From d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 10 Sep 2021 12:14:19 +0200 Subject: cli: drop -forcedecode flag The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility) --- cli_args.go | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) (limited to 'cli_args.go') diff --git a/cli_args.go b/cli_args.go index d666b47..b415b21 100644 --- a/cli_args.go +++ b/cli_args.go @@ -29,7 +29,7 @@ type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, fg, version, plaintextnames, quiet, nosyslog, wpanic, longnames, allow_other, reverse, aessiv, nonempty, raw64, - noprealloc, speed, hkdf, serialize_reads, forcedecode, hh, info, + noprealloc, speed, hkdf, serialize_reads, hh, info, sharedstorage, fsck, one_file_system, deterministic_names, xchacha bool // Mount options with opposites @@ -172,8 +172,6 @@ func parseCliOpts(osArgs []string) (args argContainer) { flagSet.BoolVar(&args.speed, "speed", false, "Run crypto speed test") flagSet.BoolVar(&args.hkdf, "hkdf", true, "Use HKDF as an additional key derivation step") flagSet.BoolVar(&args.serialize_reads, "serialize_reads", false, "Try to serialize read operations") - flagSet.BoolVar(&args.forcedecode, "forcedecode", false, "Force decode of files even if integrity check fails."+ - " Requires gocryptfs to be compiled with openssl support and implies -openssl true") flagSet.BoolVar(&args.hh, "hh", false, "Show this long help text") flagSet.BoolVar(&args.info, "info", false, "Display information about CIPHERDIR") flagSet.BoolVar(&args.sharedstorage, "sharedstorage", false, "Make concurrent access to a shared CIPHERDIR safer") @@ -234,7 +232,8 @@ func parseCliOpts(osArgs []string) (args argContainer) { { var tmp bool flagSet.BoolVar(&tmp, "nofail", false, "Ignored for /etc/fstab compatibility") - flagSet.BoolVar(&tmp, "devrandom", false, "Deprecated (ignored for compatibility)") + flagSet.BoolVar(&tmp, "devrandom", false, "Obsolete, ignored for compatibility") + flagSet.BoolVar(&tmp, "forcedecode", false, "Obsolete, ignored for compatibility") } // Actual parsing @@ -265,32 +264,6 @@ func parseCliOpts(osArgs []string) (args argContainer) { os.Exit(exitcodes.Usage) } } - // "-forcedecode" only works with openssl. Check compilation and command line parameters - if args.forcedecode { - if stupidgcm.BuiltWithoutOpenssl { - tlog.Fatal.Printf("The -forcedecode flag requires openssl support, but gocryptfs was compiled without it!") - os.Exit(exitcodes.Usage) - } - if args.aessiv { - tlog.Fatal.Printf("The -forcedecode and -aessiv flags are incompatible because they use different crypto libs (openssl vs native Go)") - os.Exit(exitcodes.Usage) - } - if args.reverse { - tlog.Fatal.Printf("The reverse mode and the -forcedecode option are not compatible") - os.Exit(exitcodes.Usage) - } - // Has the user explicitly disabled openssl using "-openssl=false/0"? - if !args.openssl && opensslAuto != "auto" { - tlog.Fatal.Printf("-forcedecode requires openssl, but is disabled via command-line option") - os.Exit(exitcodes.Usage) - } - args.openssl = true - - // Try to make it harder for the user to shoot himself in the foot. - args.ro = true - args.allow_other = false - args.ko = "noexec" - } if len(args.extpass) > 0 && len(args.passfile) != 0 { tlog.Fatal.Printf("The options -extpass and -passfile cannot be used at the same time") os.Exit(exitcodes.Usage) -- cgit v1.2.3