Commit Graph

206 Commits

Author SHA1 Message Date
Jakob Unterwurzacher
23cc0657f4 fusefronted: preserve owner if running as root
If allow_other is set and we run as root, try to give newly created files to
the right user.
2016-06-26 19:18:13 +02:00
Jakob Unterwurzacher
b558901e66 Drop deprecated "-gcmiv128" option
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.

Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
3d59a72ba9 Drop deprecated "-emenames" option
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7 Drop deprecated "-diriv" option
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
f0b4d2354d Refuse mounting of v0.6 and older filesystems 2016-06-19 20:01:04 +02:00
Jakob Unterwurzacher
1dcafb99ff main: drop "on-disk format" from -version output, add Go version
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.

Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
2016-06-19 19:33:15 +02:00
Jakob Unterwurzacher
cc2a75b050 Mount v0.6 and older filesystems as read-only
This is part of the phase-out of very old filesystems.

See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
2016-06-16 23:23:09 +02:00
Jakob Unterwurzacher
82d87ff8ed Add "-ro" (read-only) flag
From the man page:

  **-ro**
  :      Mount the filesystem read-only

Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
6c3f97399a Rename internal "toggledlog" package to "tlog"
tlog is used heavily everywhere and deserves a shorter name.

Renamed using sed magic, without any manual rework:

   find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
2016-06-15 23:30:44 +02:00
Jakob Unterwurzacher
09e88f31d1 toggledlog: assume command of color handling
We want to use colored error messages also outside of main,
so let's handle it in the logging package.

The fatal logger now automatically prints red.
2016-06-15 23:17:51 +02:00
Jakob Unterwurzacher
c89455063c readpassword: create internal package for password reading
* Supports stdin
* Add tests for extpass and stdin

As per user request at https://github.com/rfjakob/gocryptfs/issues/30
2016-06-15 22:44:24 +02:00
Jakob Unterwurzacher
393e531afd Fix warnings reported by Go 1.6 "go tool vet -shadow=true"
Warnings were:

  main.go:234: declaration of err shadows declaration at main.go:163:
  internal/fusefrontend/file.go:401: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
  internal/fusefrontend/file.go:419: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
  internal/fusefrontend/fs_dir.go:140: declaration of err shadows declaration at internal/fusefrontend/fs_dir.go:97:
2016-06-14 22:46:23 +02:00
Jakob Unterwurzacher
0c80cca674 toggledlog: convert remaing naked fmt.Print*
Several fatal errors were just printed to stdout, which
meant they were invisible when running the test suite.

Fix this by introducing toggledlog.Fatal and convert as
follows:

Fatal errors     -> toggledlog.Fatal
Warnings         -> toggledlog.Warn
Password prompts -> fmt.Fprintf
2016-06-05 14:32:07 +02:00
Jakob Unterwurzacher
ca54b665e3 main: print actual error from LoadConfFile()
It may not have been a "Wrong password" after all.

Also, push down disabling the warning so LoadConfFile() can
warn about things that matter.
2016-06-05 13:44:22 +02:00
Jakob Unterwurzacher
b97268c948 configfile: bake the "Creator" gocryptfs version into the file
This field is added for the convenience of users and
may help them to identify which gocryptfs version
they need to mount a filesystem.

The same information is essentially contained in FeatureFlags,
but this is more difficult to decode for humans.

It is completely ignored programmatically (also by older gocryptfs
versions).
2016-06-05 11:40:13 +02:00
Jakob Unterwurzacher
281bb8daf0 main: don't tell the user to choose a password when -extpass is used
Instead, print this:

  Using password provided via -extpass.
2016-06-04 15:24:42 +02:00
Jakob Unterwurzacher
2e2ee0a038 main: print relative path in the init success message
... but only if the relative path does not start with "..".

Makes the message easier to grasp. Example:

  $ gocryptfs -init -scryptn=10 v0.9
  [...]
  The filesystem has been created successfully.

Before:
  You can now mount it using: gocryptfs /home/jakob/src/github.com/rfjakob/gocryptfs/integration_tests/example_filesystems/v0.9 MOUNTPOINT

After:
  You can now mount it using: gocryptfs v0.9 MOUNTPOINT
2016-06-04 15:04:57 +02:00
Jakob Unterwurzacher
80b027f830 nametransform, main: better error messages 2016-06-01 20:07:43 +02:00
Jakob Unterwurzacher
e7f78135b3 Add "-allow_other" command-line option
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
2016-05-18 19:30:05 +02:00
Jakob Unterwurzacher
49b597f07c prefer_openssl: autodetect whether to use OpenSSL or Go GCM
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.

The "-openssl" option now defaults to "auto".

"gocryptfs -debug -version" displays the result of the autodetection.

See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
2016-05-12 00:42:42 +02:00
Jakob Unterwurzacher
36c1039228 build.bash: bake the go-fuse commit hash into the binaries 2016-04-10 23:16:09 +02:00
Jakob Unterwurzacher
bd5405189e Fix "go tool vet -shadow=true" warnings
Among those one real bug.
2016-04-10 21:31:15 +02:00
Jakob Unterwurzacher
3a4922b5d7 Add tests for long name creation and renaming (currently failing, obviously) 2016-02-07 10:55:13 +01:00
Jakob Unterwurzacher
e111e20649 longnames part I: Create and OpenDir work with long filenames > 176 bytes
Todo: Rename, Unlink, Rmdir, Mknod, Mkdir
2016-02-06 22:54:14 +01:00
Jakob Unterwurzacher
c74772bc8d Run go fmt 2016-02-06 20:23:36 +01:00
Jakob Unterwurzacher
9078a77850 Move pathfs_frontend to internal/fusefrontend
"git status" for reference:

renamed:    pathfs_frontend/args.go -> internal/fusefrontend/args.go
renamed:    pathfs_frontend/compat_darwin.go -> internal/fusefrontend/compat_darwin.go
renamed:    pathfs_frontend/compat_linux.go -> internal/fusefrontend/compat_linux.go
renamed:    pathfs_frontend/file.go -> internal/fusefrontend/file.go
renamed:    pathfs_frontend/file_holes.go -> internal/fusefrontend/file_holes.go
renamed:    pathfs_frontend/fs.go -> internal/fusefrontend/fs.go
renamed:    pathfs_frontend/fs_dir.go -> internal/fusefrontend/fs_dir.go
renamed:    pathfs_frontend/names.go -> internal/fusefrontend/names.go
renamed:    pathfs_frontend/write_lock.go -> internal/fusefrontend/write_lock.go
modified:   main.go
2016-02-06 19:27:59 +01:00
Jakob Unterwurzacher
2b8cbd9441 Major refactoring: Split up "cryptfs" into several internal packages
"git status" for reference:

deleted:    cryptfs/cryptfs.go
deleted:    cryptfs/names_core.go
modified:   integration_tests/cli_test.go
modified:   integration_tests/helpers.go
renamed:    cryptfs/config_file.go -> internal/configfile/config_file.go
renamed:    cryptfs/config_test.go -> internal/configfile/config_test.go
renamed:    cryptfs/config_test/.gitignore -> internal/configfile/config_test/.gitignore
renamed:    cryptfs/config_test/PlaintextNames.conf -> internal/configfile/config_test/PlaintextNames.conf
renamed:    cryptfs/config_test/StrangeFeature.conf -> internal/configfile/config_test/StrangeFeature.conf
renamed:    cryptfs/config_test/v1.conf -> internal/configfile/config_test/v1.conf
renamed:    cryptfs/config_test/v2.conf -> internal/configfile/config_test/v2.conf
renamed:    cryptfs/kdf.go -> internal/configfile/kdf.go
renamed:    cryptfs/kdf_test.go -> internal/configfile/kdf_test.go
renamed:    cryptfs/cryptfs_content.go -> internal/contentenc/content.go
new file:   internal/contentenc/content_api.go
renamed:    cryptfs/content_test.go -> internal/contentenc/content_test.go
renamed:    cryptfs/file_header.go -> internal/contentenc/file_header.go
renamed:    cryptfs/intrablock.go -> internal/contentenc/intrablock.go
renamed:    cryptfs/address_translation.go -> internal/contentenc/offsets.go
new file:   internal/cryptocore/crypto_api.go
renamed:    cryptfs/gcm_go1.4.go -> internal/cryptocore/gcm_go1.4.go
renamed:    cryptfs/gcm_go1.5.go -> internal/cryptocore/gcm_go1.5.go
renamed:    cryptfs/nonce.go -> internal/cryptocore/nonce.go
renamed:    cryptfs/openssl_aead.go -> internal/cryptocore/openssl_aead.go
renamed:    cryptfs/openssl_benchmark.bash -> internal/cryptocore/openssl_benchmark.bash
renamed:    cryptfs/openssl_test.go -> internal/cryptocore/openssl_test.go
new file:   internal/nametransform/name_api.go
new file:   internal/nametransform/names_core.go
renamed:    cryptfs/names_diriv.go -> internal/nametransform/names_diriv.go
renamed:    cryptfs/names_noiv.go -> internal/nametransform/names_noiv.go
renamed:    cryptfs/names_test.go -> internal/nametransform/names_test.go
new file:   internal/nametransform/pad16.go
renamed:    cryptfs/log.go -> internal/toggledlog/log.go
renamed:    cryptfs/log_go1.4.go -> internal/toggledlog/log_go1.4.go
renamed:    cryptfs/log_go1.5.go -> internal/toggledlog/log_go1.5.go
modified:   main.go
modified:   masterkey.go
modified:   pathfs_frontend/file.go
modified:   pathfs_frontend/file_holes.go
modified:   pathfs_frontend/fs.go
modified:   pathfs_frontend/fs_dir.go
modified:   pathfs_frontend/names.go
modified:   test.bash
2016-02-06 19:22:35 +01:00
Jakob Unterwurzacher
6454db68d9 Add new "-wpanic" option and enable it for the automated tests 2016-01-31 18:09:39 +01:00
Jakob Unterwurzacher
9ecb489c66 Allow "-d" as an alis for "-debug", and "-quiet" as an alias for "-q" 2016-01-24 18:20:04 +01:00
Jakob Unterwurzacher
523e430685 Add "-nosyslog" options
Also, actually redirect Warn and Debug as well.
2016-01-24 18:10:18 +01:00
Jakob Unterwurzacher
1030522fe6 Suppress password prompt when using -extpass
Also, add color to the error messages.
2016-01-23 20:18:39 +01:00
Jakob Unterwurzacher
2e419e635f Remove last SetOutput from generic code 2016-01-22 21:49:56 +01:00
Jakob Unterwurzacher
cec2da3e33 Add "-memprofile" option 2016-01-21 23:55:37 +01:00
Jakob Unterwurzacher
d163169655 Wrap Logger to make disabling output more efficient
Instead of using SetOutput(ioutil.Discard), which means
that Printf is still called for every debug message,
use a simple and fast boolean check.

Streaming write performance improves from 86 to 93 MB/s.
2016-01-21 22:59:11 +01:00
Jakob Unterwurzacher
9bab220a1b Switch to syslog when running in the background 2016-01-20 22:31:15 +01:00
Jakob Unterwurzacher
17f0eb1339 Convert logging to standard Go log.Logger
This is in preparation of logging to syslog.
2016-01-20 20:57:00 +01:00
Jakob Unterwurzacher
1936de783f Color for the "init success" message 2016-01-04 20:55:25 +01:00
Jakob Unterwurzacher
ad00ba38e5 Colorize output 2015-12-19 15:46:19 +01:00
Jakob Unterwurzacher
1caa925868 Increase GCM IV size from 96 to 128 bits
This pushes back the birthday bound for collisions to make it virtually
irrelevant.
2015-12-19 15:02:29 +01:00
Jakob Unterwurzacher
e99e841713 Rmdir: handle creating and removing unreadable directories
This patch also splits off Mkdir and Rmdir into its own file.

Fixes issue #8, thanks to @diseq for the bug report.
2015-12-11 20:02:12 +01:00
Jakob Unterwurzacher
b4b9072cc2 Simplify CreateConfFile: do not allow specification of EMENames 2015-12-10 19:38:02 +01:00
Jakob Unterwurzacher
ccf6d00728 Add missing PlaintextNames checks in OpenDir, Mkdir, Rmdir, initDir
Plaintextnames support has bitrotted during the DirIV additions,
this needs test cases. Will be added in a future patch.

Fixes issue #9.
2015-12-10 01:12:05 +01:00
Jakob Unterwurzacher
c6dacd6f91 Add EME filename encryption & enable it by default 2015-12-08 16:17:04 +01:00
Jakob Unterwurzacher
71b94828ed init: create gocryptfs.diriv after creating gocryptfs.conf
Creating the config file can fail easily, for example if the
password is not entered the same twice. This would leave an
orphaned gocryptfs.diriv behind.
2015-12-06 14:24:45 +01:00
Jakob Unterwurzacher
ce42a6f23d Run go fmt 2015-11-29 21:55:20 +01:00
Jakob Unterwurzacher
6f764b3867 Handle all operations except mounting without forking a child
This saves 170ms for each start (why do we take 170ms to start up?)
and cuts down test time by 2 seconds.
2015-11-29 19:09:12 +01:00
Jakob Unterwurzacher
bb116282b7 Add "-scryptn" option that sets the cost parameter for scrypt
Use that option to speed up the automated tests by 7 seconds.

Before:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	26.667s
After:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	19.534s
2015-11-29 18:53:40 +01:00
Jakob Unterwurzacher
1fb349e97b diriv: also support old CBC symlink 2015-11-28 18:39:45 +01:00
Jakob Unterwurzacher
fe7355f9ee diriv: use "DirIV" flag to discern and support mounting old filesystems 2015-11-28 18:38:06 +01:00
Jakob Unterwurzacher
b3d96b6a20 main: pass args struct instead of having a huge function call 2015-11-27 22:30:38 +01:00
Jakob Unterwurzacher
a04a92cdab Run go fmt 2015-11-27 22:20:01 +01:00
Jakob Unterwurzacher
6acd772cf9 diriv: Define "DirIV" feature flag
(unused so far)
2015-11-27 22:18:36 +01:00
Jakob Unterwurzacher
4d466c3412 diriv: Create gocryptfs.diriv in every directory 2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
df46548be6 Print newline after gocryptfs.conf not found error 2015-11-25 20:57:16 +01:00
Jakob Unterwurzacher
09499be6e9 Move "Debug output enabled" after forkChild() to remove duplicate output 2015-11-15 13:56:01 +01:00
Jakob Unterwurzacher
d95fc2333a Add "-extpass" cli option and associated tests 2015-11-15 13:42:04 +01:00
Jakob Unterwurzacher
066c2c90eb MANPAGE: add "-config" flag
Also, "-plaintextnames" can be used with -zerokey.
Fix the incorrect description.
2015-11-14 21:31:39 +01:00
Jakob Unterwurzacher
58592330dc Refactor cli argument handling
Also, add the "-config" option for storing gocryptfs.conf
outside of CIPHERDIR.
2015-11-14 21:25:10 +01:00
Jakob Unterwurzacher
6736212b29 README: add beta badge and update text
Also, improve the help text.
2015-11-14 19:15:51 +01:00
Jakob Unterwurzacher
61aacb5c1b Run go fmt and go vet 2015-11-14 17:16:17 +01:00
Jakob Unterwurzacher
e43733ca0d Also hide master key reminder with "-q"
Also fix missing newline after password prompt
2015-11-09 23:33:35 +01:00
Jakob Unterwurzacher
51fcf61630 Use new arg "-notifypid" for more robust daemonization
No more string matching on the parent command line!
2015-11-09 23:33:35 +01:00
Jakob Unterwurzacher
273d8086ae cli: Create our own FlagSet so we can set the policy to ExitOnError 2015-11-09 23:33:29 +01:00
Jakob Unterwurzacher
99dfc84992 Add "-q" (quiet) flag 2015-11-09 22:33:42 +01:00
Jakob Unterwurzacher
765411cc70 tests: check that the filename encryption is working as expected
Also check that the "gocryptfs.conf" path filtering is working
as expected
2015-11-03 22:27:11 +01:00
Jakob Unterwurzacher
3e367b29b0 config: Introduce ext4-style feature flags
// List of feature flags this filesystem has enabled.
// If gocryptfs encounters a feature flag it does not support, it will refuse
// mounting. This mechanism is analogous to the ext4 feature flags that are
// stored in the superblock.
FeatureFlags []string
2015-11-03 21:05:47 +01:00
Jakob Unterwurzacher
1ec0fa388d Update USAGE.txt
Also run go fmt
2015-11-03 00:06:04 +01:00
Jakob Unterwurzacher
de56fe9e35 Implement PlainTextNames mode
Also, forbid access to "gocryptfs.conf" in the root dir.
2015-11-03 00:00:13 +01:00
Jakob Unterwurzacher
0ec17c3939 Add "--plaintextnames" option
Also, gather all the command line arguments into an anonymous struct
"args".
2015-11-02 23:09:51 +01:00
Jakob Unterwurzacher
a324407082 Fix three "golint" nitpicks 2015-11-02 22:51:12 +01:00
Jakob Unterwurzacher
c272e3042f Fix daemonization regression
Commit af923d2d16 broke daemonization.
Revert the change but get rid of the warning message when running
in the foreground.
2015-11-01 15:21:34 +01:00
Jakob Unterwurzacher
3f490d4d86 Bake version string into binary, add "--version" switch
Example:

	./gocryptfs -version
	gocryptfs v0.2-20-gabcef9e-dirty; on-disk format 1

Note that you MUST compile using "./build.bash" for this to work.
2015-11-01 14:04:29 +01:00
Jakob Unterwurzacher
af923d2d16 Automatically lazy-unmount when we get SIGINT or SIGTERM
This hides the dangling "Transport endpoint is not connected"
mountpoint for everyone but processes that have file open inside
the mountpoint.
2015-11-01 13:28:58 +01:00
Jakob Unterwurzacher
e31d319c39 Remove code detected by "deadcode"
go get github.com/remyoudompheng/go-misc/deadcode
2015-11-01 12:32:10 +01:00
Jakob Unterwurzacher
242fcd0736 Run gofmt 2015-10-11 18:51:56 +02:00
Jakob Unterwurzacher
d1d444435c main: check directories for existence early
This prevents that the user enters the password only to get an error
later.
2015-10-11 18:33:28 +02:00
Jakob Unterwurzacher
14115b061b Add native daemonization 2015-10-11 18:02:48 +02:00
Jakob Unterwurzacher
39183bea00 Rename sendSig to sendUsr1
This matches waitForUsr1 in daemonize()
2015-10-11 18:01:47 +02:00
Jakob Unterwurzacher
5dc7e44aa2 Move main files to top level dir
This is in preparation of getting rid of the shell wrapper
2015-10-11 17:14:18 +02:00
Jakob Unterwurzacher
552c32c5e9 Move main binary to gocryptfs_main
That way the wrapper shell script can be named just "gocryptfs"
2015-10-05 20:32:10 +02:00
Jakob Unterwurzacher
089629442d Enable ClientInodes so hard links work
Fixes xfstests generic/002
2015-10-04 14:50:27 +02:00
Jakob Unterwurzacher
89fef80d32 Run go fmt 2015-10-04 14:49:47 +02:00
Jakob Unterwurzacher
5bd08abf40 Remove ClueFS frontend
Development has focused on PathFS for some time now and things are
working well.
2015-10-04 14:35:50 +02:00
Jakob Unterwurzacher
7d666bd87d Set Fileystem and Type values shown in "df -T" and friends
Filesystem is set to CIPHERDIR, Type is set to fuse.gocryptfs
2015-09-19 10:47:16 +02:00
Jakob Unterwurzacher
8fe5ec7381 Add --cpuprofile flag 2015-09-18 22:14:07 +02:00
Jakob Unterwurzacher
338925aef4 Set GOMAXPROCS = 4
Immediate speedup from 70MB/s to 80MB/s on streaming write.
Enables later parallelization.
2015-09-16 19:35:40 +02:00
Jakob Unterwurzacher
0af3cfcac0 Fix symlink size reporting 2015-09-16 19:32:37 +02:00
Jakob Unterwurzacher
3be2dfdf9d Add "--zerokey" option to simplify testing and benchmarking 2015-09-15 23:59:57 +02:00
Jakob Unterwurzacher
69b3d53f21 init: Check if dir is empty part II (done) 2015-09-14 22:56:59 +02:00
Jakob Unterwurzacher
eee2c017dc init: Check if dir is empty part I 2015-09-13 23:12:56 +02:00
Jakob Unterwurzacher
d941b67df4 Implement password handling 2015-09-13 23:06:38 +02:00
Jakob Unterwurzacher
6f9e90c414 Encrypt key with scrypt-hashed password 2015-09-13 22:09:38 +02:00
Jakob Unterwurzacher
164739b655 Friendlier error message if gocryptfs.conf does not exist 2015-09-13 18:08:15 +02:00
Jakob Unterwurzacher
4acaeb668e Implement json config storage (not yet encrypted) 2015-09-13 17:55:07 +02:00
Jakob Unterwurzacher
e7ba3c61f1 Fix File.GettAttr() size reporting
The too-large reported value broke mmap
(applications saw appended zero bytes)

Also
* Add locking for all fd operations
* Add "--debug" command line switch
2015-09-09 19:32:59 +02:00
Jakob Unterwurzacher
80935a0e1b Explain both frontends in readme
Also, re-enable openssl and disable debug messages so testing
gocryptfs is less painful
2015-09-08 23:09:28 +02:00
Jakob Unterwurzacher
889ae90081 Add pathfs frontend (uses go-fuse instead of bazil-fuse), part I
Currently fails main_test.go, will be fixed in part II
2015-09-08 00:55:03 +02:00
Jakob Unterwurzacher
af0ae03db2 Rename frontend to "cluefs_frontend"
Enables adding another frontend later
2015-09-07 21:10:42 +02:00
Jakob Unterwurzacher
f2e2b81361 Add README.md
Also, run go fmt
2015-09-06 12:12:14 +02:00
Jakob Unterwurzacher
5f4c9240ca Add streaming read and write benchmarks
Run using

    ./main_benchmark.bash

Also, rewrite command line args handling
2015-09-06 11:42:01 +02:00
Jakob Unterwurzacher
58d1e24b7c Add OpenSSL support for file content encryption/decryption
This brings streaming read performance from 30MB/s to 81MB/s
(similar improvement for writes)
2015-09-06 10:42:34 +02:00
Jakob Unterwurzacher
ad3a1a8899 Set readahead to 1MB
This bring streaming read performance from 12MB/s to 30MB/s
2015-09-06 09:47:27 +02:00
Jakob Unterwurzacher
05a5c0a0ff Wrap cluefs part I 2015-09-05 11:49:05 +02:00
Jakob Unterwurzacher
6f90ec716a Rebase to cluefs
https://github.com/airnandez/cluefs
2015-09-04 20:37:37 +02:00
Jakob Unterwurzacher
6a110b8dde Mounts and show an empty dir 2015-09-03 23:54:12 +02:00
Jakob Unterwurzacher
4b98f74e3e Builds and mounts 2015-09-03 19:27:07 +02:00