aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md190
1 files changed, 95 insertions, 95 deletions
diff --git a/README.md b/README.md
index df207d9..2e3467b 100644
--- a/README.md
+++ b/README.md
@@ -140,16 +140,16 @@ Changelog
v1.3-beta1
* **Use HKDF to derive separate keys for GCM and EME**
- * New feature flag: `HKDF` (enabled by default)
- * This is a forwards-compatible change. gocryptfs v1.3 can mount
+ * New feature flag: `HKDF` (enabled by default)
+ * This is a forwards-compatible change. gocryptfs v1.3 can mount
filesystems created by earlier versions but not the other way round.
* Enable Raw64 filename encoding by default (gets rid of trailing `==` characters)
* Drop Go 1.4 compatibility. You now need Go 1.5 (released 2015-08-19)
or higher to build gocryptfs.
* Add `-serialize_reads` command-line option
- * This can greatly improve performance on storage
- that is very slow for concurrent out-of-order reads. Example:
- Amazon Cloud Drive ([#92](https://github.com/rfjakob/gocryptfs/issues/92)
+ * This can greatly improve performance on storage
+ that is very slow for concurrent out-of-order reads. Example:
+ Amazon Cloud Drive ([#92](https://github.com/rfjakob/gocryptfs/issues/92)
v1.2.1, 2017-02-26
* Add an integrated speed test, `gocryptfs -speed`
@@ -161,7 +161,7 @@ v1.2.1, 2017-02-26
v1.2, 2016-12-04
* Add a control socket interface. Allows to encrypt and decrypt filenames.
For details see [backintime#644](https://github.com/bit-team/backintime/issues/644#issuecomment-259835183).
- * New command-line option: `-ctlsock`
+ * New command-line option: `-ctlsock`
* Under certain circumstances, concurrent truncate and read could return
an I/O error. This is fixed by introducing a global open file table
that stores the file IDs
@@ -170,10 +170,10 @@ v1.2, 2016-12-04
the write FUSE call
([commit with benchmarks](https://github.com/rfjakob/gocryptfs/commit/024511d9c71558be4b1169d6bb43bd18d65539e0))
* Add `-noprealloc` command-line option
- * Greatly speeds up writes on Btrfs
- ([#63](https://github.com/rfjakob/gocryptfs/issues/63))
- at the cost of reduced out-of-space robustness.
- * This is a workaround for Btrfs' slow fallocate(2)
+ * Greatly speeds up writes on Btrfs
+ ([#63](https://github.com/rfjakob/gocryptfs/issues/63))
+ at the cost of reduced out-of-space robustness.
+ * This is a workaround for Btrfs' slow fallocate(2)
* Preserve owner for symlinks an device files (fixes bug [#64](https://github.com/rfjakob/gocryptfs/issues/64))
* Include rendered man page `gocryptfs.1` in the release tarball
@@ -186,22 +186,22 @@ v1.1.1, 2016-10-30
v1.1, 2016-10-19
* **Add reverse mode ([#19](https://github.com/rfjakob/gocryptfs/issues/19))**
- * AES-SIV (RFC5297) encryption to implement deterministic encryption
- securely. Uses the excellent
- [jacobsa/crypto](https://github.com/jacobsa/crypto) library.
- The corresponding feature flag is called `AESSIV`.
- * New command-line options: `-reverse`, `-aessiv`
- * Filesystems using reverse mode can only be mounted with gocryptfs v1.1
- and later.
- * The default, forward mode, stays fully compatible with older versions.
- Forward mode will keep using GCM because it is much faster.
+ * AES-SIV (RFC5297) encryption to implement deterministic encryption
+ securely. Uses the excellent
+ [jacobsa/crypto](https://github.com/jacobsa/crypto) library.
+ The corresponding feature flag is called `AESSIV`.
+ * New command-line options: `-reverse`, `-aessiv`
+ * Filesystems using reverse mode can only be mounted with gocryptfs v1.1
+ and later.
+ * The default, forward mode, stays fully compatible with older versions.
+ Forward mode will keep using GCM because it is much faster.
* Accept `-o foo,bar,baz`-style options that are passed at the end of
the command-line, like mount(1) does. All other options must still
precede the passed paths.
- * This allows **mounting from /etc/fstab**. See
- [#45](https://github.com/rfjakob/gocryptfs/issues/45) for details.
- * **Mounting on login using pam_mount** works as well. It is
- [described in the wiki](https://github.com/rfjakob/gocryptfs/wiki/Mounting-on-login-using-pam_mount).
+ * This allows **mounting from /etc/fstab**. See
+ [#45](https://github.com/rfjakob/gocryptfs/issues/45) for details.
+ * **Mounting on login using pam_mount** works as well. It is
+ [described in the wiki](https://github.com/rfjakob/gocryptfs/wiki/Mounting-on-login-using-pam_mount).
* To prevent confusion, the old `-o` option had to be renamed. It is now
called `-ko`. Arguments to `-ko` are passed directly to the kernel.
* New `-passfile` command-line option. Provides an easier way to read
@@ -212,84 +212,84 @@ v1.1, 2016-10-19
v1.0, 2016-07-17
* Deprecate very old filesystems, stage 3/3
- * Filesystems created by v0.6 can no longer be mounted
- * Drop command-line options `-gcmiv128`, `-emenames`, `-diriv`. These
- are now always enabled.
+ * Filesystems created by v0.6 can no longer be mounted
+ * Drop command-line options `-gcmiv128`, `-emenames`, `-diriv`. These
+ are now always enabled.
* Add fallocate(2) support
* New command-line option `-o`
- * Allows to pass mount options directly to the kernel
+ * Allows to pass mount options directly to the kernel
* Add support for device files and suid binaries
- * Only works when running as root
- * Must be explicitely enabled by passing "-o dev" or "-o suid" or "-o suid,dev"
+ * Only works when running as root
+ * Must be explicitely enabled by passing "-o dev" or "-o suid" or "-o suid,dev"
* Experimental Mac OS X support. See
[ticket #15](https://github.com/rfjakob/gocryptfs/issues/15) for details.
v0.12, 2016-06-19
* Deprecate very old filesystems, stage 2/3
- * Filesystems created by v0.6 and older can only be mounted read-only
- * A [message](https://github.com/rfjakob/gocryptfs/blob/v0.12/internal/configfile/config_file.go#L120)
- explaining the situation is printed as well
+ * Filesystems created by v0.6 and older can only be mounted read-only
+ * A [message](https://github.com/rfjakob/gocryptfs/blob/v0.12/internal/configfile/config_file.go#L120)
+ explaining the situation is printed as well
* New command line option: `-ro`
- * Mounts the filesystem read-only
+ * Mounts the filesystem read-only
* Accept password from stdin as well ([ticket #30](https://github.com/rfjakob/gocryptfs/issues/30))
v0.11, 2016-06-10
* Deprecate very old filesystems, stage 1/3
- * Filesystems created by v0.6 and older can still be mounted but a
- [warning](https://github.com/rfjakob/gocryptfs/blob/v0.11/internal/configfile/config_file.go#L120)
- is printed
- * See [ticket #29](https://github.com/rfjakob/gocryptfs/issues/29) for details and
- join the discussion
+ * Filesystems created by v0.6 and older can still be mounted but a
+ [warning](https://github.com/rfjakob/gocryptfs/blob/v0.11/internal/configfile/config_file.go#L120)
+ is printed
+ * See [ticket #29](https://github.com/rfjakob/gocryptfs/issues/29) for details and
+ join the discussion
* Add rsync stress test "pingpong-rsync.bash"
- * Fix chown and utimens failures that caused rsync to complain
+ * Fix chown and utimens failures that caused rsync to complain
* Build release binaries with Go 1.6.2
- * Big speedup for CPUs with AES-NI, see [ticket #23](https://github.com/rfjakob/gocryptfs/issues/23)
+ * Big speedup for CPUs with AES-NI, see [ticket #23](https://github.com/rfjakob/gocryptfs/issues/23)
v0.10, 2016-05-30
* **Replace `spacemonkeygo/openssl` with `stupidgcm`**
- * gocryptfs now has its own thin wrapper to OpenSSL's GCM implementation
- called `stupidgcm`.
- * This should fix the [compile issues](https://github.com/rfjakob/gocryptfs/issues/21)
- people are seeing with `spacemonkeygo/openssl`. It also gets us
- a 20% performance boost for streaming writes.
+ * gocryptfs now has its own thin wrapper to OpenSSL's GCM implementation
+ called `stupidgcm`.
+ * This should fix the [compile issues](https://github.com/rfjakob/gocryptfs/issues/21)
+ people are seeing with `spacemonkeygo/openssl`. It also gets us
+ a 20% performance boost for streaming writes.
* **Automatically choose between OpenSSL and Go crypto** [issue #23](https://github.com/rfjakob/gocryptfs/issues/23)
- * Go 1.6 added an optimized GCM implementation in amd64 assembly that uses AES-NI.
- This is faster than OpenSSL and is used if available. In all other
- cases OpenSSL is much faster and is used instead.
- * `-openssl=auto` is the new default
- * Passing `-openssl=true/false` overrides the autodetection.
+ * Go 1.6 added an optimized GCM implementation in amd64 assembly that uses AES-NI.
+ This is faster than OpenSSL and is used if available. In all other
+ cases OpenSSL is much faster and is used instead.
+ * `-openssl=auto` is the new default
+ * Passing `-openssl=true/false` overrides the autodetection.
* Warn but continue anyway if fallocate(2) is not supported by the
underlying filesystem, see [issue #22](https://github.com/rfjakob/gocryptfs/issues/22)
- * Enables to use gocryptfs on ZFS and ext3, albeit with reduced out-of-space safety.
+ * Enables to use gocryptfs on ZFS and ext3, albeit with reduced out-of-space safety.
* [Fix statfs](https://github.com/rfjakob/gocryptfs/pull/27), by @lxp
* Fix a fsstress [failure](https://github.com/hanwen/go-fuse/issues/106)
in the go-fuse library.
v0.9, 2016-04-10
* **Long file name support**
- * gocryptfs now supports file names up to 255 characters.
- * This is a forwards-compatible change. gocryptfs v0.9 can mount filesystems
+ * gocryptfs now supports file names up to 255 characters.
+ * This is a forwards-compatible change. gocryptfs v0.9 can mount filesystems
created by earlier versions but not the other way round.
* Refactor gocryptfs into multiple "internal" packages
* New command-line options:
- * `-longnames`: Enable long file name support (default true)
- * `-nosyslog`: Print messages to stdout and stderr instead of syslog (default false)
- * `-wpanic`: Make warning messages fatal (used for testing)
- * `-d`: Alias for `-debug`
- * `-q`: Alias for `-quiet`
+ * `-longnames`: Enable long file name support (default true)
+ * `-nosyslog`: Print messages to stdout and stderr instead of syslog (default false)
+ * `-wpanic`: Make warning messages fatal (used for testing)
+ * `-d`: Alias for `-debug`
+ * `-q`: Alias for `-quiet`
v0.8, 2016-01-23
* Redirect output to syslog when running in the background
* New command-line option:
- * `-memprofile`: Write a memory allocation debugging profile the specified
- file
+ * `-memprofile`: Write a memory allocation debugging profile the specified
+ file
v0.7.2, 2016-01-19
* **Fix performance issue in small file creation**
- * This brings performance on-par with EncFS paranoia mode, with streaming writes
- significantly faster
- * The actual [fix](https://github.com/hanwen/go-fuse/commit/c4b6b7949716d13eec856baffc7b7941ae21778c)
- is in the go-fuse library. There are no code changes in gocryptfs.
+ * This brings performance on-par with EncFS paranoia mode, with streaming writes
+ significantly faster
+ * The actual [fix](https://github.com/hanwen/go-fuse/commit/c4b6b7949716d13eec856baffc7b7941ae21778c)
+ is in the go-fuse library. There are no code changes in gocryptfs.
v0.7.1, 2016-01-09
* Make the `build.bash` script compatible with Go 1.3
@@ -298,23 +298,23 @@ v0.7.1, 2016-01-09
v0.7, 2015-12-20
* **Extend GCM IV size to 128 bit from Go's default of 96 bit**
- * This pushes back the birthday bound to make IV collisions virtually
- impossible
- * This is a forwards-compatible change. gocryptfs v0.7 can mount filesystems
- created by earlier versions but not the other way round.
+ * This pushes back the birthday bound to make IV collisions virtually
+ impossible
+ * This is a forwards-compatible change. gocryptfs v0.7 can mount filesystems
+ created by earlier versions but not the other way round.
* New command-line option:
- * `-gcmiv128`: Use 128-bit GCM IVs (default true)
+ * `-gcmiv128`: Use 128-bit GCM IVs (default true)
v0.6, 2015-12-08
* **Wide-block filename encryption using EME + DirIV**
- * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes
- the prefix leak. The used Go EME implementation is
- https://github.com/rfjakob/eme which is, as far as I know, the first
- implementation of EME in Go.
- * This is a forwards-compatible change. gocryptfs v0.6 can mount filesystems
- created by earlier versions but not the other way round.
+ * EME (ECB-Mix-ECB) provides even better security than CBC as it fixes
+ the prefix leak. The used Go EME implementation is
+ https://github.com/rfjakob/eme which is, as far as I know, the first
+ implementation of EME in Go.
+ * This is a forwards-compatible change. gocryptfs v0.6 can mount filesystems
+ created by earlier versions but not the other way round.
* New command-line option:
- * `-emenames`: Enable EME filename encryption (default true)
+ * `-emenames`: Enable EME filename encryption (default true)
v0.5.1, 2015-12-06
* Fix a rename regression caused by DirIV and add test case
@@ -322,34 +322,34 @@ v0.5.1, 2015-12-06
v0.5, 2015-12-04
* **Stronger filename encryption: DirIV**
- * Each directory gets a random 128 bit file name IV on creation,
- stored in `gocryptfs.diriv`
- * This makes it impossible to identify identically-named files across
- directories
- * A single-entry IV cache brings the performance cost of DirIV close to
- zero for common operations (see performance.txt)
- * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems
- created by earlier versions but not the other way round.
+ * Each directory gets a random 128 bit file name IV on creation,
+ stored in `gocryptfs.diriv`
+ * This makes it impossible to identify identically-named files across
+ directories
+ * A single-entry IV cache brings the performance cost of DirIV close to
+ zero for common operations (see performance.txt)
+ * This is a forwards-compatible change. gocryptfs v0.5 can mount filesystems
+ created by earlier versions but not the other way round.
* New command-line option:
- * `-diriv`: Use the new per-directory IV file name encryption (default true)
- * `-scryptn`: allows to set the scrypt cost parameter N. This option
- can be used for faster mounting at the cost of lower brute-force
- resistance. It was mainly added to speed up the automated tests.
+ * `-diriv`: Use the new per-directory IV file name encryption (default true)
+ * `-scryptn`: allows to set the scrypt cost parameter N. This option
+ can be used for faster mounting at the cost of lower brute-force
+ resistance. It was mainly added to speed up the automated tests.
v0.4, 2015-11-15
* New command-line options:
- * `-plaintextnames`: disables filename encryption, added on user request
- * `-extpass`: calls an external program for prompting for the password
- * `-config`: allows to specify a custom gocryptfs.conf path
+ * `-plaintextnames`: disables filename encryption, added on user request
+ * `-extpass`: calls an external program for prompting for the password
+ * `-config`: allows to specify a custom gocryptfs.conf path
* Add `FeatureFlags` gocryptfs.conf paramter
- * This is a config format change, hence the on-disk format is incremented
- * Used for ext4-style filesystem feature flags. This should help avoid future
- format changes. The first user is `-plaintextnames`.
+ * This is a config format change, hence the on-disk format is incremented
+ * Used for ext4-style filesystem feature flags. This should help avoid future
+ format changes. The first user is `-plaintextnames`.
* On-disk format 2
v0.3, 2015-11-01
* **Add a random 128 bit file header to authenticate file->block ownership**
- * This is an on-disk-format change
+ * This is an on-disk-format change
* On-disk format 1
v0.2, 2015-10-11