aboutsummaryrefslogtreecommitdiff
path: root/cli_args.go
AgeCommit message (Collapse)Author
2021-09-08Make -openssl also apply to xchachaJakob Unterwurzacher
Now that stupidgcm supports xchacha, make it available on mount.
2021-09-08stupidgcm: add PreferOpenSSL{AES256GCM,Xchacha20poly1305}Jakob Unterwurzacher
Add PreferOpenSSLXchacha20poly1305, rename PreferOpenSSL -> PreferOpenSSLAES256GCM.
2021-08-25-devrandom: make flag a no-opJakob Unterwurzacher
Commit f3c777d5eaa682d878c638192311e52f9c204294 added the `-devrandom` option: commit f3c777d5eaa682d878c638192311e52f9c204294 Author: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
2021-08-23Add partial XChaCha20-Poly1305 support (mount flag only)Jakob Unterwurzacher
Mount flag only at the moment, not saved to gocryptfs.conf. https://github.com/rfjakob/gocryptfs/issues/452
2021-08-23go mod: declare module version v2Jakob Unterwurzacher
Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
2021-08-20Implement -deterministic-names: extended -zerodirivJakob Unterwurzacher
-deterministc-names uses all-zero dirivs but does not write them to disk anymore.
2021-08-19Flag -zerodiriv to create all diriv as all zero byte filesJose M Perez
2021-08-19golangci-lint: fix issues found by gosimpleJakob Unterwurzacher
Everything except the if err2.Err == syscall.EOPNOTSUPP case. Gets too confusing when collapsed into a single line. Issues were: $ golangci-lint run --disable-all --enable gosimple mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple) if strings.HasPrefix(v, "fusermount version") { ^ cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple) if args.forcedecode == true { ^ cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple) if args.aessiv == true { ^ cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple) if args.reverse == true { ^ internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple) if g.forceDecode == true { ^ gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple) if bytes.Compare(out, expected) != 0 { ^ gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple) for eof := false; eof == false; line++ { ^ tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple) if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false { ^ tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple) if err2.Err == syscall.EOPNOTSUPP { ^ tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple) if err != nil && open == true { ^ tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple) if bytes.Compare(buf, content) != 0 { ^
2021-08-16reverse mode: implement -one-file-systemJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/475
2021-08-10main: add testcases for convertToDoubleDash & parseCliOptsJakob Unterwurzacher
2021-08-10main: take advantage of pflag slice typesJakob Unterwurzacher
Our multipleStrings type is now built in.
2021-08-10main: show specific error on command line parse failureJakob Unterwurzacher
2021-08-10main: autoformat import blockJakob Unterwurzacher
The autoformatter now always wants to move the ensurefds012 import into the import block. Accept it and fix the spelling of "alphabetically".
2021-08-10main: switch from flag to pflagJakob Unterwurzacher
Need support for flags at any position for https://github.com/rfjakob/gocryptfs/issues/590
2021-06-20nametransform: pass badname patterns via NewJakob Unterwurzacher
This means we can unexport the field.
2021-05-15Add -acl flag to enable ACL enforcementJakob Unterwurzacher
With test to verify that it actually works this time: Run "make root_test". Depends-on: https://github.com/rfjakob/gocryptfs/issues/536 Fixes: https://github.com/rfjakob/gocryptfs/issues/536
2020-12-20main: add "-kernel_cache" flaggmd20
This option is similar to fuse(8) kernel_cache Verified using vmtouch. Without -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011159 seconds Files: 1 Directories: 0 Resident Pages: 0/2560 0/10M 0% Elapsed: 0.000993 seconds With -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011564 seconds Files: 1 Directories: 0 Resident Pages: 2560/2560 10M/10M 100% Elapsed: 0.000369 seconds
2020-09-12Add support for FIDO2 tokensPavol Rusnak
2020-05-17main: accept multiple -passfile optionsJakob Unterwurzacher
Each file will be read and then concatenated for the effictive password. This can be used as a kind of multi-factor authenticiton. Fixes https://github.com/rfjakob/gocryptfs/issues/288
2020-05-17Update go-fuse import path to github.com/hanwen/go-fuse/v2Jakob Unterwurzacher
We need https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3 to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 : 2019/10/30 17:14:16 Unknown opcode 2016 panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38] This patch is only in the v2.x.x branch. Upgrade to v2, as the old API is also supported there. Running git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2 to check for forgotten references comes back clean.
2020-05-10Fix spelling mistakes found by misspellJakob Unterwurzacher
https://github.com/client9/misspell
2020-02-28Show undecryptable filenames if they match supplied globorcas
Resolves https://github.com/rfjakob/gocryptfs/issues/393
2020-02-15merge prefer_openssl package into stupidgcmJakob Unterwurzacher
Now that I have discovered golang.org/x/sys/cpu and that Go versions below 1.6 are uncommon, there was not much useful code left in prefer_openssl. Merge the remains into stupidgcm.
2019-12-28remove Trezor supportPavol Rusnak
2019-05-13-passwd now takes a passed -scryptn flag into accountJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/400
2019-03-31Allow "nofail" for /etc/fstab useJakob Unterwurzacher
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-03-03Allow multiple -extpass argumentsJakob Unterwurzacher
To support arguments containing spaces, -extpass can now be passed multiple times. https://github.com/rfjakob/gocryptfs/issues/289
2019-01-05main: Run 'ensure fds' code early during the program startup.Sebastian Lackner
The files are apparently processed in alphabetic order, so cli_args.go is processed before main.go. In order to run before the go-fuse imports, put the 'ensure fds' code in a separate package. Debug messages are omitted to avoid additional imports (that might contain other code messing up our file descriptors).
2018-12-15passfile: directly read file instead of invoking catJakob Unterwurzacher
Allows better error handling, gets rid of the call to an external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
2018-10-11Add option for autounmountJesse Dunietz
Even though filesystem notifications aren't implemented for FUSE, I decided to try my hand at implementing the autounmount feature (#128). I based it on the EncFS autounmount code, which records filesystem accesses and checks every X seconds whether it's idled long enough to unmount. I've tested the feature locally, but I haven't added any tests for this flag. I also haven't worked with Go before. So please let me know if there's anything that should be done differently. One particular concern: I worked from the assumption that the open files table is unique per-filesystem. If that's not true, I'll need to add an open file count and associated lock to the Filesystem type instead. https://github.com/rfjakob/gocryptfs/pull/265
2018-08-15trezor: show support in version stringJakob Unterwurzacher
Show enable_trezor in the version string if we were compiled with `-tags enable_trezor`. And hide the `-trezor` flag from the help output if we were not.
2018-08-15main: add -e as an alias for -excludeJakob Unterwurzacher
2018-08-11reverse mode: add --exclude optionJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/235
2018-08-11cli: add multipleStrings typeJakob Unterwurzacher
Will be used for --exclude.
2018-07-01trezor: exit with usage error if used together with -extpassJakob Unterwurzacher
Using an external program for the Trezor PIN is not supported at the moment.
2018-07-01trezor: add skeleton for Trezor supportJakob Unterwurzacher
readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key.
2018-06-08main: cut down "flag provided but not defined" error messageJakob Unterwurzacher
Don't dump the help text on the unsuspecting user, but give a short error message: $ gocryptfs -foobar flag provided but not defined: -foobar Invalid command line: gocryptfs -foobar. Try 'gocryptfs -help'. For comparison: This is what cp does: $ cp --foo cp: unrecognized option '--foo' Try 'cp --help' for more information. And this what we used to do: $ gocryptfs -foobar flag provided but not defined: -foobar gocryptfs v1.4.4-45-gfb772da; go-fuse v20170619-35-gb16719c; 2018-06-08 go1.10.2 Usage: gocryptfs -init|-passwd|-info [OPTIONS] CIPHERDIR or gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT Common Options (use -hh to show all): -aessiv Use AES-SIV encryption (with -init) -allow_other Allow other users to access the mount -config Custom path to config file -ctlsock Create control socket at location -extpass Call external program to prompt for the password -fg Stay in the foreground -fusedebug Debug FUSE calls -h, -help This short help text -hh Long help text with all options -init Initialize encrypted directory -info Display information about encrypted directory -masterkey Mount with explicit master key instead of password -nonempty Allow mounting over non-empty directory -nosyslog Do not redirect log messages to syslog -passfile Read password from file -passwd Change password -plaintextnames Do not encrypt file names (with -init) -q, -quiet Silence informational messages -reverse Enable reverse mode -ro Mount read-only -speed Run crypto speed test -version Print version information -- Stop option parsing You passed: "-foobar" flag provided but not defined: -foobar
2018-06-07main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexecJakob Unterwurzacher
When mounted via /etc/fstab like this, /a /b fuse.gocryptfs default 0 0 we always get extra options passed. As reported by @mahkoh at https://github.com/rfjakob/gocryptfs/pull/233 : mount passes `-o noexec` if `-o user` is set and `-o exec` is not set. If both `-o user` and `-o exec` are set, it passes `-o exec`. Make these options work, and in addtion, also make -suid and -rw work the same way. Reported-by: @mahkoh
2018-06-05main: make prefixOArgs errors testableJakob Unterwurzacher
By returning an error instead of calling os.Exit, error cases can be tested easily. Error cases were not tested until now.
2018-04-01main: add "-fsck" flagJakob Unterwurzacher
The fsck operation is not yet implemented, this commits just adds the flag and improves cli flag handling.
2017-11-21main: Add '-devrandom' commandline optionSebastian Lackner
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
2017-11-12main: add "-sharedstorage" flagJakob Unterwurzacher
At the moment, it does two things: 1. Disable stat() caching so changes to the backing storage show up immediately. 2. Disable hard link tracking, as the inode numbers on the backing storage are not stable when files are deleted and re-created behind our back. This would otherwise produce strange "file does not exist" and other errors. Mitigates https://github.com/rfjakob/gocryptfs/issues/156
2017-08-21Fix misspellings reported by goreportcard.comJakob Unterwurzacher
https://goreportcard.com/report/github.com/rfjakob/gocryptfs#misspell
2017-06-07Add "-trace" flag (record execution trace)Jakob Unterwurzacher
Uses the runtime/trace functionality. TODO: add to man page.
2017-06-01Implement force_owner option to display ownership as a specific user.Charles Duffy
2017-05-30main: add "-info" optionJakob Unterwurzacher
Pretty-prints the config while stripping out sensitive (and uninteresting) data https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30main: add short help textJakob Unterwurzacher
We have accumulated so many options over time that they no longer fit on the screen. Display only a useful subset of options to the user unless they pass "-hh".
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-04-29main: "--" should also block "-o" parsingJakob Unterwurzacher
Includes test cases.