Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rfjakob/gocryptfs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.0
Choose a base ref
...
head repository: rfjakob/gocryptfs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
Showing with 2,530 additions and 737 deletions.
  1. +15 −7 .github/workflows/ci.yml
  2. +144 −21 Documentation/MANPAGE.md
  3. +5 −1 Makefile
  4. +50 −2 README.md
  5. +12 −3 build.bash
  6. +28 −12 cli_args.go
  7. +41 −42 cli_args_test.go
  8. +1 −1 contrib/atomicrename/main.go
  9. +1 −1 contrib/findholes/holes/holes.go
  10. +3 −0 contrib/getdents-debug/getdents/getdents.go
  11. +86 −0 contrib/gocryptfssh
  12. +19 −11 crossbuild.bash
  13. +6 −2 ctlsock/ctlsock.go
  14. +1 −1 daemonize.go
  15. +1 −0 fsck.go
  16. +9 −13 go.mod
  17. +19 −30 go.sum
  18. +1 −1 gocryptfs-xray/paths_ctlsock.go
  19. +9 −5 gocryptfs-xray/xray_main.go
  20. +1 −1 gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt
  21. +1 −1 gocryptfs-xray/xray_tests/aessiv_fs.xray.txt
  22. +9 −23 info.go
  23. +17 −3 init_dir.go
  24. +20 −4 internal/configfile/config_file.go
  25. +24 −0 internal/configfile/config_test.go
  26. +5 −1 internal/configfile/feature_flags.go
  27. +30 −45 internal/configfile/scrypt_test.go
  28. +24 −13 internal/configfile/validate.go
  29. +16 −16 internal/contentenc/content_test.go
  30. +16 −8 internal/cryptocore/cryptocore.go
  31. +2 −1 internal/cryptocore/randsize_test.go
  32. +44 −0 internal/ctlsocksrv/ctlsock_listen.go
  33. +5 −4 internal/ctlsocksrv/sanitize.go
  34. +9 −9 internal/ensurefds012/ensurefds012.go
  35. +13 −5 internal/fido2/fido2.go
  36. +8 −4 internal/fusefrontend/file.go
  37. +2 −2 internal/fusefrontend/file_allocate_truncate.go
  38. +33 −12 internal/fusefrontend/node.go
  39. +1 −0 internal/fusefrontend/node_helpers.go
  40. +6 −0 internal/fusefrontend/node_open_create.go
  41. +0 −4 internal/fusefrontend/node_xattr.go
  42. +6 −6 internal/fusefrontend/node_xattr_darwin.go
  43. +15 −4 internal/fusefrontend/root_node.go
  44. +1 −1 internal/fusefrontend/xattr_unit_test.go
  45. +1 −1 internal/fusefrontend_reverse/ctlsock_interface.go
  46. +23 −0 internal/fusefrontend_reverse/node.go
  47. +1 −1 internal/fusefrontend_reverse/node_dir_ops.go
  48. +14 −15 internal/fusefrontend_reverse/node_helpers.go
  49. +50 −9 internal/fusefrontend_reverse/root_node.go
  50. +20 −0 internal/fusefrontend_reverse/virtualconf.go
  51. +12 −3 internal/fusefrontend_reverse/virtualnode.go
  52. +27 −18 internal/inomap/inomap.go
  53. +13 −0 internal/inomap/inomap_test.go
  54. +2 −2 internal/nametransform/badname.go
  55. +41 −0 internal/nametransform/longnames_test.go
  56. +61 −17 internal/nametransform/names.go
  57. +23 −0 internal/nametransform/names_test.go
  58. +47 −0 internal/nametransform/xattr.go
  59. +40 −33 internal/readpassword/extpass_test.go
  60. +15 −16 internal/readpassword/passfile.go
  61. +25 −51 internal/readpassword/passfile_test.go
  62. +51 −43 internal/readpassword/read.go
  63. +26 −7 internal/readpassword/stdin_test.go
  64. +1 −1 internal/siv_aead/correctness_test.go
  65. +2 −2 internal/siv_aead/siv_aead.go
  66. +6 −6 internal/speed/cpuinfo.go
  67. +22 −13 internal/speed/speed.go
  68. +8 −0 internal/speed/speed_test.go
  69. +1 −0 internal/stupidgcm/chacha.go
  70. +1 −0 internal/stupidgcm/chacha_test.go
  71. +28 −0 internal/stupidgcm/cipher_suites.go
  72. +1 −0 internal/stupidgcm/common.go
  73. +3 −2 internal/stupidgcm/common_test.go
  74. +18 −18 internal/stupidgcm/doc.go
  75. +1 −0 internal/stupidgcm/gcm.go
  76. +1 −0 internal/stupidgcm/gcm_test.go
  77. +1 −0 internal/stupidgcm/locking.go
  78. +2 −1 internal/stupidgcm/openssl.go
  79. +10 −12 internal/stupidgcm/prefer.go
  80. +1 −0 internal/stupidgcm/without_openssl.go
  81. +1 −0 internal/stupidgcm/xchacha.go
  82. +1 −0 internal/stupidgcm/xchacha_test.go
  83. +1 −0 internal/syscallcompat/getdents_linux.go
  84. +1 −0 internal/syscallcompat/getdents_test.go
  85. +2 −0 internal/syscallcompat/quirks.go
  86. +4 −0 internal/syscallcompat/quirks_linux.go
  87. +5 −0 internal/syscallcompat/sys_common.go
  88. +6 −3 internal/syscallcompat/sys_darwin.go
  89. +3 −1 internal/syscallcompat/sys_linux.go
  90. +5 −1 internal/tlog/log.go
  91. +12 −38 main.go
  92. +6 −2 masterkey.go
  93. +54 −29 mount.go
  94. +1 −0 race.go
  95. +39 −8 test.bash
  96. +7 −1 tests/canonical-benchmarks.bash
  97. +111 −11 tests/cli/cli_test.go
  98. +91 −0 tests/cli/directmount_test.go
  99. +107 −0 tests/cli/longnamemax_test.go
  100. +111 −0 tests/cluster/cluster_test.go
  101. +91 −10 tests/defaults/main_test.go
  102. +130 −0 tests/defaults/overlayfs_test.go
  103. +1 −1 tests/dl-linux-tarball.bash
  104. +1 −1 tests/example_filesystems/example_filesystems_test.go
  105. +11 −0 tests/fsck/fsck_test.go
  106. 0 tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z g
  107. 0 tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z g
  108. 0 tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_zg
  109. 0 tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_zh
  110. +20 −0 tests/fsck/malleable_base64/gocryptfs.conf
  111. +1 −0 tests/fsck/malleable_base64/gocryptfs.diriv
  112. +3 −3 tests/matrix/concurrency_test.go
  113. +49 −0 tests/matrix/matrix_test.go
  114. +15 −5 tests/plaintextnames/plaintextnames_test.go
  115. +65 −8 tests/reverse/correctness_test.go
  116. +50 −0 tests/reverse/force_owner_test.go
  117. +10 −8 tests/reverse/inomap_test.go
  118. +42 −2 tests/root_test/root_test.go
  119. +2 −2 tests/sharedstorage/sharedstorage_test.go
  120. +6 −2 tests/stress_tests/fsstress-gocryptfs.bash
  121. +5 −5 tests/test_helpers/helpers.go
  122. +8 −4 tests/test_helpers/mount_unmount.go
  123. +2 −1 tests/xattr/xattr_fd_test.go
  124. +14 −0 tests/xattr/xattr_integration_test.go
  125. +78 −0 version.go
22 changes: 15 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -3,42 +3,50 @@ name: CI
on:
push:
pull_request:
workflow_dispatch:
schedule:
- cron: '0 12 * * *' # Every day noon UTC

jobs:
build:
strategy:
matrix:
# Each major Go release is supported until there are two newer major releases.
# https://go.dev/doc/devel/release#policy
go:
- "1.13.x" # Ubuntu 20.04 LTS "focal"
- "1.15.x" # Debian 11 "Bullseye"
- "1.16.x" # Golang upstream stable
- "1.17.x" # Golang upstream stable
- "1.18.x" # Ubuntu 22.04 LTS "jammy"
- "1.19.x" # Debian bookworm, bullseye-backports
- "1.20.x"
- "1.21.x"
- "oldstable" # 2nd-latest Golang upstream stable
- "stable" # Latest Go upstream stable
# Don't cancel everything when one Go version fails
fail-fast: false
runs-on: ubuntu-latest
steps:

- name: Install Go ${{ matrix.go }}
uses: actions/setup-go@v2
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go }}

# Looks like Github Actions leaks fds to child processes
# https://github.com/actions/runner/issues/1188
- run: ls -l /proc/self/fd

- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Make "git describe" work

# CI platform specific setup steps happen here
- run: sudo apt-get install -qq fuse3 libssl-dev

# Fix "/usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf"
- run: echo user_allow_other | sudo tee -a /etc/fuse.conf

# Build & upload static binary
- run: ./build-without-openssl.bash
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v3
with:
name: gocryptfs static binary (Go ${{ matrix.go }})
path: gocryptfs
165 changes: 144 additions & 21 deletions Documentation/MANPAGE.md
Original file line number Diff line number Diff line change
@@ -107,7 +107,7 @@ Run `gocryptfs -speed` to find out if and how much slower.

#### -deterministic-names
Disable file name randomisation and creation of `gocryptfs.diriv` files.
This can prevent sync conflicts conflicts when synchronising files, but
This can prevent sync conflicts when synchronising files, but
leaks information about identical file names across directories
("Identical names leak" in https://nuetzlich.net/gocryptfs/comparison/#file-names ).

@@ -123,6 +123,28 @@ and https://github.com/rfjakob/gocryptfs/issues/596 for background info.
Use HKDF to derive separate keys for content and name encryption from
the master key. Default true.

#### -longnamemax

integer value, allowed range 62...255

Hash file names that (in encrypted form) exceed this length. The default
is 255, which aligns with the usual name length limit on Linux and
provides best performance.

However, online storage may impose lower limits on file name and/or
path length. In this case, setting -longnamemax to a lower value
can be helpful.

The lower the value, the more extra `.name` files
must be created, which slows down directory listings.

Values below 62 are not allowed as then the hashed name
would be longer than the original name.

Example:

-longnamemax 100

#### -plaintextnames
Do not encrypt file names and symlink targets.

@@ -133,15 +155,10 @@ mounted using gocryptfs v1.2 and higher. Default true.

#### -reverse
Reverse mode shows a read-only encrypted view of a plaintext
directory. Implies "-aessiv".

#### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
10 to 28, representing N=2^10 to N=2^28.
directory. Implies `-aessiv`.

Setting this to a lower
value speeds up mounting and reduces its memory needs, but makes
the password susceptible to brute-force attacks. The default is 16.
If you want to mount the encrypted view using `-masterkey`, you *must*
specify `-aessiv`.

#### -xchacha
Use XChaCha20-Poly1305 file content encryption. This should be much faster
@@ -155,6 +172,10 @@ MOUNT OPTIONS
Available options for mounting are listed below. Usually, you don't need any.
Defaults are fine.

#### -acl
Enable ACL enforcement. When you want to use ACLs, you must enable this
option.

#### -allow_other
By default, the Linux kernel prevents any other user (even root) to
access a mounted FUSE filesystem. Settings this option allows access for
@@ -287,18 +308,21 @@ runs as root, you can enable device files by passing the opposite mount option,
"dev", and if you want to enable suid-binaries, pass "suid".
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
interesting. For a complete list see the section
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local",
"noapplexattr", "noappledouble" may be interesting.
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8). On MacOS, "local" enables volume-based trash
if you have `.Trashes` folder in the root of your volume (might need to be manually created)
note, though, that "local" is marked as "experimental" in [osxfuse](https://github.com/osxfuse/osxfuse/wiki/Mount-options#local);
"noapplexattr", "noappledouble" may also be interesting.

Note that unlike "-o", "-ko" is a regular option and must be passed BEFORE
the directories. Example:

gocryptfs -ko noexec /tmp/foo /tmp/bar

#### -longnames
Store names longer than 176 bytes in extra files (default true)
This flag is useful when recovering old gocryptfs filesystems using
"-masterkey". It is ignored (stays at the default) otherwise.
Store names that are longer than 175 bytes in extra files (default true).

This flag is only useful when recovering very old gocryptfs filesystems (gocryptfs v0.8 and earlier)
using "-masterkey". It is ignored (stays at the default) otherwise.

#### -nodev
See `-dev, -nodev`.
@@ -357,7 +381,7 @@ Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`).
If both are specified, `-ro` takes precedence.

#### -reverse
See the `-reverse` section in INIT FLAGS. You need to specify the
See the `-reverse` section in INIT OPTIONS. You need to specify the
`-reverse` option both at `-init` and at mount.

#### -serialize_reads
@@ -452,14 +476,40 @@ to your program, use `"--"`, which is accepted by most programs:

Applies to: all actions that ask for a password.

BUG: In `-extpass -X`, the `-X` will be interpreted as `--X`. Please use
`-extpass=-X` to prevent that. See **Dash duplication** in the **BUGS** section
for details.

#### -fido2 DEVICE_PATH
Use a FIDO2 token to initialize and unlock the filesystem.
Use "fido2-token -L" to obtain the FIDO2 token device path.
Use `fido2-token -L` to obtain the FIDO2 token device path.
For linux, **fido2-tools** package is needed.

Applies to: all actions that ask for a password.

#### -fido2-assert-option OPTION
Options passed to `fido2-assert` with `-t` option.
This option may be specified multiple times, each time it will add two
arguements `-t` `OPTION` to `fido2-assert`.
See `man fido2-assert` to check supported options.

Examples:

Creating a filesystem with no pin verification:

gocryptfs -init -fido2 DEVICE_PATH -fido2-assert-option pin=false CIPHERDIR

Creating a filesystem with both user verification and pin verification:

gocryptfs -init -fido2 DEVICE_PATH -fido2-assert-option uv=true -fido2-assert-option pin=true CIPHERDIR

Creating a filesystem with both user presence and user verification:

gocryptfs -init -fido2 DEVICE_PATH -fido2-assert-option up=true -fido2-assert-option uv=true CIPHERDIR


#### -masterkey string
Use a explicit master key specified on the command line or, if the special
Use an explicit master key specified on the command line or, if the special
value "stdin" is used, read the masterkey from stdin, instead of reading
the config file and asking for the decryption password.

@@ -475,10 +525,14 @@ settings have to be passed on the command line: `-aessiv` when you
mount a filesystem that was created using reverse mode, or
`-plaintextnames` for a filesystem that was created with that option.

Examples:
Example 1: Mount a filesystem that was created using default options:

gocryptfs -masterkey=6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d cipher mnt
gocryptfs -masterkey=stdin cipher mnt

-masterkey=6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
-masterkey=stdin
Example 2: Mount a `gocryptfs -reverse` filesystem (note that you *must* specify `-aessiv`):

gocryptfs -masterkey=stdin -aessiv cipher mnt

Applies to: all actions that ask for a password.

@@ -526,7 +580,7 @@ files. They are concatenated for the effective password.
Example:

echo hello > hello.txt
echo word > world.txt
echo world > world.txt
gocryptfs -passfile hello.txt -passfile world.txt

The effective password will be "helloworld".
@@ -538,6 +592,45 @@ Quiet - silence informational messages.

Applies to: all actions.

#### -scryptn int
gocryptfs uses *scrypt* for hashing the password when mounting,
which protects from brute-force attacks.

`-scryptn` controls the *scrypt* cost parameter "N" expressed as scryptn=log2(N).
Possible values are `-scryptn=10` to `-scryptn=28`, representing N=2^10 to N=2^28.

Setting this to a lower
value speeds up mounting and reduces its memory needs, but makes
the password susceptible to brute-force attacks. The default is 16.

The memory usage for *scrypt* during mounting is as follows:

scryptn Memory Usage
======= ============
10 1 MiB
11 2
12 4
13 8
14 16
15 32
16 64
17 128
18 256
19 512
20 1 GiB
21 2
22 4
23 8
24 16
25 32
26 64
27 128
28 256

Applies to: `-init`, `-passwd`

See also: the benchmarks in the gocryptfs source code in internal/configfile.

#### -trace string
Write execution trace to file. View the trace using "go tool trace FILE".

@@ -646,6 +739,13 @@ the `-nofail` option for details).

/tmp/cipher /tmp/plain fuse./usr/local/bin/gocryptfs nofail,allow_other,passfile=/tmp/password 0 0

ENVIRONMENT VARIABLES
=====================

### NO_COLOR

If `NO_COLOR` is set (regardless of value), colored output is disabled (see https://no-color.org/).

EXIT CODES
==========

@@ -661,6 +761,29 @@ other: please check the error message

See also: https://github.com/rfjakob/gocryptfs/blob/master/internal/exitcodes/exitcodes.go

BUGS
====

### Dash duplication

gocryptfs v2.1 switched to the `pflag` library for command-line parsing
to support flags and positional arguments in any order. To stay compatible
with single-dash long options like `-extpass`, an ugly hack was added:
The command line is preprocessed, and all single-dash options are converted to
double-dash.

Unfortunately, this means that in

gocryptfs -extpass myapp -extpass -X

gocryptfs transforms the `-X` to `--X`, and it will call `myapp --X` as the extpass program.

Please use

gocryptfs -extpass myapp -extpass=-X

to work around this bug.

SEE ALSO
========
mount(2) fuse(8) fallocate(2) encfs(1) gitignore(5)
6 changes: 5 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -10,7 +10,11 @@ test:
.phony: root_test
root_test:
./build.bash
cd tests/root_test && go test -c && sudo ./root_test.test -test.v

# Need to use TMPDIR=/var/tmp as TestOverlay fails on tmpfs.
cd tests/root_test && go test -c && sudo TMPDIR=/var/tmp ./root_test.test -test.v

cd tests/cli && go test -c && sudo ./cli.test -test.v -test.run=TestDirectMount

.phony: format
format:
Loading