| Age | Commit message (Collapse) | Author | 
|---|
|  | To support arguments containing spaces, -extpass can now
be passed multiple times.
https://github.com/rfjakob/gocryptfs/issues/289 | 
|  | The files are apparently processed in alphabetic order, so cli_args.go is
processed before main.go. In order to run before the go-fuse imports, put
the 'ensure fds' code in a separate package. Debug messages are omitted
to avoid additional imports (that might contain other code messing up our
file descriptors). | 
|  | Allows better error handling, gets rid of the call to an
external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 . | 
|  | Even though filesystem notifications aren't implemented for FUSE, I decided to
try my hand at implementing the autounmount feature (#128). I based it on the
EncFS autounmount code, which records filesystem accesses and checks every X
seconds whether it's idled long enough to unmount.
I've tested the feature locally, but I haven't added any tests for this flag.
I also haven't worked with Go before. So please let me know if there's
anything that should be done differently.
One particular concern: I worked from the assumption that the open files table
is unique per-filesystem. If that's not true, I'll need to add an open file
count and associated lock to the Filesystem type instead.
https://github.com/rfjakob/gocryptfs/pull/265 | 
|  | Show enable_trezor in the version string if we were compiled
with `-tags enable_trezor`. And hide the `-trezor` flag from
the help output if we were not. | 
|  |  | 
|  | https://github.com/rfjakob/gocryptfs/issues/235 | 
|  | Will be used for --exclude. | 
|  | Using an external program for the Trezor PIN is not supported
at the moment. | 
|  | readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key. | 
|  | Don't dump the help text on the unsuspecting user, but
give a short error message:
  $ gocryptfs -foobar
  flag provided but not defined: -foobar
  Invalid command line: gocryptfs -foobar. Try 'gocryptfs -help'.
For comparison: This is what cp does:
  $ cp --foo
  cp: unrecognized option '--foo'
  Try 'cp --help' for more information.
And this what we used to do:
  $ gocryptfs -foobar
  flag provided but not defined: -foobar
  gocryptfs v1.4.4-45-gfb772da; go-fuse v20170619-35-gb16719c; 2018-06-08 go1.10.2
  Usage: gocryptfs -init|-passwd|-info [OPTIONS] CIPHERDIR
    or   gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
  Common Options (use -hh to show all):
    -aessiv            Use AES-SIV encryption (with -init)
    -allow_other       Allow other users to access the mount
    -config            Custom path to config file
    -ctlsock           Create control socket at location
    -extpass           Call external program to prompt for the password
    -fg                Stay in the foreground
    -fusedebug         Debug FUSE calls
    -h, -help          This short help text
    -hh                Long help text with all options
    -init              Initialize encrypted directory
    -info              Display information about encrypted directory
    -masterkey         Mount with explicit master key instead of password
    -nonempty          Allow mounting over non-empty directory
    -nosyslog          Do not redirect log messages to syslog
    -passfile          Read password from file
    -passwd            Change password
    -plaintextnames    Do not encrypt file names (with -init)
    -q, -quiet         Silence informational messages
    -reverse           Enable reverse mode
    -ro                Mount read-only
    -speed             Run crypto speed test
    -version           Print version information
    --                 Stop option parsing
  You passed: "-foobar"
  flag provided but not defined: -foobar | 
|  | When mounted via /etc/fstab like this,
  /a /b fuse.gocryptfs default 0 0
we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :
  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.
Make these options work, and in addtion, also make -suid and -rw
work the same way.
Reported-by: @mahkoh | 
|  | By returning an error instead of calling os.Exit,
error cases can be tested easily. Error cases
were not tested until now. | 
|  | The fsck operation is not yet implemented, this commits
just adds the flag and improves cli flag handling. | 
|  | Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
  getrandom() syscall would be blocking (Go Bug #19274)
* Kernel versions prior to 3.17 do not support getrandom(), and there
  is no check if the random generator has been properly initialized
  before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy. | 
|  | At the moment, it does two things:
1. Disable stat() caching so changes to the backing storage show up
   immediately.
2. Disable hard link tracking, as the inode numbers on the backing
   storage are not stable when files are deleted and re-created behind
   our back. This would otherwise produce strange "file does not exist"
   and other errors.
Mitigates https://github.com/rfjakob/gocryptfs/issues/156 | 
|  | https://goreportcard.com/report/github.com/rfjakob/gocryptfs#misspell | 
|  | Uses the runtime/trace functionality.
TODO: add to man page. | 
|  |  | 
|  | Pretty-prints the config while stripping out sensitive
(and uninteresting) data
https://github.com/rfjakob/gocryptfs/issues/111 | 
|  | We have accumulated so many options over time that they
no longer fit on the screen.
Display only a useful subset of options to the user unless
they pass "-hh". | 
|  | This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 . | 
|  | Includes test cases. | 
|  | ...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec. | 
|  | Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 . | 
|  | * Further explain the use of 'scryptn' parameter
* Further explain the use of 'scryptn' parameter in MANPAGE
* Use 28 as reasonable upper limit | 
|  | Due to kernel readahead, we usually get multiple read requests
at the same time. These get submitted to the backing storage in
random order, which is a problem if seeking is very expensive.
Details: https://github.com/rfjakob/gocryptfs/issues/92 | 
|  | This brings the CLI options back in sync with the default
feature flags. | 
|  | This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now. | 
|  | A crypto benchmark mode like "openssl speed".
Example run:
  $ ./gocryptfs -speed
  AES-GCM-256-OpenSSL 	 180.89 MB/s	(selected in auto mode)
  AES-GCM-256-Go      	  48.19 MB/s
  AES-SIV-512-Go      	  37.40 MB/s | 
|  | ...and while we are at it, also filenames starting with "-". | 
|  | As requested in https://github.com/rfjakob/gocryptfs/issues/73 . | 
|  | Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path. | 
|  | Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63 | 
|  | At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths. | 
|  | "-f" looks too much like "--force". The old variant is still
accepted for compatability. | 
|  | Through base64.RawURLEncoding.
New command-line parameter "-raw64". | 
|  | Close https://github.com/rfjakob/gocryptfs/issues/54 | 
|  | "The options -extpass and -masterkey cannot be used at the same time" | 
|  | Binds it to a dummy variable so it appears in the help text. | 
|  | Moving "-o" to the end broke a third-party app, SiriKali.
Breaking your users is bad, so let's accept "-o" anywhere. | 
|  |  | 
|  | Make it easier to read the password from a file. Internally this
is equivalent to "-extpass /bin/cat FILE". | 
|  | When called from mount, we always get either "suid" or "nosuid".
As "nosuid" is the default, just ignore the options. Same for
the other options. | 
|  | For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey". | 
|  | This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line. | 
|  | Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that. | 
|  |  | 
|  |  | 
|  | GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV. |