| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/rfjakob/gocryptfs/issues/400
|
|
Show the GOOS/GOARCH tuple as displayed by "go version".
|
|
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)
Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.
It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
|
|
To support arguments containing spaces, -extpass can now
be passed multiple times.
https://github.com/rfjakob/gocryptfs/issues/289
|
|
The files are apparently processed in alphabetic order, so cli_args.go is
processed before main.go. In order to run before the go-fuse imports, put
the 'ensure fds' code in a separate package. Debug messages are omitted
to avoid additional imports (that might contain other code messing up our
file descriptors).
|
|
The Go stdlib, as well as the gocryptfs code, relies on the fact
that fds 0,1,2 are always open.
See https://github.com/rfjakob/gocryptfs/issues/320 for details.
|
|
|
|
Allows better error handling, gets rid of the call to an
external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
|
|
Instead, first Load() the file, then DecryptMasterKey().
Fixes https://github.com/rfjakob/gocryptfs/issues/258
|
|
Callers that do not want to decrypt the masterkey should
call plain Load().
https://github.com/rfjakob/gocryptfs/issues/258
|
|
Show enable_trezor in the version string if we were compiled
with `-tags enable_trezor`. And hide the `-trezor` flag from
the help output if we were not.
|
|
https://github.com/rfjakob/gocryptfs/issues/235
|
|
Fix the check that failed to find the case as well.
|
|
This is not supported (yet? does it make sense?).
|
|
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
|
|
configfile.LoadConfFile() -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create()
|
|
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
|
|
mount(1) unsets PATH before calling mount.fuse. Therefore it's not set
in gocrpytfs either and daemonization fails if gocryptfs was not
executed via an absolute path.
mount.fuse handles this by leaving the execution of the helper to
/bin/sh. /bin/sh handles an empty PATH by searching a few default
locations.
This patch sets the PATH to a sane default if it's empty or unset.
|
|
Most corruption cases except xattr should be covered.
With test filesystem.
The output is still pretty ugly. xattr support will
be added in the next commits.
|
|
The fsck operation is not yet implemented, this commits
just adds the flag and improves cli flag handling.
|
|
To avoid confusion with fsck, rename to isDir*()
and move the functions into init_dir.go.
|
|
The replaces the "does not return" comments with
an explicit os.Exit, which is unambigous.
|
|
https://github.com/rfjakob/gocryptfs/issues/218
|
|
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.
Also get rid of the password duplicate in
readpassword.Twice.
|
|
Overwrite the password we have got from the user
with zeros once we don't need it anymore, and make
sure the variable runs out of scope.
|
|
This will allows us to overwrite the password
with zeros once we are done with it.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
Also drop the unused int return.
|
|
While reading the code, I had to think about what it
does, so add a comment that explains it.
|
|
|
|
Getting just the help text in response to
gocryptfs -info -config external.config
is confusing: https://github.com/rfjakob/gocryptfs/issues/157
|
|
* Reduce the build time precision from seconds to days
* Allow to specify an arbitrary build date through an
env variable
|
|
...and move all profiling functionality to its own file, as
the main function is already long enough.
Periodically saving the memory profile allows capturing the used
memory during normal operation, as opposed to on exit, where the
kernel has already issued FORGETs for all inodes.
This functionality has been used to create the memory profile shown
in https://github.com/rfjakob/gocryptfs/issues/132 .
|
|
Uses the runtime/trace functionality.
TODO: add to man page.
|
|
No functional changes, just keeping the profiling-related flags
together.
|
|
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made
sense to unconditionally increase it to 4.
But since Go 1.5, GOMAXPROCS defaults to the number of cores,
so don't keep it from increasing above 4.
Also, update the performance numbers.
|
|
|
|
Pretty-prints the config while stripping out sensitive
(and uninteresting) data
https://github.com/rfjakob/gocryptfs/issues/111
|
|
We have accumulated so many options over time that they
no longer fit on the screen.
Display only a useful subset of options to the user unless
they pass "-hh".
|
|
New codes:
* OpenConf = 23
* WriteConf = 24
|
|
We used to return code 8, now we return code 12 as documented in
the man page.
Also adds a test.
|
|
This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
Now looks like this:
$ ./gocryptfs -version
gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8
Hopefully easier to grep for.
|
|
...if we were compiled with "-race".
|
|
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
|
|
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
|
|
|
|
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
|
|
|
|
|
|
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
|
