Jakob Unterwurzacher
23cc0657f4
fusefronted: preserve owner if running as root
...
If allow_other is set and we run as root, try to give newly created files to
the right user.
2016-06-26 19:18:13 +02:00
Jakob Unterwurzacher
b558901e66
Drop deprecated "-gcmiv128" option
...
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.
Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
3d59a72ba9
Drop deprecated "-emenames" option
...
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7
Drop deprecated "-diriv" option
...
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
f0b4d2354d
Refuse mounting of v0.6 and older filesystems
2016-06-19 20:01:04 +02:00
Jakob Unterwurzacher
1dcafb99ff
main: drop "on-disk format" from -version output, add Go version
...
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.
Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
cc2a75b050
Mount v0.6 and older filesystems as read-only
...
This is part of the phase-out of very old filesystems.
See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
2016-06-16 23:23:09 +02:00
Jakob Unterwurzacher
82d87ff8ed
Add "-ro" (read-only) flag
...
From the man page:
**-ro**
: Mount the filesystem read-only
Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
6c3f97399a
Rename internal "toggledlog" package to "tlog"
...
tlog is used heavily everywhere and deserves a shorter name.
Renamed using sed magic, without any manual rework:
find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15 23:30:44 +02:00
Jakob Unterwurzacher
09e88f31d1
toggledlog: assume command of color handling
...
We want to use colored error messages also outside of main,
so let's handle it in the logging package.
The fatal logger now automatically prints red.
2016-06-15 23:17:51 +02:00
Jakob Unterwurzacher
c89455063c
readpassword: create internal package for password reading
...
* Supports stdin
* Add tests for extpass and stdin
As per user request at https://github.com/rfjakob/gocryptfs/issues/30
2016-06-15 22:44:24 +02:00
Jakob Unterwurzacher
393e531afd
Fix warnings reported by Go 1.6 "go tool vet -shadow=true"
...
Warnings were:
main.go:234: declaration of err shadows declaration at main.go:163:
internal/fusefrontend/file.go:401: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/file.go:419: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/fs_dir.go:140: declaration of err shadows declaration at internal/fusefrontend/fs_dir.go:97:
2016-06-14 22:46:23 +02:00
Jakob Unterwurzacher
0c80cca674
toggledlog: convert remaing naked fmt.Print*
...
Several fatal errors were just printed to stdout, which
meant they were invisible when running the test suite.
Fix this by introducing toggledlog.Fatal and convert as
follows:
Fatal errors -> toggledlog.Fatal
Warnings -> toggledlog.Warn
Password prompts -> fmt.Fprintf
2016-06-05 14:32:07 +02:00
Jakob Unterwurzacher
ca54b665e3
main: print actual error from LoadConfFile()
...
It may not have been a "Wrong password" after all.
Also, push down disabling the warning so LoadConfFile() can
warn about things that matter.
2016-06-05 13:44:22 +02:00
Jakob Unterwurzacher
b97268c948
configfile: bake the "Creator" gocryptfs version into the file
...
This field is added for the convenience of users and
may help them to identify which gocryptfs version
they need to mount a filesystem.
The same information is essentially contained in FeatureFlags,
but this is more difficult to decode for humans.
It is completely ignored programmatically (also by older gocryptfs
versions).
2016-06-05 11:40:13 +02:00
Jakob Unterwurzacher
281bb8daf0
main: don't tell the user to choose a password when -extpass is used
...
Instead, print this:
Using password provided via -extpass.
2016-06-04 15:24:42 +02:00
Jakob Unterwurzacher
2e2ee0a038
main: print relative path in the init success message
...
... but only if the relative path does not start with "..".
Makes the message easier to grasp. Example:
$ gocryptfs -init -scryptn=10 v0.9
[...]
The filesystem has been created successfully.
Before:
You can now mount it using: gocryptfs /home/jakob/src/github.com/rfjakob/gocryptfs/integration_tests/example_filesystems/v0.9 MOUNTPOINT
After:
You can now mount it using: gocryptfs v0.9 MOUNTPOINT
2016-06-04 15:04:57 +02:00
Jakob Unterwurzacher
80b027f830
nametransform, main: better error messages
2016-06-01 20:07:43 +02:00
Jakob Unterwurzacher
e7f78135b3
Add "-allow_other" command-line option
...
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
49b597f07c
prefer_openssl: autodetect whether to use OpenSSL or Go GCM
...
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.
The "-openssl" option now defaults to "auto".
"gocryptfs -debug -version" displays the result of the autodetection.
See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
36c1039228
build.bash: bake the go-fuse commit hash into the binaries
2016-04-10 23:16:09 +02:00
Jakob Unterwurzacher
bd5405189e
Fix "go tool vet -shadow=true" warnings
...
Among those one real bug.
2016-04-10 21:31:15 +02:00
Jakob Unterwurzacher
3a4922b5d7
Add tests for long name creation and renaming (currently failing, obviously)
2016-02-07 10:55:13 +01:00
Jakob Unterwurzacher
e111e20649
longnames part I: Create and OpenDir work with long filenames > 176 bytes
...
Todo: Rename, Unlink, Rmdir, Mknod, Mkdir
2016-02-06 22:54:14 +01:00
Jakob Unterwurzacher
c74772bc8d
Run go fmt
2016-02-06 20:23:36 +01:00
Jakob Unterwurzacher
9078a77850
Move pathfs_frontend to internal/fusefrontend
...
"git status" for reference:
renamed: pathfs_frontend/args.go -> internal/fusefrontend/args.go
renamed: pathfs_frontend/compat_darwin.go -> internal/fusefrontend/compat_darwin.go
renamed: pathfs_frontend/compat_linux.go -> internal/fusefrontend/compat_linux.go
renamed: pathfs_frontend/file.go -> internal/fusefrontend/file.go
renamed: pathfs_frontend/file_holes.go -> internal/fusefrontend/file_holes.go
renamed: pathfs_frontend/fs.go -> internal/fusefrontend/fs.go
renamed: pathfs_frontend/fs_dir.go -> internal/fusefrontend/fs_dir.go
renamed: pathfs_frontend/names.go -> internal/fusefrontend/names.go
renamed: pathfs_frontend/write_lock.go -> internal/fusefrontend/write_lock.go
modified: main.go
2016-02-06 19:27:59 +01:00
Jakob Unterwurzacher
2b8cbd9441
Major refactoring: Split up "cryptfs" into several internal packages
...
"git status" for reference:
deleted: cryptfs/cryptfs.go
deleted: cryptfs/names_core.go
modified: integration_tests/cli_test.go
modified: integration_tests/helpers.go
renamed: cryptfs/config_file.go -> internal/configfile/config_file.go
renamed: cryptfs/config_test.go -> internal/configfile/config_test.go
renamed: cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed: cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed: cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed: cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed: cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed: cryptfs/kdf.go -> internal/configfile/kdf.go
renamed: cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed: cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file: internal/contentenc/content_api.go
renamed: cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed: cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed: cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed: cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file: internal/cryptocore/crypto_api.go
renamed: cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed: cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed: cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed: cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed: cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed: cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file: internal/nametransform/name_api.go
new file: internal/nametransform/names_core.go
renamed: cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed: cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed: cryptfs/names_test.go -> internal/nametransform/names_test.go
new file: internal/nametransform/pad16.go
renamed: cryptfs/log.go -> internal/toggledlog/log.go
renamed: cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed: cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified: main.go
modified: masterkey.go
modified: pathfs_frontend/file.go
modified: pathfs_frontend/file_holes.go
modified: pathfs_frontend/fs.go
modified: pathfs_frontend/fs_dir.go
modified: pathfs_frontend/names.go
modified: test.bash
2016-02-06 19:22:35 +01:00
Jakob Unterwurzacher
6454db68d9
Add new "-wpanic" option and enable it for the automated tests
2016-01-31 18:09:39 +01:00
Jakob Unterwurzacher
9ecb489c66
Allow "-d" as an alis for "-debug", and "-quiet" as an alias for "-q"
2016-01-24 18:20:04 +01:00
Jakob Unterwurzacher
523e430685
Add "-nosyslog" options
...
Also, actually redirect Warn and Debug as well.
2016-01-24 18:10:18 +01:00
Jakob Unterwurzacher
1030522fe6
Suppress password prompt when using -extpass
...
Also, add color to the error messages.
2016-01-23 20:18:39 +01:00
Jakob Unterwurzacher
2e419e635f
Remove last SetOutput from generic code
2016-01-22 21:49:56 +01:00
Jakob Unterwurzacher
cec2da3e33
Add "-memprofile" option
2016-01-21 23:55:37 +01:00
Jakob Unterwurzacher
d163169655
Wrap Logger to make disabling output more efficient
...
Instead of using SetOutput(ioutil.Discard), which means
that Printf is still called for every debug message,
use a simple and fast boolean check.
Streaming write performance improves from 86 to 93 MB/s.
2016-01-21 22:59:11 +01:00
Jakob Unterwurzacher
9bab220a1b
Switch to syslog when running in the background
2016-01-20 22:31:15 +01:00
Jakob Unterwurzacher
17f0eb1339
Convert logging to standard Go log.Logger
...
This is in preparation of logging to syslog.
2016-01-20 20:57:00 +01:00
Jakob Unterwurzacher
1936de783f
Color for the "init success" message
2016-01-04 20:55:25 +01:00
Jakob Unterwurzacher
ad00ba38e5
Colorize output
2015-12-19 15:46:19 +01:00
Jakob Unterwurzacher
1caa925868
Increase GCM IV size from 96 to 128 bits
...
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
e99e841713
Rmdir: handle creating and removing unreadable directories
...
This patch also splits off Mkdir and Rmdir into its own file.
Fixes issue #8 , thanks to @diseq for the bug report.
2015-12-11 20:02:12 +01:00
Jakob Unterwurzacher
b4b9072cc2
Simplify CreateConfFile: do not allow specification of EMENames
2015-12-10 19:38:02 +01:00
Jakob Unterwurzacher
ccf6d00728
Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir
...
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.
Fixes issue #9 .
2015-12-10 01:12:05 +01:00
Jakob Unterwurzacher
c6dacd6f91
Add EME filename encryption & enable it by default
2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
71b94828ed
init: create gocryptfs.diriv after creating gocryptfs.conf
...
Creating the config file can fail easily, for example if the
password is not entered the same twice. This would leave an
orphaned gocryptfs.diriv behind.
2015-12-06 14:24:45 +01:00
Jakob Unterwurzacher
ce42a6f23d
Run go fmt
2015-11-29 21:55:20 +01:00
Jakob Unterwurzacher
6f764b3867
Handle all operations except mounting without forking a child
...
This saves 170ms for each start (why do we take 170ms to start up?)
and cuts down test time by 2 seconds.
2015-11-29 19:09:12 +01:00
Jakob Unterwurzacher
bb116282b7
Add "-scryptn" option that sets the cost parameter for scrypt
...
Use that option to speed up the automated tests by 7 seconds.
Before:
ok github.com/rfjakob/gocryptfs/integration_tests 26.667s
After:
ok github.com/rfjakob/gocryptfs/integration_tests 19.534s
2015-11-29 18:53:40 +01:00
Jakob Unterwurzacher
1fb349e97b
diriv: also support old CBC symlink
2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
fe7355f9ee
diriv: use "DirIV" flag to discern and support mounting old filesystems
2015-11-28 18:38:06 +01:00
Jakob Unterwurzacher
b3d96b6a20
main: pass args struct instead of having a huge function call
2015-11-27 22:30:38 +01:00
Jakob Unterwurzacher
a04a92cdab
Run go fmt
2015-11-27 22:20:01 +01:00
Jakob Unterwurzacher
6acd772cf9
diriv: Define "DirIV" feature flag
...
(unused so far)
2015-11-27 22:18:36 +01:00
Jakob Unterwurzacher
4d466c3412
diriv: Create gocryptfs.diriv in every directory
2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
df46548be6
Print newline after gocryptfs.conf not found error
2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
09499be6e9
Move "Debug output enabled" after forkChild() to remove duplicate output
2015-11-15 13:56:01 +01:00
Jakob Unterwurzacher
d95fc2333a
Add "-extpass" cli option and associated tests
2015-11-15 13:42:04 +01:00
Jakob Unterwurzacher
066c2c90eb
MANPAGE: add "-config" flag
...
Also, "-plaintextnames" can be used with -zerokey.
Fix the incorrect description.
2015-11-14 21:31:39 +01:00
Jakob Unterwurzacher
58592330dc
Refactor cli argument handling
...
Also, add the "-config" option for storing gocryptfs.conf
outside of CIPHERDIR.
2015-11-14 21:25:10 +01:00
Jakob Unterwurzacher
6736212b29
README: add beta badge and update text
...
Also, improve the help text.
2015-11-14 19:15:51 +01:00
Jakob Unterwurzacher
61aacb5c1b
Run go fmt and go vet
2015-11-14 17:16:17 +01:00
Jakob Unterwurzacher
e43733ca0d
Also hide master key reminder with "-q"
...
Also fix missing newline after password prompt
2015-11-09 23:33:35 +01:00
Jakob Unterwurzacher
51fcf61630
Use new arg "-notifypid" for more robust daemonization
...
No more string matching on the parent command line!
2015-11-09 23:33:35 +01:00
Jakob Unterwurzacher
273d8086ae
cli: Create our own FlagSet so we can set the policy to ExitOnError
2015-11-09 23:33:29 +01:00
Jakob Unterwurzacher
99dfc84992
Add "-q" (quiet) flag
2015-11-09 22:33:42 +01:00
Jakob Unterwurzacher
765411cc70
tests: check that the filename encryption is working as expected
...
Also check that the "gocryptfs.conf" path filtering is working
as expected
2015-11-03 22:27:11 +01:00
Jakob Unterwurzacher
3e367b29b0
config: Introduce ext4-style feature flags
...
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
2015-11-03 21:05:47 +01:00
Jakob Unterwurzacher
1ec0fa388d
Update USAGE.txt
...
Also run go fmt
2015-11-03 00:06:04 +01:00
Jakob Unterwurzacher
de56fe9e35
Implement PlainTextNames mode
...
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
0ec17c3939
Add "--plaintextnames" option
...
Also, gather all the command line arguments into an anonymous struct
"args".
2015-11-02 23:09:51 +01:00
Jakob Unterwurzacher
a324407082
Fix three "golint" nitpicks
2015-11-02 22:51:12 +01:00
Jakob Unterwurzacher
c272e3042f
Fix daemonization regression
...
Commit af923d2d16
broke daemonization.
Revert the change but get rid of the warning message when running
in the foreground.
2015-11-01 15:21:34 +01:00
Jakob Unterwurzacher
3f490d4d86
Bake version string into binary, add "--version" switch
...
Example:
./gocryptfs -version
gocryptfs v0.2-20-gabcef9e-dirty; on-disk format 1
Note that you MUST compile using "./build.bash" for this to work.
2015-11-01 14:04:29 +01:00
Jakob Unterwurzacher
af923d2d16
Automatically lazy-unmount when we get SIGINT or SIGTERM
...
This hides the dangling "Transport endpoint is not connected"
mountpoint for everyone but processes that have file open inside
the mountpoint.
2015-11-01 13:28:58 +01:00
Jakob Unterwurzacher
e31d319c39
Remove code detected by "deadcode"
...
go get github.com/remyoudompheng/go-misc/deadcode
2015-11-01 12:32:10 +01:00
Jakob Unterwurzacher
242fcd0736
Run gofmt
2015-10-11 18:51:56 +02:00
Jakob Unterwurzacher
d1d444435c
main: check directories for existence early
...
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
14115b061b
Add native daemonization
2015-10-11 18:02:48 +02:00
Jakob Unterwurzacher
39183bea00
Rename sendSig to sendUsr1
...
This matches waitForUsr1 in daemonize()
2015-10-11 18:01:47 +02:00
Jakob Unterwurzacher
5dc7e44aa2
Move main files to top level dir
...
This is in preparation of getting rid of the shell wrapper
2015-10-11 17:14:18 +02:00
Jakob Unterwurzacher
552c32c5e9
Move main binary to gocryptfs_main
...
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
089629442d
Enable ClientInodes so hard links work
...
Fixes xfstests generic/002
2015-10-04 14:50:27 +02:00
Jakob Unterwurzacher
89fef80d32
Run go fmt
2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
5bd08abf40
Remove ClueFS frontend
...
Development has focused on PathFS for some time now and things are
working well.
2015-10-04 14:35:50 +02:00
Jakob Unterwurzacher
7d666bd87d
Set Fileystem and Type values shown in "df -T" and friends
...
Filesystem is set to CIPHERDIR, Type is set to fuse.gocryptfs
2015-09-19 10:47:16 +02:00
Jakob Unterwurzacher
8fe5ec7381
Add --cpuprofile flag
2015-09-18 22:14:07 +02:00
Jakob Unterwurzacher
338925aef4
Set GOMAXPROCS = 4
...
Immediate speedup from 70MB/s to 80MB/s on streaming write.
Enables later parallelization.
2015-09-16 19:35:40 +02:00
Jakob Unterwurzacher
0af3cfcac0
Fix symlink size reporting
2015-09-16 19:32:37 +02:00
Jakob Unterwurzacher
3be2dfdf9d
Add "--zerokey" option to simplify testing and benchmarking
2015-09-15 23:59:57 +02:00
Jakob Unterwurzacher
69b3d53f21
init: Check if dir is empty part II (done)
2015-09-14 22:56:59 +02:00
Jakob Unterwurzacher
eee2c017dc
init: Check if dir is empty part I
2015-09-13 23:12:56 +02:00
Jakob Unterwurzacher
d941b67df4
Implement password handling
2015-09-13 23:06:38 +02:00
Jakob Unterwurzacher
6f9e90c414
Encrypt key with scrypt-hashed password
2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
164739b655
Friendlier error message if gocryptfs.conf does not exist
2015-09-13 18:08:15 +02:00
Jakob Unterwurzacher
4acaeb668e
Implement json config storage (not yet encrypted)
2015-09-13 17:55:07 +02:00
Jakob Unterwurzacher
e7ba3c61f1
Fix File.GettAttr() size reporting
...
The too-large reported value broke mmap
(applications saw appended zero bytes)
Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
Jakob Unterwurzacher
80935a0e1b
Explain both frontends in readme
...
Also, re-enable openssl and disable debug messages so testing
gocryptfs is less painful
2015-09-08 23:09:28 +02:00
Jakob Unterwurzacher
889ae90081
Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
...
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00
Jakob Unterwurzacher
af0ae03db2
Rename frontend to "cluefs_frontend"
...
Enables adding another frontend later
2015-09-07 21:10:42 +02:00
Jakob Unterwurzacher
f2e2b81361
Add README.md
...
Also, run go fmt
2015-09-06 12:12:14 +02:00
Jakob Unterwurzacher
5f4c9240ca
Add streaming read and write benchmarks
...
Run using
./main_benchmark.bash
Also, rewrite command line args handling
2015-09-06 11:42:01 +02:00
Jakob Unterwurzacher
58d1e24b7c
Add OpenSSL support for file content encryption/decryption
...
This brings streaming read performance from 30MB/s to 81MB/s
(similar improvement for writes)
2015-09-06 10:42:34 +02:00
Jakob Unterwurzacher
ad3a1a8899
Set readahead to 1MB
...
This bring streaming read performance from 12MB/s to 30MB/s
2015-09-06 09:47:27 +02:00
Jakob Unterwurzacher
05a5c0a0ff
Wrap cluefs part I
2015-09-05 11:49:05 +02:00
Jakob Unterwurzacher
6f90ec716a
Rebase to cluefs
...
https://github.com/airnandez/cluefs
2015-09-04 20:37:37 +02:00
Jakob Unterwurzacher
6a110b8dde
Mounts and show an empty dir
2015-09-03 23:54:12 +02:00
Jakob Unterwurzacher
4b98f74e3e
Builds and mounts
2015-09-03 19:27:07 +02:00