From cc2a75b05029453192cbf90687ce5af5016841ad Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Thu, 16 Jun 2016 23:23:09 +0200
Subject: [PATCH] Mount v0.6 and older filesystems as read-only

This is part of the phase-out of very old filesystems.

See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
---
 internal/configfile/config_file.go | 20 +++++++++++++++-----
 main.go                            |  7 +++++--
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 1753cf3..7024849 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -118,10 +118,12 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 	if deprecatedFs {
 		fmt.Printf("\033[33m" + `
     This filesystem was created by gocryptfs v0.6 or earlier. You are missing
-    security improvements. gocryptfs v1.0 is scheduled to drop support for this
-    filesystem, please upgrade!
-    If you disagree with the plan or have trouble upgrading, please join the
-    discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
+    security improvements. Mounting read-only, please upgrade!
+    Instructions: https://github.com/rfjakob/gocryptfs/wiki/Upgrading
+
+    gocryptfs v1.0 is scheduled to drop support for this filesystem completely.
+    If you disagree with the plan or have trouble upgrading, please join
+    the discussion at https://github.com/rfjakob/gocryptfs/issues/29 .
 
 ` + "\033[0m")
 	}
@@ -143,9 +145,17 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 		return nil, nil, fmt.Errorf("Password incorrect.")
 	}
 
-	return key, &cf, nil
+	if deprecatedFs {
+		err = DeprecatedFsError{}
+	}
+	return key, &cf, err
 }
 
+// The filesystem is deprecated.
+type DeprecatedFsError struct{}
+
+func (e DeprecatedFsError) Error() string { return "deprecated filesystem" }
+
 // EncryptKey - encrypt "key" using an scrypt hash generated from "password"
 // and store it in cf.EncryptedKey.
 // Uses scrypt with cost parameter logN and stores the scrypt parameters in
diff --git a/main.go b/main.go
index 2d7b50f..b29b2f6 100644
--- a/main.go
+++ b/main.go
@@ -122,8 +122,11 @@ func loadConfig(args *argContainer) (masterkey []byte, confFile *configfile.Conf
 	pw := readpassword.Once(args.extpass)
 	tlog.Info.Println("Decrypting master key")
 	masterkey, confFile, err = configfile.LoadConfFile(args.config, pw)
-	if err != nil {
-		tlog.Fatal.Println(err.Error())
+	if _, ok := err.(configfile.DeprecatedFsError); ok {
+		// Force read-only mode
+		args.ro = true
+	} else if err != nil {
+		tlog.Fatal.Println(err)
 		os.Exit(ERREXIT_LOADCONF)
 	}