aboutsummaryrefslogtreecommitdiff
path: root/mount.go
AgeCommit message (Collapse)Author
2019-08-04Fix "constant 2435016766 overflows int32" build failure on armJakob Unterwurzacher
Cast to uint32 to fix the int32 overflow, and define BTRFS_SUPER_MAGIC locally to fix the next failure on darwin.
2019-08-04Rename isDirEmpty -> isEmptyDirJakob Unterwurzacher
The function actually answers the question: "is this an empty dir"?
2019-08-04Force -noprealloc on BtrfsJakob Unterwurzacher
Preallocation on Btrfs is broken ( https://github.com/rfjakob/gocryptfs/issues/395 , https://lore.kernel.org/linux-btrfs/CAPv9Zmk46As_P9Gyf_icET53xRda63h7iC1meES9xbdDEt9qow@mail.gmail.com/ ) and slow ( https://github.com/rfjakob/gocryptfs/issues/63 ).
2019-03-26reverse mode: support wildcard exclude (--exclude-wildcard)Eduardo M KALINOWSKI
This adds support for gitignore-like wildcards and exclude patters in reverse mode. It (somewhat) fixes #273: no regexp support, but the syntax should be powerful enough to satisfy most needs. Also, since adding a lot of --exclude options can be tedious, it adds the --exclude-from option to read patterns from a file (or files).
2019-01-15mount: Replace commas in volume name.Sebastian Lackner
Fixes the following test failure: cli_test.go:534: Failed to mount "[...]/542399800,foo,bar" on "[...]/542399800,foo,bar.mnt": exit status 19
2018-10-17main: also redirect Fatal logger to syslog on daemonizationJakob Unterwurzacher
The messages would still be collected via gocryptfs-logger, but let's do it right. Before: Oct 17 21:58:12 brikett gocryptfs[9926]: testing info Oct 17 21:58:12 brikett gocryptfs[9926]: testing warn Oct 17 21:58:12 brikett gocryptfs-9926-logger[9935]: testing fatal After: Oct 17 22:00:53 brikett gocryptfs[10314]: testing info Oct 17 22:00:53 brikett gocryptfs[10314]: testing warn Oct 17 22:00:53 brikett gocryptfs[10314]: testing fatal
2018-10-11Add option for autounmountJesse Dunietz
Even though filesystem notifications aren't implemented for FUSE, I decided to try my hand at implementing the autounmount feature (#128). I based it on the EncFS autounmount code, which records filesystem accesses and checks every X seconds whether it's idled long enough to unmount. I've tested the feature locally, but I haven't added any tests for this flag. I also haven't worked with Go before. So please let me know if there's anything that should be done differently. One particular concern: I worked from the assumption that the open files table is unique per-filesystem. If that's not true, I'll need to add an open file count and associated lock to the Filesystem type instead. https://github.com/rfjakob/gocryptfs/pull/265
2018-09-18main: sanitize commas from fsnameJakob Unterwurzacher
The cipherdir path is used as the fsname, as displayed in "df -T". Now, having a comma in fsname triggers a sanity check in go-fuse, aborting the mount with: /bin/fusermount: mount failed: Invalid argument fuse.NewServer failed: fusermount exited with code 256 Sanitize fsname by replacing any commas with underscores. https://github.com/rfjakob/gocryptfs/issues/262
2018-09-08main: don't read the config file twice (fix pipe bug)Jakob Unterwurzacher
Instead, first Load() the file, then DecryptMasterKey(). Fixes https://github.com/rfjakob/gocryptfs/issues/258
2018-08-11reverse mode: add --exclude optionJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/235
2018-07-01main: improve fuse.NewServer error messageJakob Unterwurzacher
Before: fuse.NewServer failed: "fusermount exited with code 256\n" After: fuse.NewServer failed: fusermount exited with code 256
2018-06-07main: accept -dev, -nodev, -suid, -nosuid, -exec, -noexecJakob Unterwurzacher
When mounted via /etc/fstab like this, /a /b fuse.gocryptfs default 0 0 we always get extra options passed. As reported by @mahkoh at https://github.com/rfjakob/gocryptfs/pull/233 : mount passes `-o noexec` if `-o user` is set and `-o exec` is not set. If both `-o user` and `-o exec` are set, it passes `-o exec`. Make these options work, and in addtion, also make -suid and -rw work the same way. Reported-by: @mahkoh
2018-04-08Fix the easy golint warningsJakob Unterwurzacher
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
2018-04-01main: move getMasterKey into initFuseFrontendJakob Unterwurzacher
This is where the results are used, so call it there. This simplifies doMount a bit because we can get rid of the block protecting masterkey.
2018-04-01main: move masterkey logic into new helper getMasterKeyJakob Unterwurzacher
The new helper will also be used by fsck.
2018-04-01main: move and rename checkDir*() helperJakob Unterwurzacher
To avoid confusion with fsck, rename to isDir*() and move the functions into init_dir.go.
2018-03-22Add `-masterkey=stdin` functionalityJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/218
2018-02-28tlog: stop embedding log.Logger to prevent mistakesJakob Unterwurzacher
A few places have called tlog.Warn.Print, which directly calls into log.Logger due to embedding, losing all features of tlog. Stop embedding log.Logger to make sure the internal functions cannot be called accidentially and fix (several!) instances that did.
2018-02-18main: doMount: use a deferred function for wipeKeysJakob Unterwurzacher
Also drop the unused int return.
2018-02-18main: overwrite keys and let them run out of scopeJakob Unterwurzacher
As soon as we don't need them anymore, overwrite keys with zeros. Make sure they run out of scope so we don't create a risk of inadvertedly using all-zero keys for encryption. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18main: try to wipe cryptocore's secret keys on unmountJakob Unterwurzacher
Raise the bar for recovering keys from memory. https://github.com/rfjakob/gocryptfs/issues/211
2018-02-18fusefrontend[_reverse]: move crypto init up to callerJakob Unterwurzacher
Both fusefrontend and fusefrontend_reverse were doing essentially the same thing, move it into main's initFuseFrontend. A side-effect is that we have a reference to cryptocore in main, which will help with wiping the keys on exit (https://github.com/rfjakob/gocryptfs/issues/211).
2018-01-20MacOS: rely on OSXFuse to create the mountpointJakob Unterwurzacher
As reported in https://github.com/rfjakob/gocryptfs/issues/194 , OSXFuse creates the mountpoint if it does not exist.
2018-01-16MacOS: rely on OSXFuse to create mountpoint below /VolumesJakob Unterwurzacher
OSXFuse automatically creates the mountpoint if it is below /Volumes because this would require root permissions which the user might not have. Reported at https://github.com/rfjakob/gocryptfs/issues/194
2017-11-12main: add "-sharedstorage" flagJakob Unterwurzacher
At the moment, it does two things: 1. Disable stat() caching so changes to the backing storage show up immediately. 2. Disable hard link tracking, as the inode numbers on the backing storage are not stable when files are deleted and re-created behind our back. This would otherwise produce strange "file does not exist" and other errors. Mitigates https://github.com/rfjakob/gocryptfs/issues/156
2017-10-31main: disallow recursively encrypting ourselvesJakob Unterwurzacher
From https://github.com/rfjakob/gocryptfs/issues/150: mkdir a mkdir a/b gocryptsfs -init -reverse a/ gocryptfs -reverse a/ a/b Now directory a/b/ contains encrypted view of 'a' but it is possible to descend into encrypted version of b (e.g. a/b/43873uhj538765387/) which contains double encrypted 'a' and so on. Reported-by: https://github.com/tigmac
2017-10-22reverse mode: disable ClientInodes (hard link tracking)Jakob Unterwurzacher
Disable hard link tracking to avoid strange breakage on duplicate inode numbers ( https://github.com/rfjakob/gocryptfs/issues/149 ). Reverse mode is read-only, so we don't need a working link().
2017-10-21Always set "max_read" kernel optionJakob Unterwurzacher
We use fixed-size byte slice pools (sync.Pool) and cannot handle larger requests. So ask the kernel to not send bigger ones. Fixes https://github.com/rfjakob/gocryptfs/issues/145
2017-08-11main: purge masterkey from memory as soon as possibleJakob Unterwurzacher
Remove the "Masterkey" field from fusefrontend.Args because it should not be stored longer than neccessary. Instead pass the masterkey as a separate argument to the filesystem initializers. Then overwrite it with zeros immediately so we don't have to wait for garbage collection. Note that the crypto implementation still stores at least a masterkey-derived value, so this change makes it harder, but not impossible, to extract the encryption keys from memory. Suggested at https://github.com/rfjakob/gocryptfs/issues/137
2017-07-29main: doMount: call FreeOSMemory() before jumping into server loopJakob Unterwurzacher
scrypt (used during masterkey decryption) allocates a lot of memory. Go only returns memory to the OS after 5 minutes, which looks like a waste. Call FreeOSMemory() to return it immediately. Looking a fresh mount: before: VmRSS: 73556 kB after: VmRSS: 8568 kB
2017-07-23main: move redirectStdFds() to daemonize.goJakob Unterwurzacher
This really is a part of daemonization. No code changes.
2017-07-10macos: print load_osxfuse hint if fuse.NewServer failsJakob Unterwurzacher
Currently neither gocryptfs nor go-fuse automatically call load_osxfuse if the /dev/osxfuse* device(s) do not exist. At least tell the user what to do. See https://github.com/rfjakob/gocryptfs/issues/124 for user pain.
2017-07-10Specify a volname for osxfuseJeff Kriske
If I use gocryptfs cypher plain then the resulting volume should be named 'plain' just as it would be on Linux.
2017-07-01main: get rid of magic "MaxWrite: 1048576" constantJakob Unterwurzacher
go-fuse caps MaxWrite at MAX_KERNEL_WRITE anyway, and we actually depend on this behavoir now as the byte pools are sized according to MAX_KERNEL_WRITE. So let's use MAX_KERNEL_WRITE explicitely.
2017-06-18main, syscallcompat: use Dup3 instead of Dup2Jakob Unterwurzacher
Dup2 is not implemented on linux/arm64. Fixes https://github.com/rfjakob/gocryptfs/issues/121 . Also adds cross-compilation to CI.
2017-06-01main: increase max write size to maximumJakob Unterwurzacher
Previously, it was at the go-fuse default of 64KiB. Getting bigger writes should increase throughput somewhat. Testing on tmpfs shows an improvement from 112MiB/s to 120MiB/s.
2017-06-01Implement force_owner option to display ownership as a specific user.Charles Duffy
2017-05-24main: replace paniclog with logger(1)Jakob Unterwurzacher
Instead of redirecting stdout and stderr to /tmp/gocryptfs_paniclog, where it is hard to find, redirect them to a newly spawned logger(1) instance that forwards the messages to syslog. See https://github.com/rfjakob/gocryptfs/issues/109 for an example where the paniclog was lost due to a reboot. Also, instead of closing stdin, redirect it to /dev/null, like most daemons seem to do.
2017-05-23main: downgrade panic log create failure from fatal error to warningJakob Unterwurzacher
Exiting with a fatal error just pushes users to use "-nosyslog", which is even worse than not having a paniclog.
2017-05-14exitcodes: get rid of generic "Mount" exit codeJakob Unterwurzacher
Instead, create three new specific exit codes: * FuseNewServer = 19 * CtlSock = 20 * PanicLogCreate = 21
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-03main: RLIMIT_NOFILE: cap to 4096Jakob Unterwurzacher
We don't want to set the limit to unlimited if "Max" is unlimited. Hard-cap to 4096.
2017-05-02main: increase open file limit to 4096Jakob Unterwurzacher
Linux by default has a soft limit of 1024 and a hard limit of 4096 on open files. We can increase it so 4096 without root permissions. This should help reduce the risk of gocryptfs running out of file descriptors, as reported at https://github.com/rfjakob/gocryptfs/issues/82 .
2017-04-24forcedecode: tighten checksJakob Unterwurzacher
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-03-18serialize_reads: add read serialization logicJakob Unterwurzacher
Due to kernel readahead, we usually get multiple read requests at the same time. These get submitted to the backing storage in random order, which is a problem if seeking is very expensive. Details: https://github.com/rfjakob/gocryptfs/issues/92
2017-03-07cli: add "-hkdf" optionJakob Unterwurzacher
This commit also enables actually passing the HKDF setting to fusefrontend, this was missing till now.
2017-03-02main: get rid of third open paniclog fdJakob Unterwurzacher
We have it saved in Stderr and Stdout anyway, let's free this fd number.
2017-02-26exitcodes: define code 12 for "password incorrect"Jakob Unterwurzacher
2017-02-15main: don't attempt lazy unmount on MacOSXJakob Unterwurzacher