reverse mode: support wildcard exclude (--exclude-wildcard)

This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.

Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).

3 files changed, 13 insertions, 6 deletions

diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 5fb72cd..e767f28 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -30,6 +30,13 @@ type Args struct {
 	SerializeReads bool
 	// Force decode even if integrity check fails (openSSL only)
 	ForceDecode bool
-	// Exclude is a list of paths to make inaccessible
+	// Exclude is a list of paths to make inaccessible, starting match at
+	// the filesystem root
 	Exclude []string
+	// ExcludeWildcards is a list of paths to make inaccessible, matched
+	// anywhere, and supporting wildcards
+	ExcludeWildcard []string
+	// ExcludeFrom is a list of files from which to read exclusion patterns
+	// (with wildcard syntax)
+	ExcludeFrom []string
 }
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index ff628e5..2c40942 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -35,7 +35,7 @@ type FS struct {
 	// states
 	dirIVLock sync.RWMutex
 	// Filename encryption helper
-	nameTransform *nametransform.NameTransform
+	nameTransform nametransform.NameTransformer
 	// Content encryption helper
 	contentEnc *contentenc.ContentEnc
 	// This lock is used by openWriteOnlyFile() to block concurrent opens while
@@ -62,7 +62,7 @@ type FS struct {
 //var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
 
 // NewFS returns a new encrypted FUSE overlay filesystem.
-func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *FS {
+func NewFS(args Args, c *contentenc.ContentEnc, n nametransform.NameTransformer) *FS {
 	if args.SerializeReads {
 		serialize_reads.InitSerializer()
 	}
@@ -399,7 +399,7 @@ func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) {
 	if cData64 == "" {
 		return "", nil
 	}
-	cData, err := fs.nameTransform.B64.DecodeString(cData64)
+	cData, err := fs.nameTransform.B64DecodeString(cData64)
 	if err != nil {
 		return "", err
 	}
@@ -472,7 +472,7 @@ func (fs *FS) encryptSymlinkTarget(data string) (cData64 string) {
 		return ""
 	}
 	cData := fs.contentEnc.EncryptBlock([]byte(data), 0, nil)
-	cData64 = fs.nameTransform.B64.EncodeToString(cData)
+	cData64 = fs.nameTransform.B64EncodeToString(cData)
 	return cData64
 }
 
diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go
index 1de9cac..20e8db7 100644
--- a/internal/fusefrontend/xattr.go
+++ b/internal/fusefrontend/xattr.go
@@ -150,7 +150,7 @@ func (fs *FS) decryptXattrValue(cData []byte) (data []byte, err error) {
 	}
 	// This backward compatibility is needed to support old
 	// file systems having xattr values base64-encoded.
-	cData, err2 := fs.nameTransform.B64.DecodeString(string(cData))
+	cData, err2 := fs.nameTransform.B64DecodeString(string(cData))
 	if err2 != nil {
 		// Looks like the value was not base64-encoded, but just corrupt.
 		// Return the original decryption error: err1