Age | Commit message (Collapse) | Author |
|
As reported in https://github.com/rfjakob/gocryptfs/issues/194 ,
OSXFuse creates the mountpoint if it does not exist.
|
|
OSXFuse automatically creates the mountpoint if it is
below /Volumes because this would require root permissions
which the user might not have.
Reported at https://github.com/rfjakob/gocryptfs/issues/194
|
|
At the moment, it does two things:
1. Disable stat() caching so changes to the backing storage show up
immediately.
2. Disable hard link tracking, as the inode numbers on the backing
storage are not stable when files are deleted and re-created behind
our back. This would otherwise produce strange "file does not exist"
and other errors.
Mitigates https://github.com/rfjakob/gocryptfs/issues/156
|
|
From https://github.com/rfjakob/gocryptfs/issues/150:
mkdir a
mkdir a/b
gocryptsfs -init -reverse a/
gocryptfs -reverse a/ a/b
Now directory a/b/ contains encrypted view of 'a' but it
is possible to descend into encrypted version of b (e.g.
a/b/43873uhj538765387/) which contains double encrypted
'a' and so on.
Reported-by: https://github.com/tigmac
|
|
Disable hard link tracking to avoid strange breakage on duplicate
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/149 ).
Reverse mode is read-only, so we don't need a working link().
|
|
We use fixed-size byte slice pools (sync.Pool) and cannot
handle larger requests. So ask the kernel to not send
bigger ones.
Fixes https://github.com/rfjakob/gocryptfs/issues/145
|
|
Remove the "Masterkey" field from fusefrontend.Args because it
should not be stored longer than neccessary. Instead pass the
masterkey as a separate argument to the filesystem initializers.
Then overwrite it with zeros immediately so we don't have
to wait for garbage collection.
Note that the crypto implementation still stores at least a
masterkey-derived value, so this change makes it harder, but not
impossible, to extract the encryption keys from memory.
Suggested at https://github.com/rfjakob/gocryptfs/issues/137
|
|
scrypt (used during masterkey decryption) allocates a lot of memory.
Go only returns memory to the OS after 5 minutes, which looks like
a waste. Call FreeOSMemory() to return it immediately.
Looking a fresh mount:
before: VmRSS: 73556 kB
after: VmRSS: 8568 kB
|
|
This really is a part of daemonization.
No code changes.
|
|
Currently neither gocryptfs nor go-fuse automatically call load_osxfuse
if the /dev/osxfuse* device(s) do not exist. At least tell the user
what to do.
See https://github.com/rfjakob/gocryptfs/issues/124 for user pain.
|
|
If I use gocryptfs cypher plain then the resulting volume
should be named 'plain' just as it would be on Linux.
|
|
go-fuse caps MaxWrite at MAX_KERNEL_WRITE anyway, and we
actually depend on this behavoir now as the byte pools
are sized according to MAX_KERNEL_WRITE.
So let's use MAX_KERNEL_WRITE explicitely.
|
|
Dup2 is not implemented on linux/arm64.
Fixes https://github.com/rfjakob/gocryptfs/issues/121 .
Also adds cross-compilation to CI.
|
|
Previously, it was at the go-fuse default of 64KiB. Getting
bigger writes should increase throughput somewhat.
Testing on tmpfs shows an improvement from 112MiB/s to 120MiB/s.
|
|
|
|
Instead of redirecting stdout and stderr to /tmp/gocryptfs_paniclog,
where it is hard to find, redirect them to a newly spawned logger(1)
instance that forwards the messages to syslog.
See https://github.com/rfjakob/gocryptfs/issues/109 for an example
where the paniclog was lost due to a reboot.
Also, instead of closing stdin, redirect it to /dev/null, like most
daemons seem to do.
|
|
Exiting with a fatal error just pushes users to use "-nosyslog",
which is even worse than not having a paniclog.
|
|
Instead, create three new specific exit codes:
* FuseNewServer = 19
* CtlSock = 20
* PanicLogCreate = 21
|
|
This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
We don't want to set the limit to unlimited if "Max" is unlimited.
Hard-cap to 4096.
|
|
Linux by default has a soft limit of 1024 and a hard limit of
4096 on open files. We can increase it so 4096 without root
permissions.
This should help reduce the risk of gocryptfs running out of
file descriptors, as reported at
https://github.com/rfjakob/gocryptfs/issues/82 .
|
|
...and fix a few golint issues and print a scary warning message on mount.
Also, force the fs to ro,noexec.
|
|
Force decode of encrypted files even if the integrity check fails, instead of
failing with an IO error. Warning messages are still printed to syslog if corrupted
files are encountered.
It can be useful to recover files from disks with bad sectors or other corrupted
media.
Closes https://github.com/rfjakob/gocryptfs/pull/102 .
|
|
Due to kernel readahead, we usually get multiple read requests
at the same time. These get submitted to the backing storage in
random order, which is a problem if seeking is very expensive.
Details: https://github.com/rfjakob/gocryptfs/issues/92
|
|
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
|
|
We have it saved in Stderr and Stdout anyway, let's free this fd
number.
|
|
|
|
|
|
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
|
|
As requested in https://github.com/rfjakob/gocryptfs/issues/73 .
|
|
Otherwise the next try to mount ends in
"ctlsock: listen unix ctl.sock: bind: address already in use"
|
|
This prevents us from getting SIGINT when the user
kills the running script.
|
|
Both are achieved by opening the socket from main and passing
it to the ctlsock package instead of passing the path.
|
|
|
|
Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63
|
|
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
|
|
Through base64.RawURLEncoding.
New command-line parameter "-raw64".
|
|
|
|
Redirect stdout and stderr to /tmp/gocryptfs_paniclog.NNNNNN
instead of closing them so users have a chance to get the
backtrace on a panic.
This only applies if "-nosyslog" is NOT set. Panics will
go to terminal as usual if it is.
|
|
This makes sure all callers of parseMasterKey warn the user.
At the moment there is only one, but another one will be added
soon for forcing a password change when only the master key is
known.
|
|
This prevents confusion with the "-o" options that is passed
by mount(1) at the end of the command line.
|
|
Before:
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
After:
Wrong number of arguments (have 9, want 2). You passed: "-nosyslog" "." "asd" "-q" "ß" "asdf" "fg" "gh" "sdf" "asd fs\\dfg"
Usage: gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT
|
|
This fired incorrectly:
Mountpoint "/home/testuser" would shadow cipherdir "/home/testuser.cipher", this is not supported
|
|
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that.
|
|
For example, we cannot mount "/home/user/.cipher" at "/home/user"
because the mount will hide ".cipher" also for us.
Doing it anyway used to cause a nasty hang.
|
|
Ongoing effort to reduce the size of main().
|