summaryrefslogtreecommitdiff
path: root/main.go
AgeCommit message (Collapse)Author
2018-09-08configfile: add LoadAndDecrypt wrapperJakob Unterwurzacher
Callers that do not want to decrypt the masterkey should call plain Load(). https://github.com/rfjakob/gocryptfs/issues/258
2018-08-15trezor: show support in version stringJakob Unterwurzacher
Show enable_trezor in the version string if we were compiled with `-tags enable_trezor`. And hide the `-trezor` flag from the help output if we were not.
2018-08-11reverse mode: add --exclude optionJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/235
2018-07-01main: replace naked panic with log.PanicJakob Unterwurzacher
Fix the check that failed to find the case as well.
2018-07-01trezor: reject password change on Trezor-enabled fsJakob Unterwurzacher
This is not supported (yet? does it make sense?).
2018-07-01trezor: add TrezorPayloadJakob Unterwurzacher
TrezorPayload stores 32 random bytes used for unlocking the master key using a Trezor security module. The randomness makes sure that a unique unlock value is used for each gocryptfs filesystem.
2018-07-01configfile: reduce function name stutterJakob Unterwurzacher
configfile.LoadConfFile() -> configfile.Load() configfile.CreateConfFile() -> configfile.Create()
2018-07-01trezor: add skeleton for Trezor supportJakob Unterwurzacher
readpassword.Trezor() is not implemented yet and returns a hardcoded dummy key.
2018-06-07Set a default PATH if PATH is empty or unsetJulian Orth
mount(1) unsets PATH before calling mount.fuse. Therefore it's not set in gocrpytfs either and daemonization fails if gocryptfs was not executed via an absolute path. mount.fuse handles this by leaving the execution of the helper to /bin/sh. /bin/sh handles an empty PATH by searching a few default locations. This patch sets the PATH to a sane default if it's empty or unset.
2018-04-02fsck: add initial implementationJakob Unterwurzacher
Most corruption cases except xattr should be covered. With test filesystem. The output is still pretty ugly. xattr support will be added in the next commits.
2018-04-01main: add "-fsck" flagJakob Unterwurzacher
The fsck operation is not yet implemented, this commits just adds the flag and improves cli flag handling.
2018-04-01main: move and rename checkDir*() helperJakob Unterwurzacher
To avoid confusion with fsck, rename to isDir*() and move the functions into init_dir.go.
2018-04-01main: pull regular exits into main functionJakob Unterwurzacher
The replaces the "does not return" comments with an explicit os.Exit, which is unambigous.
2018-03-22Add `-masterkey=stdin` functionalityJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/218
2018-02-18main: changePassword: zero masterkeyJakob Unterwurzacher
Overwrite the masterkey with zeros once we have encrypted it, and let it run out of scope. Also get rid of the password duplicate in readpassword.Twice.
2018-02-18main: zero password once we are done with itJakob Unterwurzacher
Overwrite the password we have got from the user with zeros once we don't need it anymore, and make sure the variable runs out of scope.
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18main: doMount: use a deferred function for wipeKeysJakob Unterwurzacher
Also drop the unused int return.
2018-02-18cryptocore, main: add two commentsJakob Unterwurzacher
While reading the code, I had to think about what it does, so add a comment that explains it.
2018-02-04Fix spelling (#205)Felix Lechner
2017-11-15main: print clear error message if CIPHERDIR is missingJakob Unterwurzacher
Getting just the help text in response to gocryptfs -info -config external.config is confusing: https://github.com/rfjakob/gocryptfs/issues/157
2017-09-06build.bash: make reproduceable builds easierJakob Unterwurzacher
* Reduce the build time precision from seconds to days * Allow to specify an arbitrary build date through an env variable
2017-07-30main: save memory profile every 60 secondsJakob Unterwurzacher
...and move all profiling functionality to its own file, as the main function is already long enough. Periodically saving the memory profile allows capturing the used memory during normal operation, as opposed to on exit, where the kernel has already issued FORGETs for all inodes. This functionality has been used to create the memory profile shown in https://github.com/rfjakob/gocryptfs/issues/132 .
2017-06-07Add "-trace" flag (record execution trace)Jakob Unterwurzacher
Uses the runtime/trace functionality. TODO: add to man page.
2017-06-07main: reorder force_owner flag parsingJakob Unterwurzacher
No functional changes, just keeping the profiling-related flags together.
2017-06-01Don't cap GOMAXPROCS at 4.Jakob Unterwurzacher
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made sense to unconditionally increase it to 4. But since Go 1.5, GOMAXPROCS defaults to the number of cores, so don't keep it from increasing above 4. Also, update the performance numbers.
2017-06-01Implement force_owner option to display ownership as a specific user.Charles Duffy
2017-05-30main: add "-info" optionJakob Unterwurzacher
Pretty-prints the config while stripping out sensitive (and uninteresting) data https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30main: add short help textJakob Unterwurzacher
We have accumulated so many options over time that they no longer fit on the screen. Display only a useful subset of options to the user unless they pass "-hh".
2017-05-14exitcodes: specific codes for failure to read or write gocryptfs.confJakob Unterwurzacher
New codes: * OpenConf = 23 * WriteConf = 24
2017-05-14main: password change: exit with code 12 on wrong passwordJakob Unterwurzacher
We used to return code 8, now we return code 12 as documented in the man page. Also adds a test.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-06main: more specific default values for GitVersion etcJakob Unterwurzacher
Now looks like this: $ ./gocryptfs -version gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8 Hopefully easier to grep for.
2017-05-06main: add "-race" to the version stringJakob Unterwurzacher
...if we were compiled with "-race".
2017-02-22Implement "gocryptfs -speed"Jakob Unterwurzacher
A crypto benchmark mode like "openssl speed". Example run: $ ./gocryptfs -speed AES-GCM-256-OpenSSL 180.89 MB/s (selected in auto mode) AES-GCM-256-Go 48.19 MB/s AES-SIV-512-Go 37.40 MB/s
2017-02-12Check for trailing garbage after the passwordJakob Unterwurzacher
From the comment: // CheckTrailingGarbage tries to read one byte from stdin and exits with a // fatal error if the read returns any data. // This is meant to be called after reading the password, when there is no more // data expected. This helps to catch problems with third-party tools that // interface with gocryptfs.
2017-02-12Document "--" to stop option parsing in help text + man pageJakob Unterwurzacher
2017-01-26main: make sure the ctlsock file is deleted on incorrect passwordJakob Unterwurzacher
Otherwise the next try to mount ends in "ctlsock: listen unix ctl.sock: bind: address already in use"
2016-11-23main: give deferred functions a chance to run (fixes -cpuprofile)Jakob Unterwurzacher
2016-11-01main: fix comments that reference "-f"Jakob Unterwurzacher
2016-11-01main: rename "-f" to "-fg"Jakob Unterwurzacher
"-f" looks too much like "--force". The old variant is still accepted for compatability.
2016-10-16main: allow password change with -masterkeyJakob Unterwurzacher
Requested at https://github.com/rfjakob/gocryptfs/issues/28
2016-10-09main: more useful error message on unknown flagJakob Unterwurzacher
2016-10-09main: also accept options at the end via "-o"Jakob Unterwurzacher
For compatability with mount(1), options are also accepted as "-o COMMA-SEPARATED-OPTIONS" at the end of the command line. For example, "-o q,zerokey" is equivalent to "-q -zerokey".
2016-10-09main: friendlier error message on wrong number of argumentsJakob Unterwurzacher
Before: Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT After: Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg" Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-08reverse: make gocryptfs.conf mapping plaintextnames-awareJakob Unterwurzacher
Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that.
2016-10-08main: split doMount into its own fileJakob Unterwurzacher
Ongoing effort to reduce the size of main().
2016-10-08main: check if the config file can opened before prompting for passwordJakob Unterwurzacher
This was frustrating: $ gocryptfs a b Password: Decrypting master key open a/gocryptfs.conf: permission denied
2016-10-07MANPAGE: note that "-f" implies "-nosyslog"Jakob Unterwurzacher
Also explain why AES-SIV exists.
2016-10-07main: daemonize more thoroughlyJakob Unterwurzacher
As described at http://software.clapper.org/daemonize/ , a daemon should chdir to / and close its FDs.