Commit Graph

171 Commits (39b1070506436dcf35ac83c7f8cee65067856062)

Author SHA1 Message Date
a1346054 7c2255be90 *: trim trailing whitespace 2021-09-01 10:22:01 +02:00
a1346054 6cb03b54fe *: fix spelling 2021-09-01 10:22:01 +02:00
a1346054 c63f7e9f64 shell scripts: fix shellcheck warnings 2021-09-01 10:22:01 +02:00
Jakob Unterwurzacher 91d3b30c1c doc: describe XChaCha20-Poly1305
Different nonce size.
2021-08-26 08:43:41 +02:00
Jakob Unterwurzacher 61ef6b00a6 -devrandom: make flag a no-op
Commit f3c777d5ea added the `-devrandom` option:

    commit f3c777d5ea
    Author: @slackner
    Date:   Sun Nov 19 13:30:04 2017 +0100

    main: Add '-devrandom' commandline option

    Allows to use /dev/random for generating the master key instead of the
    default Go implementation. When the kernel random generator has been
    properly initialized both are considered equally secure, however:

    * Versions of Go prior to 1.9 just fall back to /dev/urandom if the
      getrandom() syscall would be blocking (Go Bug #19274)

    * Kernel versions prior to 3.17 do not support getrandom(), and there
      is no check if the random generator has been properly initialized
      before reading from /dev/urandom

    This is especially useful for embedded hardware with low-entroy. Please
    note that generation of the master key might block indefinitely if the
    kernel cannot harvest enough entropy.

We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.
2021-08-25 12:39:17 +02:00
Jakob Unterwurzacher 24bb28a517 MANPAGE: add -xchacha 2021-08-24 14:05:52 +02:00
Jakob Unterwurzacher 14bf80301b MANPAGE: move nosyslog to MOUNT OPTIONS section
It was in INIT OPTIONS by mistake.
2021-08-20 16:01:53 +02:00
Jakob Unterwurzacher 2a9dea2973 -deterministic-names: accept flag on -init
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-20 15:57:40 +02:00
Jose M Perez 8f94083a21 Flag -zerodiriv to create all diriv as all zero byte files 2021-08-19 18:05:54 +02:00
Jakob Unterwurzacher dc52e32151 MANPAGE: add "exclude all but" example
2021-08-18 11:39:01 +02:00
Jakob Unterwurzacher 022c169c39 MANPAGE: -ew: make gitignore syntax more prominent
2021-08-18 10:37:53 +02:00
Jakob Unterwurzacher b2724070d9 reverse mode: implement -one-file-system
2021-08-16 19:23:58 +02:00
Jakob Unterwurzacher fe616ddad5 doc: update performance.txt 2021-06-26 20:57:39 +02:00
Jakob Unterwurzacher cdddd1d711 MANPAGE: describe -badname 2021-06-20 18:09:21 +02:00
Jakob Unterwurzacher 5ed1a90c7e doc: add benchmark for v2.0, reformat table 2021-06-05 14:46:49 +02:00
Jakob Unterwurzacher 5cb1e55714 Doc: update performance.txt 2021-04-07 07:21:20 +02:00
Jakob Unterwurzacher dc8501f6b2 performance.txt: add dirfd caching results
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance
regression to this commit.
2021-04-03 14:09:10 +02:00
Jakob Unterwurzacher 6b492fdcb8 MANPAGE: add sub-headers to EXAMPLES
Makes linking to them easier.
2021-01-10 08:01:08 +01:00
Jakob Unterwurzacher de108d3fc0 -idle: don't lazy-unmount
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.

We used to lazy-unmount in this case, but this means
pulling the rug from under the process.

For example, bash will start throwing

  cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory


2021-01-02 18:19:41 +01:00
gmd20 c20c7992a0 main: add "-kernel_cache" flag
This option is similar to fuse(8) kernel_cache

Verified using vmtouch.

Without -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011159 seconds
           Files: 1
     Directories: 0
  Resident Pages: 0/2560  0/10M  0%
         Elapsed: 0.000993 seconds

With -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011564 seconds
           Files: 1
     Directories: 0
  Resident Pages: 2560/2560  10M/10M  100%
         Elapsed: 0.000369 seconds
2020-12-20 09:55:04 +01:00
Jakob Unterwurzacher 14dac373c2 MANPAGE: add fstab example
2020-11-14 15:27:40 +01:00
Jakob Unterwurzacher 8470cc38df MANPAGE: add -info example output 2020-11-14 15:08:57 +01:00
Jakob Unterwurzacher 6bb42f79fd MANPAGE: split up OPTIONS into action flags, init, mount, common
2020-11-14 15:00:47 +01:00
Jakob Unterwurzacher 0b2562fdba MANPAGE: clarify -fg and syslog interaction
The flag -fg does NOT imply -nosyslog. Syslog redirection is
active when -notifypid is passed.
2020-11-14 14:29:04 +01:00
Jakob Unterwurzacher 4872a4a8aa performance.txt: add v2.0-beta1-9 results 2020-11-10 19:27:30 +01:00
Jakob Unterwurzacher 6697ffd6e2 fusefronted: reject GETXATTR "security.capability"
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.

2020-10-18 21:07:30 +02:00
Jakob Unterwurzacher d656574d08 performance.txt: add gocryptfs v1.8.0 results 2020-10-16 20:03:59 +02:00
Jakob Unterwurzacher f99050b78a Update performance.txt with gocryptfs v2.0-beta1 result
As expected, we are slow. Fd caching will be implemented later.
2020-10-16 19:13:32 +02:00
Pavol Rusnak 1e624a4cc3 Add support for FIDO2 tokens 2020-09-12 18:06:54 +02:00
Jakob Unterwurzacher 570e9baadf manpage: link to exitcodes.go 2020-09-06 11:38:13 +02:00
Jakob Unterwurzacher 416080203b main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

2020-05-17 19:31:04 +02:00
Jakob Unterwurzacher 5af7d3c699 gocryptfs-xray: document -encrypt-paths / -decrypt-paths 2020-05-10 00:14:03 +02:00
Jakob Unterwurzacher d612ee5d91 Documentation: update performance.txt
Bisecting shows that the performance drop is caused by
this commit:

commit ca9e912a28 (refs/bisect/bad)
Author: Jakob Unterwurzacher <>
Date:   Sat Feb 29 19:58:08 2020 +0100

    fusefrontend: drop xattr user namespace restriction
2020-05-03 21:20:30 +02:00
Oscar 75f16771ff Update manpage examples 2020-04-07 22:04:40 +02:00
Jakob Unterwurzacher 97743858ce performance.txt: update result for governor = performance
Also add big signs where the cpu has changed, as the results
are not comparable when the cpu is different.

Also update encfs results.
2020-02-15 21:42:39 +01:00
Pavol Rusnak 1364b44ae3 remove Trezor support 2019-12-28 19:50:49 +01:00
Jakob Unterwurzacher 9178aa1534 MANPAGE: describe how to unmount, and that default options are fine
Feedback received during the recent Go user group. If you haven't
used FUSE before, you don't know how to unmount, and it was not
described in the man page!

As for the options, there are many, and new users are intimidated
by it. State clearly that defaults are fine.
2019-11-17 11:04:41 +01:00
Jakob Unterwurzacher 03fdfc4c90 Update performance.txt 2019-10-13 19:55:06 +02:00
Jakob Unterwurzacher 26f9f8ff72 Update fuse-xfstests results 2019-10-13 19:34:03 +02:00
Jakob Unterwurzacher ed230379e7 Expand statfs man page a little and include in build.bash 2019-09-08 15:50:05 +02:00
Felix Lechner 92ae62f9cc Provide a manpage for statfs tool. 2019-09-08 15:30:29 +02:00
Felix Lechner 372e0333b3 Fix 'cannot adjust line' warning from man in gocryptfs manpage.
When generating man pages, pandoc marks indented code blocks with the
roff macro '.nf'. That avoids a warning from man related to the long
line about the master key.
2019-09-07 14:20:55 +02:00
Felix Lechner 76969e5992 Fix a typo in gocryptfs manpage. 2019-09-07 14:13:29 +02:00
Jakob Unterwurzacher 8f2723b387 Allow "nofail" for /etc/fstab use 2019-03-31 14:33:02 +02:00
Eduardo M KALINOWSKI 3bc100aeb3 reverse mode: support wildcard exclude (--exclude-wildcard)
This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.

Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).
2019-03-26 20:56:37 +01:00
Jakob Unterwurzacher 015cbc8195 gocryptfs-xray man page: I did mean gocryptfs-xray
...not gocryptfs here.
2019-03-18 21:22:35 +01:00
Jakob Unterwurzacher cf27037f20 Allow multiple -extpass arguments
To support arguments containing spaces, -extpass can now
be passed multiple times.
2019-03-03 13:25:30 +01:00
Jakob Unterwurzacher 61940a9c06 Include rendered man page in source tarballs
This gives users who build from the source tarball, but
do not want to install pandoc, access to the man pages.

Apperently the gocryptfs homebrew package ships without
the man pages at the moment to avoid pandoc.

Requested at
2019-03-02 15:43:58 +01:00
Sebastian Lackner f17721c364 A few more spelling fixes. 2019-01-05 12:27:55 +01:00
Jakob Unterwurzacher 61a6b24d4e doc: update extractloop results
Update output and add a nice plot.
2019-01-05 12:17:17 +01:00