Jakob Unterwurzacher
03c8b13371
main: ignore options rw, nosuid, nodev.
...
When called from mount, we always get either "suid" or "nosuid".
As "nosuid" is the default, just ignore the options. Same for
the other options.
2016-10-09 20:06:23 +02:00
Jakob Unterwurzacher
9cf3ced0ce
main: also accept options at the end via "-o"
...
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09 20:05:54 +02:00
Jakob Unterwurzacher
25a8802403
main: rename "-o" option to "-ko"
...
This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line.
2016-10-09 19:32:55 +02:00
Jakob Unterwurzacher
17df345103
main: init: handle spaces in mount suggestion message
...
Before:
You can now mount it using: gocryptfs a x MOUNTPOINT
After:
You can now mount it using: gocryptfs "a x" MOUNTPOINT
This is still not bulletproof but should handle the common
case of having a space in the directory name. After all,
it's only a suggestion.
2016-10-09 18:27:03 +02:00
Jakob Unterwurzacher
495479dc66
main: friendlier error message on wrong number of arguments
...
Before:
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
After:
Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-09 18:18:14 +02:00
Jakob Unterwurzacher
d3b78fea95
reverse: add panics against API abuse
...
These should help prevent later programming errors.
2016-10-09 17:05:12 +02:00
Jakob Unterwurzacher
f754c8a200
README: reverse mode is ticket #19 , not #34
2016-10-09 01:24:01 +02:00
Jakob Unterwurzacher
9ab6c64a49
Update Changelog for v1.1-rc1
2016-10-09 00:59:00 +02:00
Jakob Unterwurzacher
a985096b50
contrib: pam_mount: check if something is already mounted on DST
...
pam_mount is supposed to check that as well, but it seems to get confused
by the "command#path" syntax used for FUSE. Let's do it here.
2016-10-09 00:32:49 +02:00
Jakob Unterwurzacher
e220b24c5a
tests: add test for "mountpoint shadows cipherdir" logic
2016-10-09 00:03:39 +02:00
Jakob Unterwurzacher
dc4fdd8f44
main: fix shadow detection logic
...
This fired incorrectly:
Mountpoint "/home/testuser" would shadow cipherdir "/home/testuser.cipher", this is not supported
2016-10-08 23:50:19 +02:00
Jakob Unterwurzacher
12f8ba85c2
LICENSE: add full name
2016-10-08 23:41:22 +02:00
Jakob Unterwurzacher
22f96bfce6
contrib: pam_mount: add instructions for whole-home-dir encryption
2016-10-08 22:30:19 +02:00
Jakob Unterwurzacher
610a242ec6
contrib: pam_mount: add documentation and wrapper
...
See ticket #34
2016-10-08 22:30:13 +02:00
Jakob Unterwurzacher
d25fcc6a4b
reverse: gocryptfs.conf was missing from the directory listings
...
Fix the test for that and add checks in example_filesystems_test.
2016-10-08 22:25:08 +02:00
Jakob Unterwurzacher
8efef4b3d6
tests: unmount leftover filesystems before starting the tests
...
A panic during the tests can leave mounted filesystems behind.
2016-10-08 21:59:21 +02:00
Jakob Unterwurzacher
79e3e28671
tests: add v1.1-reverse-plaintextnames example filesystem
2016-10-08 21:49:21 +02:00
Jakob Unterwurzacher
eb51a1ed20
tests: add v1.1-reverse example filesystem
2016-10-08 21:45:11 +02:00
Jakob Unterwurzacher
3c2c3453ad
tests: add v1.1-aessiv example filesystem
...
Also move the example content into "content".
2016-10-08 21:45:01 +02:00
Jakob Unterwurzacher
e47577834b
reverse: merge config translation check into isTranslatedConfig
...
Also get rid of useless isFiltered function.
2016-10-08 21:14:16 +02:00
Jakob Unterwurzacher
f054353bd3
reverse: make gocryptfs.conf mapping plaintextnames-aware
...
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
dde4a66454
tests: pass "-nosyslog"
...
We want to see panics and warnings on the console
2016-10-08 19:36:26 +02:00
Jakob Unterwurzacher
8c89e2da0c
tests: invert ResetTmpDir argument
...
As reverse also does not want a diriv file, the "plaintextNames"
argument became a misnomer.
2016-10-08 19:22:59 +02:00
Jakob Unterwurzacher
29c8ca85d8
tests: matrix: have the testcase struct as a global variable
...
Future tests will need more info about the running test case.
2016-10-08 19:18:56 +02:00
Jakob Unterwurzacher
084cd597ab
tests: matrix: convert to table-based style
...
And add AES-SIV
2016-10-08 19:16:05 +02:00
Jakob Unterwurzacher
04cdc695f0
main: error out when the mount shadows the cipherdir
...
For example, we cannot mount "/home/user/.cipher" at "/home/user"
because the mount will hide ".cipher" also for us.
Doing it anyway used to cause a nasty hang.
2016-10-08 18:43:31 +02:00
Jakob Unterwurzacher
631c538f13
main: split doMount into its own file
...
Ongoing effort to reduce the size of main().
2016-10-08 18:43:24 +02:00
Jakob Unterwurzacher
89bcc50294
main: check if the config file can opened before prompting for password
...
This was frustrating:
$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
2016-10-08 17:19:55 +02:00
Jakob Unterwurzacher
9b1a35174b
MANPAGE: note that "-f" implies "-nosyslog"
...
Also explain why AES-SIV exists.
2016-10-07 23:02:04 +02:00
Jakob Unterwurzacher
14fd5ce598
main: daemonize more thoroughly
...
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
2016-10-07 22:44:28 +02:00
Jakob Unterwurzacher
53257f4ee5
nametransform: better error code on invalid diriv length
...
go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case.
2016-10-07 22:40:30 +02:00
Jakob Unterwurzacher
45dfc90a2f
main: clarify nosyslog code path
...
Split the block up and add a comment why notifypid is important.
2016-10-07 00:05:46 +02:00
Jakob Unterwurzacher
434ce50db3
main: add "-nonempty" option
2016-10-06 22:41:13 +02:00
Jakob Unterwurzacher
ff48dc1aab
reverse: initialize the longname cache only when reverse mode is used
...
Gets rid of the idling longnameCacheCleaner thread in "normal" mode.
2016-10-05 22:22:28 +02:00
Jakob Unterwurzacher
a4956fa6bf
A few more lint fixes
2016-10-04 23:30:05 +02:00
Valient Gough
b764917cd5
lint fixes
2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
31a8f8b839
tests: skip "go tool vet" if the command is not available
...
"vet" is not availably by default on Go 1.4.
2016-10-04 22:42:30 +02:00
Jakob Unterwurzacher
49c73f84f5
tests: drop Go 1.3.3 from Travis testing
...
Does not support testing.M, which means we cannot run the
test suite, which means we cannot claim to support it at
all.
2016-10-04 22:34:13 +02:00
Jakob Unterwurzacher
db5782028a
tests: skip tests with -openssl=false on Go 1.4 and lower
...
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
2016-10-04 22:34:12 +02:00
Jakob Unterwurzacher
b80d01056f
tests: enable FUSE tests on Travis CI
2016-10-04 22:34:07 +02:00
Jakob Unterwurzacher
67a959eebf
tests: symlink to "/" instead of "/etc/motd"
...
This file does not exist on all systems, causing spurious
test failures.
See #40 , #43
2016-10-04 22:01:47 +02:00
Jakob Unterwurzacher
95db38912b
tests: fallocate: skip some disk usage checks on btrfs
...
The expected allocated sizes are verified for tmpfs and ext4.
btrfs gives different results, but that's not an error.
Also, simplify test_helpers.Du and several code paths.
Fixes #43 .
2016-10-04 21:57:13 +02:00
Romain
db72a4489d
fusefrontend_reverse cast Stat_t.Dev to uint64 ( #44 )
...
The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t ) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go ) it's an `int32`.
2016-10-04 15:03:47 +02:00
Jakob Unterwurzacher
b068ffbff9
maxlen.bash: result was 1 too high
...
Additionally, output 0 instead of 7 on permission errors.
2016-10-04 10:26:22 +02:00
Jakob Unterwurzacher
56c0b19612
without_openssl: support compiling completely without openssl
...
Build helper script: build-without-openssl.bash
2016-10-04 09:51:14 +02:00
Jakob Unterwurzacher
a00402cc47
cryptocore: rename "gcm" variable to generic "aeadCipher"
...
As we now also support AES-SIV the old name is no longer
correct.
2016-10-04 00:17:09 +02:00
Jakob Unterwurzacher
bb52937834
cryptocore: derive 512-bit key for AES-SIV
...
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
2016-10-04 00:16:56 +02:00
Jakob Unterwurzacher
46018785b4
siv_aead: Overhead is always 16
...
Add a test for that.
Also test operations using a 64-byte key.
2016-10-03 23:58:19 +02:00
Jakob Unterwurzacher
b7be386e46
xray: print block offsets
2016-09-29 22:13:26 +02:00
Jakob Unterwurzacher
a2510efe12
reverse: use per-purpose nonce generation
...
Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
2016-09-29 21:56:49 +02:00