Commit Graph

183 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
88bc0aa607 MANPAGE: scryptn: list how much memory is needed
Calculated acc. to https://words.filippo.io/the-scrypt-parameters/ ,
and add benchmarks to double-check the numbers. They match.
2023-01-08 22:17:14 +01:00
Gisi0
0b5b864a06 Update MANPAGE.md
added which package on linux is needed to use fido2 stick
2023-01-07 10:04:08 +01:00
a1346054
3c1ac3b06b MANPAGE.md: use correct indefinite article a->an 2023-01-01 22:06:29 +01:00
Jakob Unterwurzacher
ad2904f9ed MANPAGE: document that -scryptn also applies to -passwd
Closes https://github.com/rfjakob/gocryptfs/issues/646
2022-03-19 15:18:39 +01:00
Jakob Unterwurzacher
b636f79f89 MANPAGE: add missing -acl section
Looks like 86d8336b43
forgot to add the option to the manpage.
2022-01-22 16:19:33 +01:00
Jakob Unterwurzacher
a1f01419e2 tlog: respect NO_COLOR
Fixes https://github.com/rfjakob/gocryptfs/issues/617
2021-12-11 15:35:01 +01:00
Jakob Unterwurzacher
39e736c099 MANPAGE: fix typo 2021-12-04 12:37:12 +01:00
Jakob Unterwurzacher
8722b894a6 MANPAGE: -extpass: document dash duplication bug
Closes https://github.com/rfjakob/gocryptfs/issues/621
2021-12-04 12:34:29 +01:00
Jakob Unterwurzacher
d530fbd400 docs: names longer than 175 bytes (not 176) are stored in longnames
Quoting fusefrontend_reverse/node_helpers.go :

	// File names are padded to 16-byte multiples, encrypted and
	// base64-encoded. We can encode at most 176 bytes to stay below the 255
	// bytes limit:
	// * base64(176 bytes) = 235 bytes
	// * base64(192 bytes) = 256 bytes (over 255!)
	// But the PKCS#7 padding is at least one byte. This means we can only use
	// 175 bytes for the file name.

Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
2021-11-01 14:44:32 +01:00
Jakob Unterwurzacher
d14c9340d6 cli: add -longnamemax
Fixes https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21 15:58:19 +02:00
Jakob Unterwurzacher
a85e39f682 Update README & MANPAGE 2021-09-10 12:17:22 +02:00
Jakob Unterwurzacher
d023cd6c95 cli: drop -forcedecode flag
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-10 12:14:19 +02:00
a1346054
7c2255be90 *: trim trailing whitespace 2021-09-01 10:22:01 +02:00
a1346054
6cb03b54fe *: fix spelling 2021-09-01 10:22:01 +02:00
a1346054
c63f7e9f64 shell scripts: fix shellcheck warnings 2021-09-01 10:22:01 +02:00
Jakob Unterwurzacher
91d3b30c1c doc: file-format.md: describe XChaCha20-Poly1305
Different nonce size.
2021-08-26 08:43:41 +02:00
Jakob Unterwurzacher
61ef6b00a6 -devrandom: make flag a no-op
Commit f3c777d5ea added the `-devrandom` option:

    commit f3c777d5ea
    Author: @slackner
    Date:   Sun Nov 19 13:30:04 2017 +0100

    main: Add '-devrandom' commandline option

    Allows to use /dev/random for generating the master key instead of the
    default Go implementation. When the kernel random generator has been
    properly initialized both are considered equally secure, however:

    * Versions of Go prior to 1.9 just fall back to /dev/urandom if the
      getrandom() syscall would be blocking (Go Bug #19274)

    * Kernel versions prior to 3.17 do not support getrandom(), and there
      is no check if the random generator has been properly initialized
      before reading from /dev/urandom

    This is especially useful for embedded hardware with low-entroy. Please
    note that generation of the master key might block indefinitely if the
    kernel cannot harvest enough entropy.

We now require Go v1.13 and Kernel versions should have also moved on.
Make the flag a no-op.

https://github.com/rfjakob/gocryptfs/issues/596
2021-08-25 12:39:17 +02:00
Jakob Unterwurzacher
24bb28a517 MANPAGE: add -xchacha 2021-08-24 14:05:52 +02:00
Jakob Unterwurzacher
14bf80301b MANPAGE: move nosyslog to MOUNT OPTIONS section
It was in INIT OPTIONS by mistake.
2021-08-20 16:01:53 +02:00
Jakob Unterwurzacher
2a9dea2973 -deterministic-names: accept flag on -init
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-20 15:57:40 +02:00
Jose M Perez
8f94083a21 Flag -zerodiriv to create all diriv as all zero byte files 2021-08-19 18:05:54 +02:00
Jakob Unterwurzacher
dc52e32151 MANPAGE: add "exclude all but" example
Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 11:39:01 +02:00
Jakob Unterwurzacher
022c169c39 MANPAGE: -ew: make gitignore syntax more prominent
https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18 10:37:53 +02:00
Jakob Unterwurzacher
b2724070d9 reverse mode: implement -one-file-system
Fixes https://github.com/rfjakob/gocryptfs/issues/475
2021-08-16 19:23:58 +02:00
Jakob Unterwurzacher
fe616ddad5 doc: update performance.txt 2021-06-26 20:57:39 +02:00
Jakob Unterwurzacher
cdddd1d711 MANPAGE: describe -badname 2021-06-20 18:09:21 +02:00
Jakob Unterwurzacher
5ed1a90c7e doc: add benchmark for v2.0, reformat table 2021-06-05 14:46:49 +02:00
Jakob Unterwurzacher
5cb1e55714 Doc: update performance.txt 2021-04-07 07:21:20 +02:00
Jakob Unterwurzacher
dc8501f6b2 performance.txt: add dirfd caching results
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance
regression to this commit.
2021-04-03 14:09:10 +02:00
Jakob Unterwurzacher
6b492fdcb8 MANPAGE: add sub-headers to EXAMPLES
Makes linking to them easier.
2021-01-10 08:01:08 +01:00
Jakob Unterwurzacher
de108d3fc0 -idle: don't lazy-unmount
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.

We used to lazy-unmount in this case, but this means
pulling the rug from under the process.

For example, bash will start throwing

  cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory

messages.

Fixes https://github.com/rfjakob/gocryptfs/issues/533
2021-01-02 18:19:41 +01:00
gmd20
c20c7992a0 main: add "-kernel_cache" flag
This option is similar to fuse(8) kernel_cache

Verified using vmtouch.

Without -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011159 seconds
           Files: 1
     Directories: 0
  Resident Pages: 0/2560  0/10M  0%
         Elapsed: 0.000993 seconds

With -kernel_cache:

$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
           Files: 1
     Directories: 0
   Touched Pages: 2560 (10M)
         Elapsed: 0.011564 seconds
           Files: 1
     Directories: 0
  Resident Pages: 2560/2560  10M/10M  100%
         Elapsed: 0.000369 seconds
2020-12-20 09:55:04 +01:00
Jakob Unterwurzacher
14dac373c2 MANPAGE: add fstab example
https://github.com/rfjakob/gocryptfs/issues/497
2020-11-14 15:27:40 +01:00
Jakob Unterwurzacher
8470cc38df MANPAGE: add -info example output 2020-11-14 15:08:57 +01:00
Jakob Unterwurzacher
6bb42f79fd MANPAGE: split up OPTIONS into action flags, init, mount, common
Fixes https://github.com/rfjakob/gocryptfs/issues/517
2020-11-14 15:00:47 +01:00
Jakob Unterwurzacher
0b2562fdba MANPAGE: clarify -fg and syslog interaction
The flag -fg does NOT imply -nosyslog. Syslog redirection is
active when -notifypid is passed.
2020-11-14 14:29:04 +01:00
Jakob Unterwurzacher
4872a4a8aa performance.txt: add v2.0-beta1-9 results 2020-11-10 19:27:30 +01:00
Jakob Unterwurzacher
6697ffd6e2 fusefronted: reject GETXATTR "security.capability"
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.

Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-18 21:07:30 +02:00
Jakob Unterwurzacher
d656574d08 performance.txt: add gocryptfs v1.8.0 results 2020-10-16 20:03:59 +02:00
Jakob Unterwurzacher
f99050b78a Update performance.txt with gocryptfs v2.0-beta1 result
As expected, we are slow. Fd caching will be implemented later.
2020-10-16 19:13:32 +02:00
Pavol Rusnak
1e624a4cc3 Add support for FIDO2 tokens 2020-09-12 18:06:54 +02:00
Jakob Unterwurzacher
570e9baadf manpage: link to exitcodes.go 2020-09-06 11:38:13 +02:00
Jakob Unterwurzacher
416080203b main: accept multiple -passfile options
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.

Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17 19:31:04 +02:00
Jakob Unterwurzacher
5af7d3c699 gocryptfs-xray: document -encrypt-paths / -decrypt-paths 2020-05-10 00:14:03 +02:00
Jakob Unterwurzacher
d612ee5d91 Documentation: update performance.txt
Bisecting shows that the performance drop is caused by
this commit:

commit ca9e912a28 (refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date:   Sat Feb 29 19:58:08 2020 +0100

    fusefrontend: drop xattr user namespace restriction
2020-05-03 21:20:30 +02:00
Oscar
75f16771ff Update manpage examples 2020-04-07 22:04:40 +02:00
Jakob Unterwurzacher
97743858ce performance.txt: update result for governor = performance
Also add big signs where the cpu has changed, as the results
are not comparable when the cpu is different.

Also update encfs results.
2020-02-15 21:42:39 +01:00
Pavol Rusnak
1364b44ae3 remove Trezor support 2019-12-28 19:50:49 +01:00
Jakob Unterwurzacher
9178aa1534 MANPAGE: describe how to unmount, and that default options are fine
Feedback received during the recent Go user group. If you haven't
used FUSE before, you don't know how to unmount, and it was not
described in the man page!

As for the options, there are many, and new users are intimidated
by it. State clearly that defaults are fine.
2019-11-17 11:04:41 +01:00
Jakob Unterwurzacher
03fdfc4c90 Update performance.txt 2019-10-13 19:55:06 +02:00