aboutsummaryrefslogtreecommitdiff
path: root/mount.go
AgeCommit message (Collapse)Author
2017-05-24main: replace paniclog with logger(1)Jakob Unterwurzacher
Instead of redirecting stdout and stderr to /tmp/gocryptfs_paniclog, where it is hard to find, redirect them to a newly spawned logger(1) instance that forwards the messages to syslog. See https://github.com/rfjakob/gocryptfs/issues/109 for an example where the paniclog was lost due to a reboot. Also, instead of closing stdin, redirect it to /dev/null, like most daemons seem to do.
2017-05-23main: downgrade panic log create failure from fatal error to warningJakob Unterwurzacher
Exiting with a fatal error just pushes users to use "-nosyslog", which is even worse than not having a paniclog.
2017-05-14exitcodes: get rid of generic "Mount" exit codeJakob Unterwurzacher
Instead, create three new specific exit codes: * FuseNewServer = 19 * CtlSock = 20 * PanicLogCreate = 21
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-03main: RLIMIT_NOFILE: cap to 4096Jakob Unterwurzacher
We don't want to set the limit to unlimited if "Max" is unlimited. Hard-cap to 4096.
2017-05-02main: increase open file limit to 4096Jakob Unterwurzacher
Linux by default has a soft limit of 1024 and a hard limit of 4096 on open files. We can increase it so 4096 without root permissions. This should help reduce the risk of gocryptfs running out of file descriptors, as reported at https://github.com/rfjakob/gocryptfs/issues/82 .
2017-04-24forcedecode: tighten checksJakob Unterwurzacher
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-03-18serialize_reads: add read serialization logicJakob Unterwurzacher
Due to kernel readahead, we usually get multiple read requests at the same time. These get submitted to the backing storage in random order, which is a problem if seeking is very expensive. Details: https://github.com/rfjakob/gocryptfs/issues/92
2017-03-07cli: add "-hkdf" optionJakob Unterwurzacher
This commit also enables actually passing the HKDF setting to fusefrontend, this was missing till now.
2017-03-02main: get rid of third open paniclog fdJakob Unterwurzacher
We have it saved in Stderr and Stdout anyway, let's free this fd number.
2017-02-26exitcodes: define code 12 for "password incorrect"Jakob Unterwurzacher
2017-02-15main: don't attempt lazy unmount on MacOSXJakob Unterwurzacher
2017-02-12Check for trailing garbage after the passwordJakob Unterwurzacher
From the comment: // CheckTrailingGarbage tries to read one byte from stdin and exits with a // fatal error if the read returns any data. // This is meant to be called after reading the password, when there is no more // data expected. This helps to catch problems with third-party tools that // interface with gocryptfs.
2017-01-26main: add "-fsname" optionJakob Unterwurzacher
As requested in https://github.com/rfjakob/gocryptfs/issues/73 .
2017-01-26main: make sure the ctlsock file is deleted on incorrect passwordJakob Unterwurzacher
Otherwise the next try to mount ends in "ctlsock: listen unix ctl.sock: bind: address already in use"
2017-01-02main: disconnect from the controlling terminalJakob Unterwurzacher
This prevents us from getting SIGINT when the user kills the running script.
2016-12-10ctlsock: exit early if socket cannot be created; delete on exitJakob Unterwurzacher
Both are achieved by opening the socket from main and passing it to the ctlsock package instead of passing the path.
2016-12-10ctlsock: exit if socket cannot be createdJakob Unterwurzacher
2016-11-25main, fusefrontend: add "-noprealloc" optionJakob Unterwurzacher
Preallocation is very slow on hdds that run btrfs. Give the user the option to disable it. This greatly speeds up small file operations but reduces the robustness against out-of-space errors. Also add the option to the man page. More info: https://github.com/rfjakob/gocryptfs/issues/63
2016-11-10ctlsock: add initial limited implementationJakob Unterwurzacher
At the moment, in forward mode you can only encrypt paths and in reverse mode you can only decrypt paths.
2016-11-01Add support for unpadded base64 filenames, "-raw64"Jakob Unterwurzacher
Through base64.RawURLEncoding. New command-line parameter "-raw64".
2016-11-01main: print "args" slightly prettierJakob Unterwurzacher
2016-10-28main: redirect panics to /tmp/gocryptfs_panic.NNNNJakob Unterwurzacher
Redirect stdout and stderr to /tmp/gocryptfs_paniclog.NNNNNN instead of closing them so users have a chance to get the backtrace on a panic. This only applies if "-nosyslog" is NOT set. Panics will go to terminal as usual if it is.
2016-10-16main: move masterkey warnings into parseMasterKeyJakob Unterwurzacher
This makes sure all callers of parseMasterKey warn the user. At the moment there is only one, but another one will be added soon for forcing a password change when only the master key is known.
2016-10-09main: rename "-o" option to "-ko"Jakob Unterwurzacher
This prevents confusion with the "-o" options that is passed by mount(1) at the end of the command line.
2016-10-09main: friendlier error message on wrong number of argumentsJakob Unterwurzacher
Before: Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT After: Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg" Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
2016-10-08main: fix shadow detection logicJakob Unterwurzacher
This fired incorrectly: Mountpoint "/home/testuser" would shadow cipherdir "/home/testuser.cipher", this is not supported
2016-10-08reverse: make gocryptfs.conf mapping plaintextnames-awareJakob Unterwurzacher
Only in plaintextnames-mode AND with the config file at the default location it will be mapped into the mountpoint. Also adds a test for that.
2016-10-08main: error out when the mount shadows the cipherdirJakob Unterwurzacher
For example, we cannot mount "/home/user/.cipher" at "/home/user" because the mount will hide ".cipher" also for us. Doing it anyway used to cause a nasty hang.
2016-10-08main: split doMount into its own fileJakob Unterwurzacher
Ongoing effort to reduce the size of main().