Commit Graph

204 Commits (39b1070506436dcf35ac83c7f8cee65067856062)

Author SHA1 Message Date
Jakob Unterwurzacher 34d8a498c4 Unbreak hyperlinks broken by go mod v2 conversion

  69d88505fd go mod: declare module version v2

translated all instances of "" to

Unfortunately, this included hyperlinks.

Unbreak the hyperlinks like this:

  find . -name \*.go | xargs sed -i s%
2021-08-30 11:31:01 +02:00
Jakob Unterwurzacher 69d88505fd go mod: declare module version v2
Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes work.

All the import paths have been fixed like this:

  find . -name \*.go | xargs sed -i
2021-08-23 15:05:15 +02:00
Jakob Unterwurzacher 0c16616117 main: add testcases for convertToDoubleDash & parseCliOpts 2021-08-10 19:42:33 +02:00
Jakob Unterwurzacher 6b0e63c1a8 Improve startup debug output
The startup debug output was very verbose but still missing some
effective crypto settings.
2021-06-21 11:32:04 +02:00
Jakob Unterwurzacher 95ea7383f9 fsck: make sure we unmount in all cases 2020-10-17 23:03:58 +02:00
Jakob Unterwurzacher 871f305f90 main: show microseconds in go-fuse logs
Suppress the date but show microseconds in fuse debug logs
(-fusedebug) and go-fuse warnings.
2020-10-14 15:37:37 +02:00
Pavol Rusnak 1e624a4cc3 Add support for FIDO2 tokens 2020-09-12 18:06:54 +02:00
Jakob Unterwurzacher 751f237993 v2api: make fsck compile again
Horribly broken, but it compiles.

.../tests/fsck$ ./run_fsck.bash
Reading password from extpass program "echo", arguments: ["test"]
Decrypting master key
OpenDir ".": invalid entry "invalid_file_name.3": illegal base64 data at input byte 17
OpenDir ".": invalid entry "invalid_file_name_2": bad message
fsck: corrupt entry in dir "": "invalid_file_name.3"
fsck: corrupt entry in dir "": "invalid_file_name_2"
OpenDir ".": invalid entry "invalid_file_name____1": bad message
fsck: corrupt entry in dir "": "invalid_file_name____1"
fsck: error stating file ".go-fuse.5577006791947779410/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.13260572831089785859/deleted": no such file or directory
fsck: error opening dir "i10488239 (dir): ": no such file or directory
fsck: error reading symlink ".go-fuse.10667007354186551956/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.11998794077335055257/deleted": no such file or directory
2020-07-18 23:42:25 +02:00
Jakob Unterwurzacher 2aad58f9ec v2api (go-fuse v2 api): initial noop implementation
Compiles and mounts but does nothing useful.
2020-06-21 12:01:24 +02:00
Jakob Unterwurzacher 416080203b main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

2020-05-17 19:31:04 +02:00
Jakob Unterwurzacher ec74d1d2f4 Update go-fuse import path to
We need
to fix a crash reported in :

  2019/10/30 17:14:16 Unknown opcode 2016
  panic: runtime error: invalid memory address or nil pointer dereference
  [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]

This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.


  git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2

to check for forgotten references comes back clean.
2020-05-17 14:23:47 +02:00
Jakob Unterwurzacher ead7008a08 Fix spelling mistakes found by misspell
2020-05-10 00:25:49 +02:00
Jakob Unterwurzacher f2e8b776f8 main: add "go doc" package comment
Should show up on
which currently reads "No documentation available for this package!"
2020-05-09 19:18:53 +02:00
Jakob Unterwurzacher ff04b1d83a main: untangle `-masterkey` handling and config loading
This was handled both in getMasterKey(). Split it apart.
2020-05-09 16:53:12 +02:00
Jakob Unterwurzacher 7622c9f538 main: rename parseMasterKey() -> unhexMasterKey()
Make it clear that function does NOT parse the "-masterkey"
command line argument, it just unhexes the payload.
2020-05-09 16:10:22 +02:00
Jakob Unterwurzacher 210db84e20 speed: show gocryptfs version
Output now looks like this

  $ gocryptfs -speed
  gocryptfs v1.7.1-38-gbe3b9df-dirty; go-fuse v2.0.2-57-gd1cfa17; 2020-04-13 go1.13.6 linux/amd64
  AES-GCM-256-OpenSSL 	 607.90 MB/s
  AES-GCM-256-Go      	 920.75 MB/s	(selected in auto mode)
  AES-SIV-512-Go      	 169.85 MB/s
  XChaCha20-Poly1305-Go	 794.30 MB/s

and has go version and arch information, which is important
when comparing results.
2020-04-13 14:54:04 +02:00
Jakob Unterwurzacher ff210a06fb main: respect GOMAXPROCS environment variable
If the user sets GOMAXPROCS explicitely, we should
respect it.
2020-02-15 17:44:40 +01:00
Pavol Rusnak 1364b44ae3 remove Trezor support 2019-12-28 19:50:49 +01:00
Jakob Unterwurzacher 991adfc934 -passwd now takes a passed -scryptn flag into account
2019-05-13 23:01:44 +02:00
Jakob Unterwurzacher 2cb0e8a1ae gocryptfs -version: show architecture
Show the GOOS/GOARCH tuple as displayed by "go version".
2019-05-12 19:12:29 +02:00
Jakob Unterwurzacher fe06e9f456 readpassword: delete CheckTrailingGarbage
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)

Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.

It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
2019-04-08 20:18:45 +02:00
Jakob Unterwurzacher cf27037f20 Allow multiple -extpass arguments
To support arguments containing spaces, -extpass can now
be passed multiple times.
2019-03-03 13:25:30 +01:00
Sebastian Lackner 7e05e809b7 main: Run 'ensure fds' code early during the program startup.
The files are apparently processed in alphabetic order, so cli_args.go is
processed before main.go. In order to run before the go-fuse imports, put
the 'ensure fds' code in a separate package. Debug messages are omitted
to avoid additional imports (that might contain other code messing up our
file descriptors).
2019-01-05 16:12:16 +01:00
Jakob Unterwurzacher ad15ad9985 main: ensure fds 0,1,2 are always open
The Go stdlib, as well as the gocryptfs code, relies on the fact
that fds 0,1,2 are always open.

See for details.
2019-01-05 14:17:51 +01:00
Sebastian Lackner 3dd5a6c069 main: Remove a duplicate word in a comment. 2018-12-30 08:33:24 +01:00
Jakob Unterwurzacher 295d432175 passfile: directly read file instead of invoking cat
Allows better error handling, gets rid of the call to an
external program, and fixes .
2018-12-15 17:09:38 +01:00
Jakob Unterwurzacher ca24c20694 main: don't read the config file twice (fix pipe bug)
Instead, first Load() the file, then DecryptMasterKey().

2018-09-08 13:04:33 +02:00
Jakob Unterwurzacher 2bdf7d5172 configfile: add LoadAndDecrypt wrapper
Callers that do not want to decrypt the masterkey should
call plain Load().
2018-09-08 12:40:29 +02:00
Jakob Unterwurzacher bd054e70ef trezor: show support in version string
Show enable_trezor in the version string if we were compiled
with `-tags enable_trezor`. And hide the `-trezor` flag from
the help output if we were not.
2018-08-15 23:31:37 +02:00
Jakob Unterwurzacher ec2fdc19cf reverse mode: add --exclude option
2018-08-11 23:26:49 +02:00
Jakob Unterwurzacher 3f9a4bbcaa main: replace naked panic with log.Panic
Fix the check that failed to find the case as well.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher 1a5e9cfb1e trezor: reject password change on Trezor-enabled fs
This is not supported (yet? does it make sense?).
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher 9a15dfa494 trezor: add TrezorPayload
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher 91de77943f configfile: reduce function name stutter
configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
2018-07-01 20:56:22 +02:00
Jakob Unterwurzacher c6f6e8ec4d trezor: add skeleton for Trezor support
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
2018-07-01 20:56:04 +02:00
Julian Orth 10212d791a Set a default PATH if PATH is empty or unset
mount(1) unsets PATH before calling mount.fuse. Therefore it's not set
in gocrpytfs either and daemonization fails if gocryptfs was not
executed via an absolute path.

mount.fuse handles this by leaving the execution of the helper to
/bin/sh. /bin/sh handles an empty PATH by searching a few default

This patch sets the PATH to a sane default if it's empty or unset.
2018-06-07 22:57:57 +02:00
Jakob Unterwurzacher f28d85fad5 fsck: add initial implementation
Most corruption cases except xattr should be covered.
With test filesystem.

The output is still pretty ugly. xattr support will
be added in the next commits.
2018-04-02 16:38:18 +02:00
Jakob Unterwurzacher 8fcd39a3b0 main: add "-fsck" flag
The fsck operation is not yet implemented, this commits
just adds the flag and improves cli flag handling.
2018-04-01 14:25:10 +02:00
Jakob Unterwurzacher 85056def90 main: move and rename checkDir*() helper
To avoid confusion with fsck, rename to isDir*()
and move the functions into init_dir.go.
2018-04-01 12:31:44 +02:00
Jakob Unterwurzacher 5da5e467a6 main: pull regular exits into main function
The replaces the "does not return" comments with
an explicit os.Exit, which is unambigous.
2018-04-01 12:13:32 +02:00
Jakob Unterwurzacher 9bc039a4ba Add `-masterkey=stdin` functionality
2018-03-22 00:02:10 +01:00
Jakob Unterwurzacher adf7d75d31 main: changePassword: zero masterkey
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.

Also get rid of the password duplicate in
2018-02-18 15:36:14 +01:00
Jakob Unterwurzacher 2cf050d69e main: zero password once we are done with it
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
2018-02-18 15:22:22 +01:00
Jakob Unterwurzacher 3b8f5cbb17 readpassword: convert from string to []byte
This will allows us to overwrite the password
with zeros once we are done with it.
2018-02-18 14:26:54 +01:00
Jakob Unterwurzacher 14c063428d main: doMount: use a deferred function for wipeKeys
Also drop the unused int return.
2018-02-18 12:55:20 +01:00
Jakob Unterwurzacher bd78b44389 cryptocore, main: add two comments
While reading the code, I had to think about what it
does, so add a comment that explains it.
2018-02-18 12:41:11 +01:00
Felix Lechner bf2f9640c4 Fix spelling (#205) 2018-02-04 20:38:22 +01:00
Jakob Unterwurzacher 1b0426bcb2 main: print clear error message if CIPHERDIR is missing
Getting just the help text in response to

	gocryptfs -info -config external.config

is confusing:
2017-11-15 20:30:21 +01:00
Jakob Unterwurzacher 830cbb7218 build.bash: make reproduceable builds easier
* Reduce the build time precision from seconds to days
* Allow to specify an arbitrary build date through an
  env variable
2017-09-06 21:41:22 +02:00
Jakob Unterwurzacher 1f39ede4b4 main: save memory profile every 60 seconds
...and move all profiling functionality to its own file, as
the main function is already long enough.

Periodically saving the memory profile allows capturing the used
memory during normal operation, as opposed to on exit, where the
kernel has already issued FORGETs for all inodes.

This functionality has been used to create the memory profile shown
in .
2017-07-30 16:07:00 +02:00