Compare commits
20 Commits
a55b3cc15a
...
b370325ccf
Author | SHA1 | Date |
---|---|---|
Jakob Unterwurzacher | b370325ccf | |
Jakob Unterwurzacher | d74cf7c723 | |
Jakob Unterwurzacher | 77a0410e2e | |
rfjakob | 403f59b1c0 | |
Jakob Unterwurzacher | 8f3ec5dcaa | |
Jakob Unterwurzacher | 85297cda97 | |
Jakob Unterwurzacher | e9a5b8962b | |
Evgeny | 6dc8c26100 | |
Jakob Unterwurzacher | 88bc0aa607 | |
Gisi0 | 0b5b864a06 | |
a1346054 | 3c1ac3b06b | |
Jakob Unterwurzacher | c4b95cf35a | |
Jakob Unterwurzacher | b2a5cec4dd | |
Jakob Unterwurzacher | 856ccaac10 | |
Jakob Unterwurzacher | 99cdaa0b69 | |
Daniel Theophanes | 439dea1b19 | |
Jakob Unterwurzacher | ff32e99791 | |
Christian Stewart | 7ee4c8e9c3 | |
Val | 0ec7ffbfe9 | |
Jakob Unterwurzacher | f8bd172289 |
|
@ -13,16 +13,16 @@ jobs:
|
||||||
go:
|
go:
|
||||||
- "1.13.x" # Ubuntu 20.04 LTS "focal"
|
- "1.13.x" # Ubuntu 20.04 LTS "focal"
|
||||||
- "1.15.x" # Debian 11 "Bullseye"
|
- "1.15.x" # Debian 11 "Bullseye"
|
||||||
- "1.17.x" # Golang upstream stable
|
- "1.18.x" # Ubuntu 22.04 LTS "jammy"
|
||||||
- "1.18.x" # Golang upstream stable
|
- "oldstable" # 2nd-latest Golang upstream stable
|
||||||
- "1.19.x" # Golang upstream stable
|
- "stable" # Latest Go upstream stable
|
||||||
# Don't cancel everything when one Go version fails
|
# Don't cancel everything when one Go version fails
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- name: Install Go ${{ matrix.go }}
|
- name: Install Go ${{ matrix.go }}
|
||||||
uses: actions/setup-go@v2
|
uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: ${{ matrix.go }}
|
go-version: ${{ matrix.go }}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ jobs:
|
||||||
# https://github.com/actions/runner/issues/1188
|
# https://github.com/actions/runner/issues/1188
|
||||||
- run: ls -l /proc/self/fd
|
- run: ls -l /proc/self/fd
|
||||||
|
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0 # Make "git describe" work
|
fetch-depth: 0 # Make "git describe" work
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ jobs:
|
||||||
|
|
||||||
# Build & upload static binary
|
# Build & upload static binary
|
||||||
- run: ./build-without-openssl.bash
|
- run: ./build-without-openssl.bash
|
||||||
- uses: actions/upload-artifact@v2
|
- uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: gocryptfs static binary (Go ${{ matrix.go }})
|
name: gocryptfs static binary (Go ${{ matrix.go }})
|
||||||
path: gocryptfs
|
path: gocryptfs
|
||||||
|
|
|
@ -305,8 +305,10 @@ runs as root, you can enable device files by passing the opposite mount option,
|
||||||
"dev", and if you want to enable suid-binaries, pass "suid".
|
"dev", and if you want to enable suid-binaries, pass "suid".
|
||||||
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
|
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
|
||||||
interesting. For a complete list see the section
|
interesting. For a complete list see the section
|
||||||
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local",
|
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local" enables volume-based trash
|
||||||
"noapplexattr", "noappledouble" may be interesting.
|
if you have `.Trashes` folder in the root of your volume (might need to be manually created)
|
||||||
|
note, though, that "local" is marked as "experimental" in [osxfuse](https://github.com/osxfuse/osxfuse/wiki/Mount-options#local);
|
||||||
|
"noapplexattr", "noappledouble" may also be interesting.
|
||||||
|
|
||||||
Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
|
Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
|
||||||
the directories. Example:
|
the directories. Example:
|
||||||
|
@ -478,11 +480,12 @@ for details.
|
||||||
#### -fido2 DEVICE_PATH
|
#### -fido2 DEVICE_PATH
|
||||||
Use a FIDO2 token to initialize and unlock the filesystem.
|
Use a FIDO2 token to initialize and unlock the filesystem.
|
||||||
Use "fido2-token -L" to obtain the FIDO2 token device path.
|
Use "fido2-token -L" to obtain the FIDO2 token device path.
|
||||||
|
For linux, "fido2-tools" package is needed.
|
||||||
|
|
||||||
Applies to: all actions that ask for a password.
|
Applies to: all actions that ask for a password.
|
||||||
|
|
||||||
#### -masterkey string
|
#### -masterkey string
|
||||||
Use a explicit master key specified on the command line or, if the special
|
Use an explicit master key specified on the command line or, if the special
|
||||||
value "stdin" is used, read the masterkey from stdin, instead of reading
|
value "stdin" is used, read the masterkey from stdin, instead of reading
|
||||||
the config file and asking for the decryption password.
|
the config file and asking for the decryption password.
|
||||||
|
|
||||||
|
@ -562,15 +565,44 @@ Quiet - silence informational messages.
|
||||||
Applies to: all actions.
|
Applies to: all actions.
|
||||||
|
|
||||||
#### -scryptn int
|
#### -scryptn int
|
||||||
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
|
gocryptfs uses *scrypt* for hashing the password when mounting,
|
||||||
10 to 28, representing N=2^10 to N=2^28.
|
which protects from brute-force attacks.
|
||||||
|
|
||||||
|
`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
|
||||||
|
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.
|
||||||
|
|
||||||
Setting this to a lower
|
Setting this to a lower
|
||||||
value speeds up mounting and reduces its memory needs, but makes
|
value speeds up mounting and reduces its memory needs, but makes
|
||||||
the password susceptible to brute-force attacks. The default is 16.
|
the password susceptible to brute-force attacks. The default is 16.
|
||||||
|
|
||||||
|
The memory usage for *scrypt* during mounting is as follows:
|
||||||
|
|
||||||
|
scryptn Memory Usage
|
||||||
|
======= ============
|
||||||
|
10 1 MiB
|
||||||
|
11 2
|
||||||
|
12 4
|
||||||
|
13 8
|
||||||
|
14 16
|
||||||
|
15 32
|
||||||
|
16 64
|
||||||
|
17 128
|
||||||
|
18 256
|
||||||
|
19 512
|
||||||
|
20 1 GiB
|
||||||
|
21 2
|
||||||
|
22 4
|
||||||
|
23 8
|
||||||
|
24 16
|
||||||
|
25 32
|
||||||
|
26 64
|
||||||
|
27 128
|
||||||
|
28 256
|
||||||
|
|
||||||
Applies to: `-init`, `-passwd`
|
Applies to: `-init`, `-passwd`
|
||||||
|
|
||||||
|
See also: the benchmarks in the gocryptfs source code in internal/configfile.
|
||||||
|
|
||||||
#### -trace string
|
#### -trace string
|
||||||
Write execution trace to file. View the trace using "go tool trace FILE".
|
Write execution trace to file. View the trace using "go tool trace FILE".
|
||||||
|
|
||||||
|
|
22
README.md
22
README.md
|
@ -62,7 +62,6 @@ distribution must be installed for mounting to work.
|
||||||
gocryptfs is also available as a package in most distributions. Examples:
|
gocryptfs is also available as a package in most distributions. Examples:
|
||||||
|
|
||||||
* Debian, Ubuntu: `apt install gocryptfs`
|
* Debian, Ubuntu: `apt install gocryptfs`
|
||||||
* Fedora: `dnf install gocryptfs`
|
|
||||||
* Arch: `pacman -S gocryptfs`
|
* Arch: `pacman -S gocryptfs`
|
||||||
* MacPorts: `port install gocryptfs`
|
* MacPorts: `port install gocryptfs`
|
||||||
|
|
||||||
|
@ -196,6 +195,25 @@ RM: 2,367
|
||||||
Changelog
|
Changelog
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
#### v2.3.1, 2023-03-04
|
||||||
|
* Optimize NFS streaming write performance ([#712](https://github.com/rfjakob/gocryptfs/issues/712),
|
||||||
|
[commit](https://github.com/rfjakob/gocryptfs/commit/8f3ec5dcaa6eb18d11746675190a7aaceb422764)).
|
||||||
|
You should see about a 4x performance increase.
|
||||||
|
* Use `debug.ReadBuildInfo()` to provide some
|
||||||
|
version information even when not built with `build.bash` ([#701](https://github.com/rfjakob/gocryptfs/pull/701)) .
|
||||||
|
* Fix bug that caused the `logger` process to be killed when started from `xfce4-terminal`,
|
||||||
|
and that terminal window was closed ([#660](https://github.com/rfjakob/gocryptfs/issues/660),
|
||||||
|
[commit](https://github.com/rfjakob/gocryptfs/commit/ff32e9979130e6237b0d97ef88304fa79ce61b06)).
|
||||||
|
* MacOS: Fix reverse mount failing with `read-only file system` ([#690](https://github.com/rfjakob/gocryptfs/pull/690))
|
||||||
|
* Make gocryptfs compile on riscv64 by switching from [jacobsa/crypto](https://github.com/jacobsa/crypto)
|
||||||
|
to maintained fork [aperturerobotics/jacobsa-crypto](https://github.com/aperturerobotics/jacobsa-crypto)
|
||||||
|
([#674](https://github.com/rfjakob/gocryptfs/pull/674))
|
||||||
|
|
||||||
|
#### v2.3.0, 2022-10-21
|
||||||
|
* Identical to v2.3, just tagged once more in full semver x.y.z format. This make Go's fetching logic happy,
|
||||||
|
which ignores v2.3 (without the third digit) completely.
|
||||||
|
Fixes [#694](https://github.com/rfjakob/gocryptfs/issues/694), [#688](https://github.com/rfjakob/gocryptfs/issues/688).
|
||||||
|
|
||||||
#### v2.3, 2022-08-28
|
#### v2.3, 2022-08-28
|
||||||
* Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)).
|
* Add **`-longnamemax`** flag to `-init` ([#499](https://github.com/rfjakob/gocryptfs/issues/499)).
|
||||||
Can be used to work around file or path length restrictions on online storage.
|
Can be used to work around file or path length restrictions on online storage.
|
||||||
|
@ -580,7 +598,7 @@ Changelog
|
||||||
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
|
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
|
||||||
* AES-SIV (RFC5297) encryption to implement deterministic encryption
|
* AES-SIV (RFC5297) encryption to implement deterministic encryption
|
||||||
securely. Uses the excellent
|
securely. Uses the excellent
|
||||||
[jacobsa/crypto](https://github.com/jacobsa/crypto) library.
|
[jacobsa/crypto](https://github.com/aperturerobotics/jacobsa-crypto) library.
|
||||||
The corresponding feature flag is called `AESSIV`.
|
The corresponding feature flag is called `AESSIV`.
|
||||||
* New command-line options: `-reverse`, `-aessiv`
|
* New command-line options: `-reverse`, `-aessiv`
|
||||||
* Filesystems using reverse mode can only be mounted with gocryptfs v1.1
|
* Filesystems using reverse mode can only be mounted with gocryptfs v1.1
|
||||||
|
|
11
go.mod
11
go.mod
|
@ -3,18 +3,13 @@ module github.com/rfjakob/gocryptfs/v2
|
||||||
go 1.16
|
go 1.16
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914
|
github.com/aperturerobotics/jacobsa-crypto v1.0.0
|
||||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115
|
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde
|
||||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd // indirect
|
|
||||||
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff // indirect
|
|
||||||
github.com/jacobsa/ogletest v0.0.0-20170503003838-80d50a735a11 // indirect
|
|
||||||
github.com/jacobsa/reqtrace v0.0.0-20150505043853-245c9e0234cb // indirect
|
|
||||||
github.com/pkg/xattr v0.4.3
|
github.com/pkg/xattr v0.4.3
|
||||||
github.com/rfjakob/eme v1.1.2
|
github.com/rfjakob/eme v1.1.2
|
||||||
github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
|
github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
|
||||||
github.com/spf13/pflag v1.0.5
|
github.com/spf13/pflag v1.0.5
|
||||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
|
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
|
||||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d // indirect
|
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
|
||||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2
|
|
||||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
|
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
|
||||||
)
|
)
|
||||||
|
|
21
go.sum
21
go.sum
|
@ -1,9 +1,10 @@
|
||||||
|
github.com/aperturerobotics/jacobsa-crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:XKd7k7LIBmeR/WGENaSpUSjQbWBVKZFhMT7+zKM5KVU=
|
||||||
|
github.com/aperturerobotics/jacobsa-crypto v1.0.0 h1:ARfIuzgovK+5leAKbFHcicKEgMzD94tb/FTiWSHdGLU=
|
||||||
|
github.com/aperturerobotics/jacobsa-crypto v1.0.0/go.mod h1:xq0oOkHSPQ1E5ByqbwLhCJ1mygYHtXTMQnvHD4tz4Cc=
|
||||||
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914 h1:hGXMxS1wTE4y+f7iBqFArrJ6X8QozHnEdnVzGZI9Ywc=
|
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde h1:fgTauqHA48CDt+qVQR+PJXqiI9bpYQglMIIi+h/mMts=
|
||||||
github.com/hanwen/go-fuse/v2 v2.1.1-0.20211219085202-934a183ed914/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
|
github.com/hanwen/go-fuse/v2 v2.1.1-0.20221117175120-915cf5413cde/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc=
|
||||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115 h1:YuDUUFNM21CAbyPOpOP8BicaTD/0klJEKt5p8yuw+uY=
|
|
||||||
github.com/jacobsa/crypto v0.0.0-20190317225127-9f44e2d11115/go.mod h1:LadVJg0XuawGk+8L1rYnIED8451UyNxEMdTWCEt5kmU=
|
|
||||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
|
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA=
|
||||||
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
|
github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd/go.mod h1:TlmyIZDpGmwRoTWiakdr+HA1Tukze6C6XbRVidYq02M=
|
||||||
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
|
github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw=
|
||||||
|
@ -30,21 +31,21 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
||||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
|
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
|
||||||
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d h1:LO7XpTYMwTqxjLcGWPijK3vRXg1aWdlNOVOHRq45d7c=
|
golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
|
||||||
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
|
||||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 h1:c8PlLMqBbOHoqtjteWm5/kbe6rNY2pbRfbIMVnepueo=
|
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
|
||||||
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
|
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
|
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 h1:Q5284mrmYTpACcm+eAKjKJH48BBwSyfJqmmGDTtT8Vc=
|
||||||
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
|
||||||
|
|
|
@ -1,60 +1,45 @@
|
||||||
package configfile
|
package configfile
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Results on a 2.7GHz Pentium G630:
|
$ time go test -bench . -run none
|
||||||
|
goos: linux
|
||||||
gocryptfs/cryptfs$ go test -bench=.
|
goarch: amd64
|
||||||
|
pkg: github.com/rfjakob/gocryptfs/v2/internal/configfile
|
||||||
|
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
|
||||||
|
BenchmarkScryptN/10-4 339 3488649 ns/op 1053167 B/op 22 allocs/op ... 3ms+1MiB
|
||||||
|
BenchmarkScryptN/11-4 175 6816072 ns/op 2101742 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/12-4 87 13659346 ns/op 4198898 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/13-4 43 27443071 ns/op 8393209 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/14-4 21 56931664 ns/op 16781820 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/15-4 10 108494502 ns/op 33559027 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/16-4 5 217347137 ns/op 67113465 B/op 22 allocs/op ... 217ms+67MiB
|
||||||
|
BenchmarkScryptN/17-4 3 449680138 ns/op 134222362 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/18-4 2 867481653 ns/op 268440064 B/op 22 allocs/op
|
||||||
|
BenchmarkScryptN/19-4 1 1738085333 ns/op 536875536 B/op 23 allocs/op
|
||||||
|
BenchmarkScryptN/20-4 1 3508224867 ns/op 1073746448 B/op 23 allocs/op
|
||||||
|
BenchmarkScryptN/21-4 1 9536561994 ns/op 2147488272 B/op 23 allocs/op
|
||||||
|
BenchmarkScryptN/22-4 1 16937072495 ns/op 4294971920 B/op 23 allocs/op
|
||||||
PASS
|
PASS
|
||||||
BenchmarkScrypt10-2 300 6021435 ns/op ... 6ms
|
ok github.com/rfjakob/gocryptfs/v2/internal/configfile 47.545s
|
||||||
BenchmarkScrypt11-2 100 11861460 ns/op
|
|
||||||
BenchmarkScrypt12-2 100 23420822 ns/op
|
|
||||||
BenchmarkScrypt13-2 30 47666518 ns/op
|
|
||||||
BenchmarkScrypt14-2 20 92561590 ns/op ... 92ms
|
|
||||||
BenchmarkScrypt15-2 10 183971593 ns/op
|
|
||||||
BenchmarkScrypt16-2 3 368506365 ns/op
|
|
||||||
BenchmarkScrypt17-2 2 755502608 ns/op ... 755ms
|
|
||||||
ok github.com/rfjakob/gocryptfs/v2/cryptfs 18.772s
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
func benchmarkScryptN(n int, b *testing.B) {
|
func BenchmarkScryptN(b *testing.B) {
|
||||||
|
for n := 10; n <= 20; n++ {
|
||||||
|
b.Run(fmt.Sprintf("%d", n), func(b *testing.B) {
|
||||||
|
benchmarkScryptN(b, n)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func benchmarkScryptN(b *testing.B, n int) {
|
||||||
kdf := NewScryptKDF(n)
|
kdf := NewScryptKDF(n)
|
||||||
for i := 0; i < b.N; i++ {
|
for i := 0; i < b.N; i++ {
|
||||||
kdf.DeriveKey(testPw)
|
kdf.DeriveKey(testPw)
|
||||||
}
|
}
|
||||||
}
|
b.ReportAllocs()
|
||||||
|
|
||||||
func BenchmarkScrypt10(b *testing.B) {
|
|
||||||
benchmarkScryptN(10, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt11(b *testing.B) {
|
|
||||||
benchmarkScryptN(11, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt12(b *testing.B) {
|
|
||||||
benchmarkScryptN(12, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt13(b *testing.B) {
|
|
||||||
benchmarkScryptN(13, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt14(b *testing.B) {
|
|
||||||
benchmarkScryptN(14, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt15(b *testing.B) {
|
|
||||||
benchmarkScryptN(15, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt16(b *testing.B) {
|
|
||||||
benchmarkScryptN(16, b)
|
|
||||||
}
|
|
||||||
|
|
||||||
func BenchmarkScrypt17(b *testing.B) {
|
|
||||||
benchmarkScryptN(17, b)
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,15 +12,15 @@ type testRange struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSplitRange(t *testing.T) {
|
func TestSplitRange(t *testing.T) {
|
||||||
var ranges []testRange
|
ranges := []testRange{
|
||||||
|
{0, 70000},
|
||||||
ranges = append(ranges, testRange{0, 70000},
|
{0, 10},
|
||||||
testRange{0, 10},
|
{234, 6511},
|
||||||
testRange{234, 6511},
|
{65444, 54},
|
||||||
testRange{65444, 54},
|
{0, 1024 * 1024},
|
||||||
testRange{0, 1024 * 1024},
|
{0, 65536},
|
||||||
testRange{0, 65536},
|
{6654, 8945},
|
||||||
testRange{6654, 8945})
|
}
|
||||||
|
|
||||||
key := make([]byte, cryptocore.KeyLen)
|
key := make([]byte, cryptocore.KeyLen)
|
||||||
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
||||||
|
@ -42,13 +42,13 @@ func TestSplitRange(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCiphertextRange(t *testing.T) {
|
func TestCiphertextRange(t *testing.T) {
|
||||||
var ranges []testRange
|
ranges := []testRange{
|
||||||
|
{0, 70000},
|
||||||
ranges = append(ranges, testRange{0, 70000},
|
{0, 10},
|
||||||
testRange{0, 10},
|
{234, 6511},
|
||||||
testRange{234, 6511},
|
{65444, 54},
|
||||||
testRange{65444, 54},
|
{6654, 8945},
|
||||||
testRange{6654, 8945})
|
}
|
||||||
|
|
||||||
key := make([]byte, cryptocore.KeyLen)
|
key := make([]byte, cryptocore.KeyLen)
|
||||||
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
|
||||||
|
|
|
@ -6,10 +6,11 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// SanitizePath adapts filepath.Clean for FUSE paths.
|
// SanitizePath adapts filepath.Clean for FUSE paths.
|
||||||
// 1) Leading slash(es) are dropped
|
// 1. Leading slash(es) are dropped
|
||||||
// 2) It returns "" instead of "."
|
// 2. It returns "" instead of "."
|
||||||
// 3) If the cleaned path points above CWD (start with ".."), an empty string
|
// 3. If the cleaned path points above CWD (start with ".."), an empty string
|
||||||
// is returned
|
// is returned
|
||||||
|
//
|
||||||
// See the TestSanitizePath testcases for examples.
|
// See the TestSanitizePath testcases for examples.
|
||||||
func SanitizePath(path string) string {
|
func SanitizePath(path string) string {
|
||||||
// (1)
|
// (1)
|
||||||
|
|
|
@ -273,6 +273,10 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) {
|
||||||
if err == io.EOF {
|
if err == io.EOF {
|
||||||
fileID, err = f.createHeader()
|
fileID, err = f.createHeader()
|
||||||
fileWasEmpty = true
|
fileWasEmpty = true
|
||||||
|
} else if err != nil {
|
||||||
|
// Other errors mean readFileID() found a corrupt header
|
||||||
|
tlog.Warn.Printf("doWrite %d: corrupt header: %v", f.qIno.Ino, err)
|
||||||
|
return 0, syscall.EIO
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, fs.ToErrno(err)
|
return 0, fs.ToErrno(err)
|
||||||
|
@ -380,7 +384,7 @@ func (f *File) Write(ctx context.Context, data []byte, off int64) (uint32, sysca
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
n, errno := f.doWrite(data, off)
|
n, errno := f.doWrite(data, off)
|
||||||
if errno != 0 {
|
if errno == 0 {
|
||||||
f.lastOpCount = openfiletable.WriteOpCount()
|
f.lastOpCount = openfiletable.WriteOpCount()
|
||||||
f.lastWrittenOffset = off + int64(len(data)) - 1
|
f.lastWrittenOffset = off + int64(len(data)) - 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/jacobsa/crypto/siv"
|
"github.com/aperturerobotics/jacobsa-crypto/siv"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Test all supported key lengths
|
// Test all supported key lengths
|
||||||
|
|
|
@ -6,7 +6,7 @@ import (
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
"github.com/jacobsa/crypto/siv"
|
"github.com/aperturerobotics/jacobsa-crypto/siv"
|
||||||
)
|
)
|
||||||
|
|
||||||
type sivAead struct {
|
type sivAead struct {
|
||||||
|
@ -63,7 +63,7 @@ func (s *sivAead) Seal(dst, nonce, plaintext, authData []byte) []byte {
|
||||||
if len(s.key) == 0 {
|
if len(s.key) == 0 {
|
||||||
log.Panic("Key has been wiped?")
|
log.Panic("Key has been wiped?")
|
||||||
}
|
}
|
||||||
// https://github.com/jacobsa/crypto/blob/master/siv/encrypt.go#L48:
|
// https://github.com/aperturerobotics/jacobsa-crypto/blob/master/siv/encrypt.go#L48:
|
||||||
// As per RFC 5297 section 3, you may use this function for nonce-based
|
// As per RFC 5297 section 3, you may use this function for nonce-based
|
||||||
// authenticated encryption by passing a nonce as the last associated
|
// authenticated encryption by passing a nonce as the last associated
|
||||||
// data element.
|
// data element.
|
||||||
|
|
|
@ -23,7 +23,7 @@ import (
|
||||||
const adLen = 24
|
const adLen = 24
|
||||||
|
|
||||||
// gocryptfs uses fixed-size 4 kiB blocks
|
// gocryptfs uses fixed-size 4 kiB blocks
|
||||||
const blockSize = 4096
|
const gocryptfsBlockSize = 4096
|
||||||
|
|
||||||
// Run - run the speed the test and print the results.
|
// Run - run the speed the test and print the results.
|
||||||
func Run() {
|
func Run() {
|
||||||
|
@ -83,6 +83,11 @@ func randBytes(n int) []byte {
|
||||||
|
|
||||||
// bEncrypt benchmarks the encryption speed of cipher "c"
|
// bEncrypt benchmarks the encryption speed of cipher "c"
|
||||||
func bEncrypt(b *testing.B, c cipher.AEAD) {
|
func bEncrypt(b *testing.B, c cipher.AEAD) {
|
||||||
|
bEncryptBlockSize(b, c, gocryptfsBlockSize)
|
||||||
|
}
|
||||||
|
|
||||||
|
// bEncryptBlockSize benchmarks the encryption speed of cipher "c" at block size "blockSize"
|
||||||
|
func bEncryptBlockSize(b *testing.B, c cipher.AEAD, blockSize int) {
|
||||||
authData := randBytes(adLen)
|
authData := randBytes(adLen)
|
||||||
iv := randBytes(c.NonceSize())
|
iv := randBytes(c.NonceSize())
|
||||||
in := make([]byte, blockSize)
|
in := make([]byte, blockSize)
|
||||||
|
@ -97,13 +102,12 @@ func bEncrypt(b *testing.B, c cipher.AEAD) {
|
||||||
// Encrypt and append to nonce
|
// Encrypt and append to nonce
|
||||||
c.Seal(dst, iv, in, authData)
|
c.Seal(dst, iv, in, authData)
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func bDecrypt(b *testing.B, c cipher.AEAD) {
|
func bDecrypt(b *testing.B, c cipher.AEAD) {
|
||||||
authData := randBytes(adLen)
|
authData := randBytes(adLen)
|
||||||
iv := randBytes(c.NonceSize())
|
iv := randBytes(c.NonceSize())
|
||||||
plain := randBytes(blockSize)
|
plain := randBytes(gocryptfsBlockSize)
|
||||||
ciphertext := c.Seal(iv, iv, plain, authData)
|
ciphertext := c.Seal(iv, iv, plain, authData)
|
||||||
|
|
||||||
b.SetBytes(int64(len(plain)))
|
b.SetBytes(int64(len(plain)))
|
||||||
|
@ -129,6 +133,10 @@ func bStupidGCM(b *testing.B) {
|
||||||
|
|
||||||
// bGoGCM benchmarks Go stdlib GCM
|
// bGoGCM benchmarks Go stdlib GCM
|
||||||
func bGoGCM(b *testing.B) {
|
func bGoGCM(b *testing.B) {
|
||||||
|
bGoGCMBlockSize(b, gocryptfsBlockSize)
|
||||||
|
}
|
||||||
|
|
||||||
|
func bGoGCMBlockSize(b *testing.B, blockSize int) {
|
||||||
gAES, err := aes.NewCipher(randBytes(32))
|
gAES, err := aes.NewCipher(randBytes(32))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
b.Fatal(err)
|
b.Fatal(err)
|
||||||
|
@ -137,10 +145,10 @@ func bGoGCM(b *testing.B) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
b.Fatal(err)
|
b.Fatal(err)
|
||||||
}
|
}
|
||||||
bEncrypt(b, gGCM)
|
bEncryptBlockSize(b, gGCM, blockSize)
|
||||||
}
|
}
|
||||||
|
|
||||||
// bAESSIV benchmarks AES-SIV from github.com/jacobsa/crypto/siv
|
// bAESSIV benchmarks AES-SIV from github.com/aperturerobotics/jacobsa-crypto/siv
|
||||||
func bAESSIV(b *testing.B) {
|
func bAESSIV(b *testing.B) {
|
||||||
c := siv_aead.New(randBytes(64))
|
c := siv_aead.New(randBytes(64))
|
||||||
bEncrypt(b, c)
|
bEncrypt(b, c)
|
||||||
|
|
|
@ -3,6 +3,7 @@ package speed
|
||||||
import (
|
import (
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
|
"fmt"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"golang.org/x/crypto/chacha20poly1305"
|
"golang.org/x/crypto/chacha20poly1305"
|
||||||
|
@ -38,6 +39,13 @@ func BenchmarkGoGCM(b *testing.B) {
|
||||||
bGoGCM(b)
|
bGoGCM(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func BenchmarkGoGCMBlockSize(b *testing.B) {
|
||||||
|
for blockSize := 16; blockSize <= 1024*1024; blockSize *= 2 {
|
||||||
|
name := fmt.Sprintf("%d", blockSize)
|
||||||
|
b.Run(name, func(b *testing.B) { bGoGCMBlockSize(b, blockSize) })
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func BenchmarkGoGCMDecrypt(b *testing.B) {
|
func BenchmarkGoGCMDecrypt(b *testing.B) {
|
||||||
gAES, err := aes.NewCipher(randBytes(32))
|
gAES, err := aes.NewCipher(randBytes(32))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
// Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
|
// Corrupt ciphertexts never cause a panic. Instead, ErrAuth is returned on
|
||||||
// decryption.
|
// decryption.
|
||||||
//
|
//
|
||||||
// XChaCha20-Poly1305
|
// # XChaCha20-Poly1305
|
||||||
//
|
//
|
||||||
// The XChaCha20-Poly1305 implementation is more complicated than the others,
|
// The XChaCha20-Poly1305 implementation is more complicated than the others,
|
||||||
// because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
|
// because OpenSSL does not support XChaCha20-Poly1305 directly. Follow
|
||||||
|
|
|
@ -11,8 +11,8 @@ import (
|
||||||
//
|
//
|
||||||
// Go GCM is only faster if the CPU either:
|
// Go GCM is only faster if the CPU either:
|
||||||
//
|
//
|
||||||
// 1) Is X86_64 && has AES instructions && Go is v1.6 or higher
|
// 1. Is X86_64 && has AES instructions && Go is v1.6 or higher
|
||||||
// 2) Is ARM64 && has AES instructions && Go is v1.11 or higher
|
// 2. Is ARM64 && has AES instructions && Go is v1.11 or higher
|
||||||
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
|
// (commit https://github.com/golang/go/commit/4f1f503373cda7160392be94e3849b0c9b9ebbda)
|
||||||
//
|
//
|
||||||
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
|
// See https://github.com/rfjakob/gocryptfs/wiki/CPU-Benchmarks
|
||||||
|
|
34
main.go
34
main.go
|
@ -4,7 +4,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
@ -20,22 +19,9 @@ import (
|
||||||
"github.com/rfjakob/gocryptfs/v2/internal/fido2"
|
"github.com/rfjakob/gocryptfs/v2/internal/fido2"
|
||||||
"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
|
"github.com/rfjakob/gocryptfs/v2/internal/readpassword"
|
||||||
"github.com/rfjakob/gocryptfs/v2/internal/speed"
|
"github.com/rfjakob/gocryptfs/v2/internal/speed"
|
||||||
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
|
|
||||||
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GitVersion is the gocryptfs version according to git, set by build.bash
|
|
||||||
var GitVersion = "[GitVersion not set - please compile using ./build.bash]"
|
|
||||||
|
|
||||||
// GitVersionFuse is the go-fuse library version, set by build.bash
|
|
||||||
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
|
|
||||||
|
|
||||||
// BuildDate is a date string like "2017-09-06", set by build.bash
|
|
||||||
var BuildDate = "0000-00-00"
|
|
||||||
|
|
||||||
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
|
||||||
var raceDetector bool
|
|
||||||
|
|
||||||
// loadConfig loads the config file `args.config` and decrypts the masterkey,
|
// loadConfig loads the config file `args.config` and decrypts the masterkey,
|
||||||
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
|
// or gets via the `-masterkey` or `-zerokey` command line options, if specified.
|
||||||
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
func loadConfig(args *argContainer) (masterkey []byte, cf *configfile.ConfFile, err error) {
|
||||||
|
@ -137,26 +123,6 @@ func changePassword(args *argContainer) {
|
||||||
tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset)
|
tlog.Info.Printf(tlog.ColorGreen + "Password changed." + tlog.ColorReset)
|
||||||
}
|
}
|
||||||
|
|
||||||
// printVersion prints a version string like this:
|
|
||||||
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
|
|
||||||
func printVersion() {
|
|
||||||
var tagsSlice []string
|
|
||||||
if stupidgcm.BuiltWithoutOpenssl {
|
|
||||||
tagsSlice = append(tagsSlice, "without_openssl")
|
|
||||||
}
|
|
||||||
tags := ""
|
|
||||||
if tagsSlice != nil {
|
|
||||||
tags = " " + strings.Join(tagsSlice, " ")
|
|
||||||
}
|
|
||||||
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
|
|
||||||
if raceDetector {
|
|
||||||
built += " -race"
|
|
||||||
}
|
|
||||||
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
|
|
||||||
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
|
|
||||||
runtime.GOOS, runtime.GOARCH)
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
mxp := runtime.GOMAXPROCS(0)
|
mxp := runtime.GOMAXPROCS(0)
|
||||||
if mxp < 4 && os.Getenv("GOMAXPROCS") == "" {
|
if mxp < 4 && os.Getenv("GOMAXPROCS") == "" {
|
||||||
|
|
16
mount.go
16
mount.go
|
@ -120,9 +120,18 @@ func doMount(args *argContainer) {
|
||||||
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
|
tlog.Info.Println(tlog.ColorGreen + "Filesystem mounted and ready." + tlog.ColorReset)
|
||||||
// We have been forked into the background, as evidenced by the set
|
// We have been forked into the background, as evidenced by the set
|
||||||
// "notifypid".
|
// "notifypid".
|
||||||
|
// Do what daemons should do: https://man7.org/linux/man-pages/man7/daemon.7.html
|
||||||
if args.notifypid > 0 {
|
if args.notifypid > 0 {
|
||||||
// Chdir to the root directory so we don't block unmounting the CWD
|
// Chdir to the root directory so we don't block unmounting the CWD
|
||||||
os.Chdir("/")
|
os.Chdir("/")
|
||||||
|
// Disconnect from the controlling terminal by creating a new session.
|
||||||
|
// This prevents us from getting SIGINT when the user presses Ctrl-C
|
||||||
|
// to exit a running script that has called gocryptfs, or SIGHUP when
|
||||||
|
// xfce4-terminal closes itself ( https://github.com/rfjakob/gocryptfs/issues/660 ).
|
||||||
|
_, err = syscall.Setsid()
|
||||||
|
if err != nil {
|
||||||
|
tlog.Warn.Printf("Setsid: %v", err)
|
||||||
|
}
|
||||||
// Switch to syslog
|
// Switch to syslog
|
||||||
if !args.nosyslog {
|
if !args.nosyslog {
|
||||||
// Switch all of our logs and the generic logger to syslog
|
// Switch all of our logs and the generic logger to syslog
|
||||||
|
@ -134,13 +143,6 @@ func doMount(args *argContainer) {
|
||||||
// Daemons should redirect stdin, stdout and stderr
|
// Daemons should redirect stdin, stdout and stderr
|
||||||
redirectStdFds()
|
redirectStdFds()
|
||||||
}
|
}
|
||||||
// Disconnect from the controlling terminal by creating a new session.
|
|
||||||
// This prevents us from getting SIGINT when the user presses Ctrl-C
|
|
||||||
// to exit a running script that has called gocryptfs.
|
|
||||||
_, err = syscall.Setsid()
|
|
||||||
if err != nil {
|
|
||||||
tlog.Warn.Printf("Setsid: %v", err)
|
|
||||||
}
|
|
||||||
// Send SIGUSR1 to our parent
|
// Send SIGUSR1 to our parent
|
||||||
sendUsr1(args.notifypid)
|
sendUsr1(args.notifypid)
|
||||||
}
|
}
|
||||||
|
|
|
@ -462,7 +462,9 @@ func TestPasswdPasswordIncorrect(t *testing.T) {
|
||||||
|
|
||||||
// Check that we correctly background on mount and close stderr and stdout.
|
// Check that we correctly background on mount and close stderr and stdout.
|
||||||
// Something like
|
// Something like
|
||||||
|
//
|
||||||
// gocryptfs a b | cat
|
// gocryptfs a b | cat
|
||||||
|
//
|
||||||
// must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
|
// must not hang ( https://github.com/rfjakob/gocryptfs/issues/130 ).
|
||||||
func TestMountBackground(t *testing.T) {
|
func TestMountBackground(t *testing.T) {
|
||||||
dir := test_helpers.InitFS(t)
|
dir := test_helpers.InitFS(t)
|
||||||
|
|
|
@ -204,7 +204,9 @@ func TestWrite0200File(t *testing.T) {
|
||||||
|
|
||||||
// TestMvWarnings:
|
// TestMvWarnings:
|
||||||
// When xattr support was introduced, mv threw warnings like these:
|
// When xattr support was introduced, mv threw warnings like these:
|
||||||
|
//
|
||||||
// mv: preserving permissions for ‘b/x’: Operation not permitted
|
// mv: preserving permissions for ‘b/x’: Operation not permitted
|
||||||
|
//
|
||||||
// because we returned EPERM when it tried to set system.posix_acl_access.
|
// because we returned EPERM when it tried to set system.posix_acl_access.
|
||||||
// Now we return EOPNOTSUPP and mv is happy.
|
// Now we return EOPNOTSUPP and mv is happy.
|
||||||
func TestMvWarnings(t *testing.T) {
|
func TestMvWarnings(t *testing.T) {
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"runtime"
|
||||||
|
"runtime/debug"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
|
||||||
|
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
gitVersionNotSet = "[GitVersion not set - please compile using ./build.bash]"
|
||||||
|
gitVersionFuseNotSet = "[GitVersionFuse not set - please compile using ./build.bash]"
|
||||||
|
buildDateNotSet = "0000-00-00"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// GitVersion is the gocryptfs version according to git, set by build.bash
|
||||||
|
GitVersion = gitVersionNotSet
|
||||||
|
// GitVersionFuse is the go-fuse library version, set by build.bash
|
||||||
|
GitVersionFuse = gitVersionFuseNotSet
|
||||||
|
// BuildDate is a date string like "2017-09-06", set by build.bash
|
||||||
|
BuildDate = buildDateNotSet
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
versionFromBuildInfo()
|
||||||
|
}
|
||||||
|
|
||||||
|
// raceDetector is set to true by race.go if we are compiled with "go build -race"
|
||||||
|
var raceDetector bool
|
||||||
|
|
||||||
|
// printVersion prints a version string like this:
|
||||||
|
// gocryptfs v1.7-32-gcf99cfd; go-fuse v1.0.0-174-g22a9cb9; 2019-05-12 go1.12 linux/amd64
|
||||||
|
func printVersion() {
|
||||||
|
var tagsSlice []string
|
||||||
|
if stupidgcm.BuiltWithoutOpenssl {
|
||||||
|
tagsSlice = append(tagsSlice, "without_openssl")
|
||||||
|
}
|
||||||
|
tags := ""
|
||||||
|
if tagsSlice != nil {
|
||||||
|
tags = " " + strings.Join(tagsSlice, " ")
|
||||||
|
}
|
||||||
|
built := fmt.Sprintf("%s %s", BuildDate, runtime.Version())
|
||||||
|
if raceDetector {
|
||||||
|
built += " -race"
|
||||||
|
}
|
||||||
|
fmt.Printf("%s %s%s; go-fuse %s; %s %s/%s\n",
|
||||||
|
tlog.ProgramName, GitVersion, tags, GitVersionFuse, built,
|
||||||
|
runtime.GOOS, runtime.GOARCH)
|
||||||
|
}
|
||||||
|
|
||||||
|
// versionFromBuildInfo tries to get some information out of the information baked in
|
||||||
|
// by the Go compiler. Does nothing when build.bash was used to build.
|
||||||
|
func versionFromBuildInfo() {
|
||||||
|
info, ok := debug.ReadBuildInfo()
|
||||||
|
if !ok {
|
||||||
|
tlog.Debug.Println("versionFromBuildInfo: ReadBuildInfo() failed")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
// Fill our version strings
|
||||||
|
if GitVersion == gitVersionNotSet && info.Main.Version != "(devel)" {
|
||||||
|
GitVersion = info.Main.Version
|
||||||
|
}
|
||||||
|
if GitVersionFuse == gitVersionFuseNotSet {
|
||||||
|
for _, m := range info.Deps {
|
||||||
|
if m.Path == "github.com/hanwen/go-fuse/v2" {
|
||||||
|
GitVersionFuse = m.Version
|
||||||
|
if m.Replace != nil {
|
||||||
|
GitVersionFuse = m.Replace.Version
|
||||||
|
}
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue