Commit Graph

1761 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
7c053e67f2 contrib: add gocryptfs-maybe.bash
Conditionally try to mount a gocryptfs filesystem. If either
 * CIPHERDIR does not exist OR
 * something is already mounted on MOUNTPOINT
 print a message to stdout (not stderr!) but exit with 0.

 This is meant to be called from automated mount systems like pam_mount,
 where you want to avoid error messages if the filesystem does not exist,
 or duplicate mounts if the filesystem has already been mounted.
2016-10-11 23:19:21 +02:00
Jakob Unterwurzacher
72efd3b6c3 main: suppress master key display if not running on a terminal
Mounting through fstab or pam_mount may get the output logged
into syslog. We don't want the master key to end up in syslog.
2016-10-11 09:13:51 +02:00
Jakob Unterwurzacher
c8e5dc9844 main: show "-o" in the help text
Binds it to a dummy variable so it appears in the help text.
2016-10-10 20:57:35 +02:00
Jakob Unterwurzacher
7b2049c769 main: accept "-o" at the front AND at the end
Moving "-o" to the end broke a third-party app, SiriKali.
Breaking your users is bad, so let's accept "-o" anywhere.
2016-10-10 19:44:34 +02:00
Jakob Unterwurzacher
828f718483 fusefrontend: Also preserve the owner in Mkdir
This already worked for files but was missing for dirs.
2016-10-10 08:53:29 +02:00
Jakob Unterwurzacher
40420cb4cd Update performance.txt for v1.1 release 2016-10-09 23:19:08 +02:00
Jakob Unterwurzacher
b2aae7d36c Travis CI: Also build without openssl
Also update Go versions
2016-10-09 23:18:37 +02:00
Jakob Unterwurzacher
15b6ab12b1 README: fix formatting error 2016-10-09 21:29:43 +02:00
Jakob Unterwurzacher
5ef27ee549 Drop contrib/pam_mount
The README text has been moved to
https://github.com/rfjakob/gocryptfs/wiki/Mounting-on-login-using-pam_mount
and the gocryptfs_pam_mount.bash is no longer needed since
commit 9cf3ced0ce .
2016-10-09 21:27:34 +02:00
Jakob Unterwurzacher
9f0793ab0f main: more useful error message on unknown flag 2016-10-09 20:55:33 +02:00
Jakob Unterwurzacher
b70d2ffd94 main: add tests for the "-o" parsing 2016-10-09 20:54:40 +02:00
Jakob Unterwurzacher
2298726bc6 Update README with -passfile, -o, -ko changes 2016-10-09 20:34:49 +02:00
Jakob Unterwurzacher
e1c5e71b09 main: add "-passfile" option
Make it easier to read the password from a file. Internally this
is equivalent to "-extpass /bin/cat FILE".
2016-10-09 20:08:10 +02:00
Jakob Unterwurzacher
03c8b13371 main: ignore options rw, nosuid, nodev.
When called from mount, we always get either "suid" or "nosuid".
As "nosuid" is the default, just ignore the options. Same for
the other options.
2016-10-09 20:06:23 +02:00
Jakob Unterwurzacher
9cf3ced0ce main: also accept options at the end via "-o"
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09 20:05:54 +02:00
Jakob Unterwurzacher
25a8802403 main: rename "-o" option to "-ko"
This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line.
2016-10-09 19:32:55 +02:00
Jakob Unterwurzacher
17df345103 main: init: handle spaces in mount suggestion message
Before:
	You can now mount it using: gocryptfs a x MOUNTPOINT

After:
	You can now mount it using: gocryptfs "a x" MOUNTPOINT

This is still not bulletproof but should handle the common
case of having a space in the directory name. After all,
it's only a suggestion.
2016-10-09 18:27:03 +02:00
Jakob Unterwurzacher
495479dc66 main: friendlier error message on wrong number of arguments
Before:
	Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT

After:
	Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
	Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-09 18:18:14 +02:00
Jakob Unterwurzacher
d3b78fea95 reverse: add panics against API abuse
These should help prevent later programming errors.
2016-10-09 17:05:12 +02:00
Jakob Unterwurzacher
f754c8a200 README: reverse mode is ticket #19, not #34 2016-10-09 01:24:01 +02:00
Jakob Unterwurzacher
9ab6c64a49 Update Changelog for v1.1-rc1 2016-10-09 00:59:00 +02:00
Jakob Unterwurzacher
a985096b50 contrib: pam_mount: check if something is already mounted on DST
pam_mount is supposed to check that as well, but it seems to get confused
by the "command#path" syntax used for FUSE. Let's do it here.
2016-10-09 00:32:49 +02:00
Jakob Unterwurzacher
e220b24c5a tests: add test for "mountpoint shadows cipherdir" logic 2016-10-09 00:03:39 +02:00
Jakob Unterwurzacher
dc4fdd8f44 main: fix shadow detection logic
This fired incorrectly:

	Mountpoint "/home/testuser" would shadow cipherdir "/home/testuser.cipher", this is not supported
2016-10-08 23:50:19 +02:00
Jakob Unterwurzacher
12f8ba85c2 LICENSE: add full name 2016-10-08 23:41:22 +02:00
Jakob Unterwurzacher
22f96bfce6 contrib: pam_mount: add instructions for whole-home-dir encryption 2016-10-08 22:30:19 +02:00
Jakob Unterwurzacher
610a242ec6 contrib: pam_mount: add documentation and wrapper
See ticket #34
2016-10-08 22:30:13 +02:00
Jakob Unterwurzacher
d25fcc6a4b reverse: gocryptfs.conf was missing from the directory listings
Fix the test for that and add checks in example_filesystems_test.
2016-10-08 22:25:08 +02:00
Jakob Unterwurzacher
8efef4b3d6 tests: unmount leftover filesystems before starting the tests
A panic during the tests can leave mounted filesystems behind.
2016-10-08 21:59:21 +02:00
Jakob Unterwurzacher
79e3e28671 tests: add v1.1-reverse-plaintextnames example filesystem 2016-10-08 21:49:21 +02:00
Jakob Unterwurzacher
eb51a1ed20 tests: add v1.1-reverse example filesystem 2016-10-08 21:45:11 +02:00
Jakob Unterwurzacher
3c2c3453ad tests: add v1.1-aessiv example filesystem
Also move the example content into "content".
2016-10-08 21:45:01 +02:00
Jakob Unterwurzacher
e47577834b reverse: merge config translation check into isTranslatedConfig
Also get rid of useless isFiltered function.
2016-10-08 21:14:16 +02:00
Jakob Unterwurzacher
f054353bd3 reverse: make gocryptfs.conf mapping plaintextnames-aware
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.

Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
dde4a66454 tests: pass "-nosyslog"
We want to see panics and warnings on the console
2016-10-08 19:36:26 +02:00
Jakob Unterwurzacher
8c89e2da0c tests: invert ResetTmpDir argument
As reverse also does not want a diriv file, the "plaintextNames"
argument became a misnomer.
2016-10-08 19:22:59 +02:00
Jakob Unterwurzacher
29c8ca85d8 tests: matrix: have the testcase struct as a global variable
Future tests will need more info about the running test case.
2016-10-08 19:18:56 +02:00
Jakob Unterwurzacher
084cd597ab tests: matrix: convert to table-based style
And add AES-SIV
2016-10-08 19:16:05 +02:00
Jakob Unterwurzacher
04cdc695f0 main: error out when the mount shadows the cipherdir
For example, we cannot mount "/home/user/.cipher" at "/home/user"
because the mount will hide ".cipher" also for us.

Doing it anyway used to cause a nasty hang.
2016-10-08 18:43:31 +02:00
Jakob Unterwurzacher
631c538f13 main: split doMount into its own file
Ongoing effort to reduce the size of main().
2016-10-08 18:43:24 +02:00
Jakob Unterwurzacher
89bcc50294 main: check if the config file can opened before prompting for password
This was frustrating:

$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
2016-10-08 17:19:55 +02:00
Jakob Unterwurzacher
9b1a35174b MANPAGE: note that "-f" implies "-nosyslog"
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
14fd5ce598 main: daemonize more thoroughly
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
2016-10-07 22:44:28 +02:00
Jakob Unterwurzacher
53257f4ee5 nametransform: better error code on invalid diriv length
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
2016-10-07 22:40:30 +02:00
Jakob Unterwurzacher
45dfc90a2f main: clarify nosyslog code path
Split the block up and add a comment why notifypid is important.
2016-10-07 00:05:46 +02:00
Jakob Unterwurzacher
434ce50db3 main: add "-nonempty" option 2016-10-06 22:41:13 +02:00
Jakob Unterwurzacher
ff48dc1aab reverse: initialize the longname cache only when reverse mode is used
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-05 22:22:28 +02:00
Jakob Unterwurzacher
a4956fa6bf A few more lint fixes 2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
31a8f8b839 tests: skip "go tool vet" if the command is not available
"vet" is not availably by default on Go 1.4.
2016-10-04 22:42:30 +02:00