypt and encrypt paths inside the filesystem. When using
-	this option, make sure that the direcory you place the socket in is
+this option, make sure that the direcory you place the socket in is
-	not world-accessible. For example, `/run/user/UID/my.socket` would 
+not world-accessible. For example, `/run/user/UID/my.socket` would 
-	be suitable.
+be suitable.
-**-d, -debug**
+#### -d, -debug
-:	Enable debug output
+Enable debug output
-**-extpass string**
+#### -extpass string
-:	Use an external program (like ssh-askpass) for the password prompt.
+Use an external program (like ssh-askpass) for the password prompt.
-	The program should return the password on stdout, a trailing newline is
+The program should return the password on stdout, a trailing newline is
-	stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
+stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
-	to mount the gocryptfs filesytem without user interaction.
+to mount the gocryptfs filesytem without user interaction.
-**-fg, -f**
+#### -fg, -f
-:	Stay in the foreground instead of forking away. Implies "-nosyslog".
+Stay in the foreground instead of forking away. Implies "-nosyslog".
-	For compatability, "-f" is also accepted, but "-fg" is preferred.
+For compatability, "-f" is also accepted, but "-fg" is preferred.
-**-fsname string**
+#### -fsname string
-:	Override the filesystem name (first column in df -T). Can also be
+Override the filesystem name (first column in df -T). Can also be
-	passed as "-o fsname=" and is equivalent to libfuse's option of the
+passed as "-o fsname=" and is equivalent to libfuse's option of the
-	same name. By default, CIPHERDIR is used.
+same name. By default, CIPHERDIR is used.
-**-fusedebug**
+#### -fusedebug
-:	Enable fuse library debug output
+Enable fuse library debug output
-**-init**
+#### -init
-:	Initialize encrypted directory
+Initialize encrypted directory
-**-ko**
+#### -ko
-:	Pass additonal mount options to the kernel (comma-separated list).
+Pass additonal mount options to the kernel (comma-separated list).
-	FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
+FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
-	runs as root, you can enable device files by passing the opposite mount option,
+runs as root, you can enable device files by passing the opposite mount option,
-	"dev", and if you want to enable suid-binaries, pass "suid".
+"dev", and if you want to enable suid-binaries, pass "suid".
-	"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
+"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
-	interesting. For a complete list see the section
+interesting. For a complete list see the section
-	`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
+`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
-**-longnames**
+#### -longnames
-:	Store names longer than 176 bytes in extra files (default true)
+Store names longer than 176 bytes in extra files (default true)
-	This flag is useful when recovering old gocryptfs filesystems using
+This flag is useful when recovering old gocryptfs filesystems using
-	"-masterkey". It is ignored (stays at the default) otherwise.
+"-masterkey". It is ignored (stays at the default) otherwise.
-**-masterkey string**
+#### -masterkey string
-:	Use a explicit master key specified on the command line. This
+Use a explicit master key specified on the command line. This
-	option can be used to mount a gocryptfs filesystem without a config file.
+option can be used to mount a gocryptfs filesystem without a config file.
-	Note that the command line, and with it the master key, is visible to
+Note that the command line, and with it the master key, is visible to
-	anybody on the machine who can execute "ps -auxwww".
+anybody on the machine who can execute "ps -auxwww".
-	This is meant as a recovery option for emergencies, such as if you have
+This is meant as a recovery option for emergencies, such as if you have
-	forgotten your password.
+forgotten your password.
-	Example master key:  
+Example master key:  
-	6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
+6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
-**-memprofile string**
+#### -memprofile string
-:	Write memory profile to the specified file. This is useful when debugging
+Write memory profile to the specified file. This is useful when debugging
-	memory usage of gocryptfs.
+memory usage of gocryptfs.
-**-nonempty**
+#### -nonempty
-:	Allow mounting over non-empty directories. FUSE by default disallows
+Allow mounting over non-empty directories. FUSE by default disallows
-	this to prevent accidential shadowing of files.
+this to prevent accidential shadowing of files.
-**-noprealloc**
+#### -noprealloc
-:	Disable preallocation before writing. By default, gocryptfs
+Disable preallocation before writing. By default, gocryptfs
-	preallocates the space the next write will take using fallocate(2)
+preallocates the space the next write will take using fallocate(2)
-	in mode FALLOC_FL_KEEP_SIZE. The preallocation makes sure it cannot
+in mode FALLOC_FL_KEEP_SIZE. The preallocation makes sure it cannot
-	run out of space in the middle of the write, which would cause the
+run out of space in the middle of the write, which would cause the
-	last 4kB block to be corrupt and unreadable.
+last 4kB block to be corrupt and unreadable.
-	On ext4, preallocation is fast and does not cause a
+On ext4, preallocation is fast and does not cause a
-	noticeable performance hit. Unfortunately, on Btrfs, preallocation
+noticeable performance hit. Unfortunately, on Btrfs, preallocation
-	is very slow, especially on rotational HDDs. The "-noprealloc"
+is very slow, especially on rotational HDDs. The "-noprealloc"
-	option gives users the choice to trade robustness against
+option gives users the choice to trade robustness against
-	out-of-space errors for a massive speedup.
+out-of-space errors for a massive speedup.
-	For benchmarks and more details of the issue see
+For benchmarks and more details of the issue see
-	https://github.com/rfjakob/gocryptfs/issues/63 .
+https://github.com/rfjakob/gocryptfs/issues/63 .
-**-nosyslog**
+#### -nosyslog
-:	Diagnostic messages are normally redirected to syslog once gocryptfs
+Diagnostic messages are normally redirected to syslog once gocryptfs
-	daemonizes. This option disables the redirection and messages will
+daemonizes. This option disables the redirection and messages will
-	continue be printed to stdout and stderr.
+continue be printed to stdout and stderr.
-**-notifypid int**
+#### -notifypid int
-:	Send USR1 to the specified process after successful mount. This is
+Send USR1 to the specified process after successful mount. This is
-	used internally for daemonization.
+used internally for daemonization.
-**-o COMMA-SEPARATED-OPTIONS**
+#### -o COMMA-SEPARATED-OPTIONS
-:	For compatibility with mount(1), options are also accepted as
+For compatibility with mount(1), options are also accepted as
-	"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
+"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
-	For example, "-o q,zerokey" is equivalent to passing "-q -zerokey".
+For example, "-o q,zerokey" is equivalent to passing "-q -zerokey".
-**-openssl bool/"auto"**
+#### -openssl bool/"auto"
-:	Use OpenSSL instead of built-in Go crypto (default "auto"). Using
+Use OpenSSL instead of built-in Go crypto (default "auto"). Using
-	built-in crypto is 4x slower unless your CPU has AES instructions and
+built-in crypto is 4x slower unless your CPU has AES instructions and
-	you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
+you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
-	option.
+option.
-**-passfile string**
+#### -passfile string
-:	Read password from the specified file. This is a shortcut for
+Read password from the specified file. This is a shortcut for
-	specifying '-extpass="/bin/cat -- FILE"'.
+specifying '-extpass="/bin/cat -- FILE"'.
-**-passwd**
+#### -passwd
-:	Change the password. Will ask for the old password, check if it is
+Change the password. Will ask for the old password, check if it is
-	correct, and ask for a new one.
+correct, and ask for a new one.
-	This can be used together with `-masterkey` if
+This can be used together with `-masterkey` if
-	you forgot the password but know the master key. Note that without the
+you forgot the password but know the master key. Note that without the
-	old password, gocryptfs cannot tell if the master key is correct and will
+old password, gocryptfs cannot tell if the master key is correct and will
-	overwrite the old one without mercy. It will, however, create a backup copy
+overwrite the old one without mercy. It will, however, create a backup copy
-	of the old config file as `gocryptfs.conf.bak`. Delete it after
+of the old config file as `gocryptfs.conf.bak`. Delete it after
-	you have verified that you can access your files with the
+you have verified that you can access your files with the
-	new password.
+new password.
-**-plaintextnames**
+#### -plaintextnames
-:	Do not encrypt file names and symlink targets
+Do not encrypt file names and symlink targets
-**-q, -quiet**
+#### -q, -quiet
-:	Quiet - silence informational messages
+Quiet - silence informational messages
-**-raw64**
+#### -raw64
-:	Use unpadded base64 encoding for file names. This gets rid of the
+Use unpadded base64 encoding for file names. This gets rid of the
-	trailing "\\=\\=". A filesystem created with this option can only be
+trailing "\\=\\=". A filesystem created with this option can only be
-	mounted using gocryptfs v1.2 and higher.
+mounted using gocryptfs v1.2 and higher.
-**-reverse**
+#### -reverse
-:	Reverse mode shows a read-only encrypted view of a plaintext
+Reverse mode shows a read-only encrypted view of a plaintext
-	directory. Implies "-aessiv".
+directory. Implies "-aessiv".
-**-ro**
+#### -ro
-:	Mount the filesystem read-only
+Mount the filesystem read-only
-**-scryptn int**
+#### -scryptn int
-:	scrypt cost parameter expressed as scryptn=log2(N). Possible values are
+scrypt cost parameter expressed as scryptn=log2(N). Possible values are
-	10 to 28, representing N=2^10 to N=2^28.
+10 to 28, representing N=2^10 to N=2^28.
-	Setting this to a lower
+Setting this to a lower
-	value speeds up mounting and reduces its memory needs, but makes
+value speeds up mounting and reduces its memory needs, but makes
-	the password susceptible to brute-force attacks. The default is 16.
+the password susceptible to brute-force attacks. The default is 16.
-**-serialize_reads**
+#### -serialize_reads
-:	The kernel usually submits multiple concurrent reads to service
+The kernel usually submits multiple concurrent reads to service
-	userspace requests and kernel readahead. gocryptfs serves them
+userspace requests and kernel readahead. gocryptfs serves them
-	concurrently and in arbitrary order. On backing storage that performs
+concurrently and in arbitrary order. On backing storage that performs
-	poorly for concurrent or out-of-order reads (like Amazon Cloud Drive),
+poorly for concurrent or out-of-order reads (like Amazon Cloud Drive),
-	this behavoir can cause very slow read speeds.
+this behavoir can cause very slow read speeds.
-	The `-serialize_reads`
+The `-serialize_reads`
-	option does two things: (1) reads will be submitted one-by-one (no
+option does two things: (1) reads will be submitted one-by-one (no
-	concurrency) and (2) gocryptfs tries to order the reads by file
+concurrency) and (2) gocryptfs tries to order the reads by file
-	offset order.
+offset order.
-	The ordering requires gocryptfs to wait a certain time before
+The ordering requires gocryptfs to wait a certain time before
-	submitting a read. The serialization introduces extra locking.
+submitting a read. The serialization introduces extra locking.
-	These factors will limit throughput to below 70MB/s.
+These factors will limit throughput to below 70MB/s.
-	For more details visit https://github.com/rfjakob/gocryptfs/issues/92 .
+For more details visit https://github.com/rfjakob/gocryptfs/issues/92 .
-**-speed**
+#### -speed
-:	Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
+Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
-	(if available). The library that will be selected on "-openssl=auto"
+(if available). The library that will be selected on "-openssl=auto"
-	(the default) is marked as such.
+(the default) is marked as such.
-**-version**
+#### -version
-:	Print version and exit. The output contains three fields seperated by ";".
+Print version and exit. The output contains three fields seperated by ";".
-	Example: "gocryptfs v1.1.1-5-g75b776c; go-fuse 6b801d3; 2016-11-01 go1.7.3".
+Example: "gocryptfs v1.1.1-5-g75b776c; go-fuse 6b801d3; 2016-11-01 go1.7.3".
-	Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
+Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
-	library, field 3 is the compile date and the Go version that was
+library, field 3 is the compile date and the Go version that was
-	used.
+used.
-**-wpanic**
+#### -wpanic
-:	When encountering a warning, panic and exit immediately. This is
+When encountering a warning, panic and exit immediately. This is
-	useful in regression testing.
+useful in regression testing.
-**-zerokey**
+#### -zerokey
-:	Use all-zero dummy master key. This options is only intended for
+Use all-zero dummy master key. This options is only intended for
-	automated testing as it does not provide any security.
+automated testing as it does not provide any security.
-**--**
+#### --
-:	Stop option parsing. Helpful when CIPHERDIR may start with a
+Stop option parsing. Helpful when CIPHERDIR may start with a
-	dash "-".
+dash "-".
 EXAMPLES
 ========