aboutsummaryrefslogtreecommitdiff
path: root/Documentation
AgeCommit message (Collapse)Author
2021-11-01docs: names longer than 175 bytes (not 176) are stored in longnamesJakob Unterwurzacher
Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
2021-10-21cli: add -longnamemaxJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/499
2021-09-10Update README & MANPAGEJakob Unterwurzacher
2021-09-10cli: drop -forcedecode flagJakob Unterwurzacher
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
2021-09-01*: trim trailing whitespacea1346054
2021-09-01*: fix spellinga1346054
2021-09-01shell scripts: fix shellcheck warningsa1346054
2021-08-26doc: file-format.md: describe XChaCha20-Poly1305Jakob Unterwurzacher
Different nonce size.
2021-08-25-devrandom: make flag a no-opJakob Unterwurzacher
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
2021-08-24MANPAGE: add -xchachaJakob Unterwurzacher
2021-08-20MANPAGE: move nosyslog to MOUNT OPTIONS sectionJakob Unterwurzacher
It was in INIT OPTIONS by mistake.
2021-08-20-deterministic-names: accept flag on -initJakob Unterwurzacher
And store it in gocryptfs.conf (=remove DirIV feature flag).
2021-08-19Flag -zerodiriv to create all diriv as all zero byte filesJose M Perez
2021-08-18MANPAGE: add "exclude all but" exampleJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/588
2021-08-18MANPAGE: -ew: make gitignore syntax more prominentJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/588
2021-08-16reverse mode: implement -one-file-systemJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/475
2021-06-26doc: update performance.txtJakob Unterwurzacher
2021-06-20MANPAGE: describe -badnameJakob Unterwurzacher
2021-06-05doc: add benchmark for v2.0, reformat tableJakob Unterwurzacher
2021-04-07Doc: update performance.txtJakob Unterwurzacher
2021-04-03performance.txt: add dirfd caching resultsJakob Unterwurzacher
Also, add v2.0-beta2-16-geaca820. I bisected the ls performance regression to this commit.
2021-01-10MANPAGE: add sub-headers to EXAMPLESJakob Unterwurzacher
Makes linking to them easier.
2021-01-02-idle: don't lazy-unmountJakob Unterwurzacher
When a process has its working dir inside the mount, the only way we notice is that we get EBUSY when trying to unmount. We used to lazy-unmount in this case, but this means pulling the rug from under the process. For example, bash will start throwing cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory messages. Fixes https://github.com/rfjakob/gocryptfs/issues/533
2020-12-20main: add "-kernel_cache" flaggmd20
This option is similar to fuse(8) kernel_cache Verified using vmtouch. Without -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011159 seconds Files: 1 Directories: 0 Resident Pages: 0/2560 0/10M 0% Elapsed: 0.000993 seconds With -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011564 seconds Files: 1 Directories: 0 Resident Pages: 2560/2560 10M/10M 100% Elapsed: 0.000369 seconds
2020-11-14MANPAGE: add fstab exampleJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/497
2020-11-14MANPAGE: add -info example outputJakob Unterwurzacher
2020-11-14MANPAGE: split up OPTIONS into action flags, init, mount, commonJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/517
2020-11-14MANPAGE: clarify -fg and syslog interactionJakob Unterwurzacher
The flag -fg does NOT imply -nosyslog. Syslog redirection is active when -notifypid is passed.
2020-11-10performance.txt: add v2.0-beta1-9 resultsJakob Unterwurzacher
2020-10-18fusefronted: reject GETXATTR "security.capability"Jakob Unterwurzacher
Unless we are mounted with -suid, we can reject these requests, and gain back some lost speed. Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-16performance.txt: add gocryptfs v1.8.0 resultsJakob Unterwurzacher
2020-10-16Update performance.txt with gocryptfs v2.0-beta1 resultJakob Unterwurzacher
As expected, we are slow. Fd caching will be implemented later.
2020-09-12Add support for FIDO2 tokensPavol Rusnak
2020-09-06manpage: link to exitcodes.goJakob Unterwurzacher
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-10gocryptfs-xray: document -encrypt-paths / -decrypt-pathsJakob Unterwurzacher
2020-05-03Documentation: update performance.txtJakob Unterwurzacher
Bisecting shows that the performance drop is caused by this commit: commit ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (refs/bisect/bad) Author: Jakob Unterwurzacher <jakobunt@gmail.com> Date: Sat Feb 29 19:58:08 2020 +0100 fusefrontend: drop xattr user namespace restriction
2020-04-07Update manpage examplesOscar
2020-02-15performance.txt: update result for governor = performanceJakob Unterwurzacher
Also add big signs where the cpu has changed, as the results are not comparable when the cpu is different. Also update encfs results.
2019-12-28remove Trezor supportPavol Rusnak
2019-11-17MANPAGE: describe how to unmount, and that default options are fineJakob Unterwurzacher
Feedback received during the recent Go user group. If you haven't used FUSE before, you don't know how to unmount, and it was not described in the man page! As for the options, there are many, and new users are intimidated by it. State clearly that defaults are fine.
2019-10-13Update performance.txtJakob Unterwurzacher
2019-10-13Update fuse-xfstests resultsJakob Unterwurzacher
2019-09-08Expand statfs man page a little and include in build.bashJakob Unterwurzacher
2019-09-08Provide a manpage for statfs tool.Felix Lechner
2019-09-07Fix 'cannot adjust line' warning from man in gocryptfs manpage.Felix Lechner
When generating man pages, pandoc marks indented code blocks with the roff macro '.nf'. That avoids a warning from man related to the long line about the master key.
2019-09-07Fix a typo in gocryptfs manpage.Felix Lechner
2019-03-31Allow "nofail" for /etc/fstab useJakob Unterwurzacher
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-03-18gocryptfs-xray man page: I did mean gocryptfs-xrayJakob Unterwurzacher
...not gocryptfs here. https://github.com/rfjakob/gocryptfs/pull/380