Age | Commit message (Collapse) | Author |
|
Pretty-prints the config while stripping out sensitive
(and uninteresting) data
https://github.com/rfjakob/gocryptfs/issues/111
|
|
We have accumulated so many options over time that they
no longer fit on the screen.
Display only a useful subset of options to the user unless
they pass "-hh".
|
|
New codes:
* OpenConf = 23
* WriteConf = 24
|
|
We used to return code 8, now we return code 12 as documented in
the man page.
Also adds a test.
|
|
This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
Now looks like this:
$ ./gocryptfs -version
gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8
Hopefully easier to grep for.
|
|
...if we were compiled with "-race".
|
|
A crypto benchmark mode like "openssl speed".
Example run:
$ ./gocryptfs -speed
AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode)
AES-GCM-256-Go 48.19 MB/s
AES-SIV-512-Go 37.40 MB/s
|
|
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
|
|
|
|
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
|
|
|
|
|
|
"-f" looks too much like "--force". The old variant is still
accepted for compatability.
|
|
Requested at https://github.com/rfjakob/gocryptfs/issues/28
|
|
|
|
For compatability with mount(1), options are also accepted as
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
|
|
Before:
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
After:
Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
|
|
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
|
|
Ongoing effort to reduce the size of main().
|
|
This was frustrating:
$ gocryptfs a b
Password:
Decrypting master key
open a/gocryptfs.conf: permission denied
|
|
Also explain why AES-SIV exists.
|
|
As described at http://software.clapper.org/daemonize/ ,
a daemon should chdir to / and close its FDs.
|
|
Split the block up and add a comment why notifypid is important.
|
|
|
|
|
|
Build helper script: build-without-openssl.bash
|
|
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
|
|
Also delete the unused "dirIVNameStruct", found by deadcode.
|
|
|
|
...with stable mappings for hard-linked files.
|
|
Also add ReverseDummyNonce nonce generation.
|
|
|
|
|
|
Trying to make it more obvious what is happening.
|
|
The main function has gotten way too big.
|
|
... and print a warning that reverse mode is experimental
|
|
|
|
$ gocryptfs -version
gocryptfs v0.12-36-ge021b9d-dirty; go-fuse a4c968c; 2016-07-03 go1.6.2
|
|
Also, mention that the shell may save the command line into the
history and reduce "ps -auxwww" to "ps ax" (that's all you need).
|
|
...unless "-nosyslog" is passed.
All gocryptfs messages already go to syslog, but the messages
that the go-fuse lib emits were still printed to stdout.
Fixes issue #13 ( https://github.com/rfjakob/gocryptfs/issues/13 )
|
|
Device files and suid binaries are often not needed when running
gocryptfs as root. As they are potentially dangerous, let the
user enable them explicitely via the new "-o" option instead of
always enabling them when running as root.
|
|
FUSE filesystems are mounted with "nosuid" by default. If we run as root,
we can use device files by passing the opposite mount option, "suid".
Also we have to use syscall.Chmod instead of os.Chmod because the
portability translation layer "syscallMode" messes up the sgid
and suid bits.
Fixes 70% of the failures in xfstests generic/193. The remaining are
related to truncate, but we err on the safe side:
$ diff -u tests/generic/193.out /home/jakob/src/fuse-xfstests/results//generic/193.out.bad
[...]
check that suid/sgid bits are cleared after successful truncate...
with no exec perm
before: -rwSr-Sr--
-after: -rw-r-Sr--
+after: -rw-r--r--
|
|
FUSE filesystems are mounted with "nodev" by default. If we run as root,
we can use device files by passing the opposite mount option, "dev".
Fixes xfstests generic/184.
|
|
If allow_other is set and we run as root, try to give newly created files to
the right user.
|
|
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.
Completes https://github.com/rfjakob/gocryptfs/issues/29 .
|
|
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
|
|
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
|
|
|
|
As v0.4 introduced ext4-style feature flags, the on-disk format version
is unlinkely to change. Drop it from the version output to reduce
clutter. Use "gocryptfs -version -debug" to see it.
Add the Go version string because only Go 1.6 and newer have an optimized
AES-GCM implementation. This will help users to understand the performance
of their build.
|