Commit f12f33f7 authored by Felix Lechner's avatar Felix Lechner

Merge tag 'v1.6' into debian

gocryptfs v1.6
parents c1c0a55c 21f32b1b
language: go
# fuse on travis
sudo: required
dist: trusty
git:
depth: 100
# Build with the lastest versions of Go 1.5 and later
# Build with the lastest versions of Go 1.7 and later
# See https://golang.org/dl/
go:
- 1.5.4
- 1.6.4
- 1.7.6
- 1.8.5
- 1.9.2
- 1.7.x
- 1.8.x
- 1.9.x
- 1.10.x
- stable
before_install:
- sudo apt-get install -qq fuse
- sudo modprobe fuse
- sudo chmod 666 /dev/fuse
- sudo chown root:$USER /etc/fuse.conf
install:
- go get .
- go get -v .
- wget https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -O dep
- chmod +x dep
script:
- openssl version
......@@ -24,16 +36,7 @@ script:
- ./test.bash
- ./crossbuild.bash
- echo "rebuild with locked dependencies"
- wget https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -O dep
- chmod +x dep
- ./dep ensure
- echo travis_fold:start:dep
- ./dep ensure -v
- echo travis_fold:end:dep
- ./build.bash
# fuse on travis
sudo: required
dist: trusty
before_install:
- sudo apt-get install -qq fuse
- sudo modprobe fuse
- sudo chmod 666 /dev/fuse
- sudo chown root:$USER /etc/fuse.conf
......@@ -5,23 +5,36 @@
NAME
====
gocryptfs - mount an encrypted directory
gocryptfs - create or mount an encrypted filesystem
SYNOPSIS
========
#### Initialize encrypted filesystem
gocryptfs -init \[OPTIONS\] CIPHERDIR
`gocryptfs -init [OPTIONS] CIPHERDIR`
#### Mount
gocryptfs \[OPTIONS\] CIPHERDIR MOUNTPOINT \[-o COMMA-SEPARATED-OPTIONS\]
`gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT [-o COMMA-SEPARATED-OPTIONS]`
#### Change password
gocryptfs -passwd \[OPTIONS\] CIPHERDIR
`gocryptfs -passwd [OPTIONS] CIPHERDIR`
#### Check consistency
`gocryptfs -fsck [OPTIONS] CIPHERDIR`
DESCRIPTION
===========
gocryptfs is an encrypted overlay filesystem written in Go.
Encrypted files are stored in CIPHERDIR, and a plain-text
view can be presented by mounting the filesystem at MOUNTPOINT.
gocryptfs was inspired by encfs(1) and strives to fix its
security issues while providing good performance.
OPTIONS
=======
Available options are listed below.
#### -aessiv
......@@ -36,10 +49,10 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
"allow_other" plus "default_permissions" described in fuse(8).
#### -config string
Use specified config file instead of CIPHERDIR/gocryptfs.conf
Use specified config file instead of `CIPHERDIR/gocryptfs.conf`.
#### -cpuprofile string
Write cpu profile to specified file
Write cpu profile to specified file.
#### -ctlsock string
Create a control socket at the specified location. The socket can be
......@@ -49,15 +62,30 @@ not world-accessible. For example, `/run/user/UID/my.socket` would
be suitable.
#### -d, -debug
Enable debug output
Enable debug output.
#### -dev, -nodev
Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount
(default: `-nodev`). If both are specified, `-nodev` takes precedence.
You need root permissions to use `-dev`.
#### -devrandom
Use /dev/random for generating the master key instead of the default Go
Use `/dev/random` for generating the master key instead of the default Go
implementation. This is especially useful on embedded systems with Go versions
prior to 1.9, which fall back to weak random data when the getrandom syscall
is blocking. Using this option can block indefinitely when the kernel cannot
harvest enough entropy.
#### -e PATH, -exclude PATH
Only for reverse mode: exclude relative plaintext path from the encrypted
view. Can be passed multiple times. Example:
gocryptfs -reverse -exclude Music -exclude Movies /home/user /mnt/user.encrypted
#### -exec, -noexec
Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount
(default: `-exec`). If both are specified, `-noexec` takes precedence.
#### -extpass string
Use an external program (like ssh-askpass) for the password prompt.
The program should return the password on stdout, a trailing newline is
......@@ -96,13 +124,17 @@ that uses built-in Go crypto.
Setting this option forces the filesystem to read-only and noexec.
#### -fsck
Check CIPHERDIR for consistency. If corruption is found, the
exit code is 26.
#### -fsname string
Override the filesystem name (first column in df -T). Can also be
passed as "-o fsname=" and is equivalent to libfuse's option of the
same name. By default, CIPHERDIR is used.
#### -fusedebug
Enable fuse library debug output
Enable fuse library debug output.
#### -h, -help
Print a short help text that shows the more-often used options.
......@@ -119,7 +151,7 @@ Pretty-print the contents of the config file for human consumption,
stripping out sensitive data.
#### -init
Initialize encrypted directory
Initialize encrypted directory.
#### -ko
Pass additional mount options to the kernel (comma-separated list).
......@@ -142,25 +174,35 @@ This flag is useful when recovering old gocryptfs filesystems using
"-masterkey". It is ignored (stays at the default) otherwise.
#### -masterkey string
Use a explicit master key specified on the command line. This
Use a explicit master key specified on the command line or, if the special
value "stdin" is used, read the masterkey from stdin. This
option can be used to mount a gocryptfs filesystem without a config file.
Note that the command line, and with it the master key, is visible to
anybody on the machine who can execute "ps -auxwww".
This is meant as a recovery option for emergencies, such as if you have
forgotten the password or lost the config file.
anybody on the machine who can execute "ps -auxwww". Use "-masterkey=stdin"
to avoid that risk.
The masterkey option is meant as a recovery option for emergencies, such as
if you have forgotten the password or lost the config file.
Even if a config file exists, it will not be used. All non-standard
settings have to be passed on the command line: `-aessiv` when you
mount a filesystem that was created using reverse mode, or
`-plaintextnames` for a filesystem that was created with that option.
Example master key:
6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
Examples:
-masterkey=6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
-masterkey=stdin
#### -memprofile string
Write memory profile to the specified file. This is useful when debugging
memory usage of gocryptfs.
#### -nodev
See `-dev, -nodev`.
#### -noexec
See `-exec, -noexec`.
#### -nonempty
Allow mounting over non-empty directories. FUSE by default disallows
this to prevent accidental shadowing of files.
......@@ -186,6 +228,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs
daemonizes. This option disables the redirection and messages will
continue be printed to stdout and stderr.
#### -nosuid
See `-suid, -nosuid`.
#### -notifypid int
Send USR1 to the specified process after successful mount. This is
used internally for daemonization.
......@@ -211,7 +256,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
option.
#### -passfile string/
#### -passfile string
Read password from the specified file. This is a shortcut for
specifying '-extpass="/bin/cat -- FILE"'.
......@@ -228,10 +273,10 @@ you have verified that you can access your files with the
new password.
#### -plaintextnames
Do not encrypt file names and symlink targets
Do not encrypt file names and symlink targets.
#### -q, -quiet
Quiet - silence informational messages
Quiet - silence informational messages.
#### -raw64
Use unpadded base64 encoding for file names. This gets rid of the
......@@ -242,8 +287,9 @@ mounted using gocryptfs v1.2 and higher.
Reverse mode shows a read-only encrypted view of a plaintext
directory. Implies "-aessiv".
#### -ro
Mount the filesystem read-only
#### -rw, -ro
Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`).
If both are specified, `-ro` takes precence.
#### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
......@@ -300,9 +346,24 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
(if available). The library that will be selected on "-openssl=auto"
(the default) is marked as such.
#### -suid, -nosuid
Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs
mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence.
You need root permissions to use `-suid`.
#### -trace string
Write execution trace to file. View the trace using "go tool trace FILE".
#### -trezor
With `-init`: Protect the masterkey using a SatoshiLabs Trezor instead of a password.
This feature is disabled by default and must be enabled at compile time using:
./build.bash -tags enable_trezor
You can determine if your gocryptfs binary has Trezor support enabled checking
if the `gocryptfs -version` output contains the string `enable_trezor`.
#### -version
Print version and exit. The output contains three fields separated by ";".
Example: "gocryptfs v1.1.1-5-g75b776c; go-fuse 6b801d3; 2016-11-01 go1.7.3".
......@@ -318,7 +379,7 @@ useful in regression testing.
Use all-zero dummy master key. This options is only intended for
automated testing as it does not provide any security.
#### --
#### \-\-
Stop option parsing. Helpful when CIPHERDIR may start with a
dash "-".
......@@ -347,8 +408,9 @@ EXIT CODES
22: password is empty (on "-init")
23: could not read gocryptfs.conf
24: could not write gocryptfs.conf (on "-init" or "-password")
26: fsck found errors
other: please check the error message
SEE ALSO
========
fuse(8) fallocate(2)
mount(2) fuse(8) fallocate(2) encfs(1)
......@@ -12,6 +12,7 @@ Data block
1-4096 bytes encrypted data
16 bytes GHASH
Full block overhead = 32/4096 = 1/128 = 0.78125 %
Example: 1-byte file
--------------------
......
......@@ -2,7 +2,9 @@ Results from benchmark-reverse.bash
VERSION LS CAT ENV
------- --- ---- ---
v1.3 2.1 19.9 Go 1.9.2
v1.3 2.1 19.9 go1.9.2
v1.4 2.1 18.2
v1.5 3.4 19.6 go1.10.3, Linux 4.17.12
v1.6 3.6 19.9 go1.10.3, Linux 4.17.12
(seconds)
......@@ -41,6 +41,8 @@ v1.4-45-gd5671b7 183 282 14.9 7.3 1.1 2.9
v1.4-45-gd5671b7 252 285 15.5 7.2 1.1 2.9 go1.8.3, Linux 4.11
v1.4.1 253 285 16.0 7.4 1.3 3.0 go1.9, Linux 4.12.5
v1.4.1-6-g276567e 258 289 16.1 7.5 1.3 3.0
v1.5 228 292 17.6 9.3 1.5 3.5 go1.10.2, Linux 4.16.8
v1.6 250 289 17.7 8.0 1.3 3.2 go1.10.3, Linux 4.17.12
Results for EncFS for comparison (benchmark.bash -encfs):
......
# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
[[projects]]
branch = "master"
name = "github.com/conejoninja/hid"
packages = ["."]
revision = "3a959b87ebefc18767a31fa567eea402eb37239e"
[[projects]]
branch = "modelT"
name = "github.com/conejoninja/tesoro"
packages = [
".",
"pb/google/protobuf",
"pb/messages",
"pb/types",
"transport"
]
revision = "e0e839b6a6f14bce56d1bfac9a86311a1646a6a3"
[[projects]]
name = "github.com/golang/protobuf"
packages = ["proto"]
revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
version = "v1.1.0"
[[projects]]
branch = "master"
name = "github.com/hanwen/go-fuse"
packages = ["fuse","fuse/nodefs","fuse/pathfs","splice"]
revision = "00d53976f3f71ce3d8327b3af528ce3d4700620e"
packages = [
"fuse",
"fuse/nodefs",
"fuse/pathfs",
"internal/utimens",
"splice"
]
revision = "95c6370914ac7822973d1893680e878e156f8d70"
[[projects]]
branch = "master"
name = "github.com/jacobsa/crypto"
packages = ["cmac","common","siv"]
packages = [
"cmac",
"common",
"siv"
]
revision = "c73681c634de898c869684602cf0c0d2ce938c4d"
[[projects]]
branch = "master"
name = "github.com/pkg/xattr"
packages = ["."]
revision = "f5b647e257e19d63831e7c7adb95dfb79d9ff4d9"
[[projects]]
branch = "master"
name = "github.com/rfjakob/eme"
packages = ["."]
revision = "2222dbd4ba467ab3fc7e8af41562fcfe69c0d770"
[[projects]]
name = "github.com/trezor/trezord-go"
packages = ["usb/lowlevel"]
revision = "bae9c40e5d71c459bde056d42d4b19ab318c90c2"
version = "v2.0.20"
[[projects]]
branch = "master"
name = "github.com/xaionaro-go/cryptoWallet"
packages = [
".",
"interfaces",
"internal/errors",
"internal/routines",
"internal/wallets",
"internal/wallets/satoshilabs",
"internal/wallets/satoshilabs/trezor",
"internal/wallets/satoshilabs/trezor/models/1",
"internal/wallets/satoshilabs/trezor/models/t",
"vendors"
]
revision = "47f9f6877e4324a8bc47fc5661c32d2fe6d29586"
[[projects]]
branch = "master"
name = "github.com/zserge/hid"
packages = ["."]
revision = "c86e7adeabafd6fcb3371ad64d6ed366b04d55db"
[[projects]]
branch = "master"
name = "golang.org/x/crypto"
packages = ["hkdf","pbkdf2","scrypt","ssh/terminal"]
revision = "13931e22f9e72ea58bb73048bc752b48c6d4d4ac"
packages = [
"hkdf",
"pbkdf2",
"scrypt",
"ssh/terminal"
]
revision = "de0752318171da717af4ce24d0a2e8626afaeb11"
[[projects]]
branch = "master"
name = "golang.org/x/sync"
packages = ["syncmap"]
revision = "fd80eb99c8f653c847d294a001bdf2a3a6f768f5"
revision = "1d60e4601c6fd243af51cc01ddf169918a5407ca"
[[projects]]
branch = "master"
name = "golang.org/x/sys"
packages = ["unix","windows"]
revision = "fff93fa7cd278d84afc205751523809c464168ab"
packages = [
"unix",
"windows"
]
revision = "14742f9018cd6651ec7364dc6ee08af0baaa1031"
[[projects]]
name = "golang.org/x/text"
packages = [
"internal/gen",
"internal/triegen",
"internal/ucd",
"transform",
"unicode/cldr",
"unicode/norm"
]
revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
version = "v0.3.0"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "8a044d1457e3087ab77e5f8acd0eb46e345afbf0f8af972bfd6361ab99f3b59b"
inputs-digest = "e12369bfb63fd78ad5b21b6bb8d0e68ed7bb5d66fd2c01e122b7a89dfb99eec4"
solver-name = "gps-cdcl"
solver-version = 1
......@@ -6,6 +6,10 @@
branch = "master"
name = "github.com/jacobsa/crypto"
[[constraint]]
name = "github.com/pkg/xattr"
branch = "master"
[[constraint]]
branch = "master"
name = "github.com/rfjakob/eme"
......
......@@ -4,16 +4,15 @@
[![Go Report Card](https://goreportcard.com/badge/github.com/rfjakob/gocryptfs)](https://goreportcard.com/report/github.com/rfjakob/gocryptfs)
An encrypted overlay filesystem written in Go.
Official website: https://nuetzlich.net/gocryptfs (Markdown [source](https://github.com/rfjakob/gocryptfs-website/tree/master/docs))
Official website: https://nuetzlich.net/gocryptfs ([markdown source](https://github.com/rfjakob/gocryptfs-website/blob/master/docs/index.md)).
gocryptfs is built on top the excellent
[go-fuse](https://github.com/hanwen/go-fuse) FUSE library and its
LoopbackFileSystem API.
![Folders side-by-side animation](Documentation/folders-side-by-side.gif)
gocryptfs is built on top the excellent
[go-fuse](https://github.com/hanwen/go-fuse) FUSE library.
This project was inspired by EncFS and strives to fix its security
issues while providing good performance
([benchmarks](https://nuetzlich.net/gocryptfs/comparison/#performance)).
For details on the security of gocryptfs see the
[Security](https://nuetzlich.net/gocryptfs/security/) design document.
......@@ -44,9 +43,9 @@ Linux is gocryptfs' native platform.
Beta-quality Mac OS X support is available, which means most things work
fine but you may hit an occasional problem. Check out
[ticket #15](https://github.com/rfjakob/gocryptfs/issues/15) for the history
of Mac OS X support but please create a new ticket if you a problem.
of Mac OS X support but please create a new ticket if you hit a problem.
For Windows, an independent C++ reimplementation has been started:
For Windows, an independent C++ reimplementation can be found here:
[cppcryptfs](https://github.com/bailey27/cppcryptfs)
Testing
......@@ -68,6 +67,8 @@ as well as in the go-fuse library.
Compile
-------
With [go 1.5 or higher](.travis.yml#L8):
$ go get -d github.com/rfjakob/gocryptfs
$ cd $(go env GOPATH)/src/github.com/rfjakob/gocryptfs
$ ./build.bash
......@@ -89,6 +90,13 @@ See the [Quickstart](https://nuetzlich.net/gocryptfs/quickstart/) page for more
The [MANPAGE.md](Documentation/MANPAGE.md) describes all available command-line options.
Use: Reverse Mode
-----------------
$ mkdir cipher plain
$ ./gocryptfs -reverse -init plain
$ ./gocryptfs -reverse plain cipher
Graphical Interface
-------------------
......@@ -144,6 +152,52 @@ RM: 4.42
Changelog
---------
v1.6, 2018-08-18
* **Add `-e` / `-exclude` option** for reverse mode
([#235](https://github.com/rfjakob/gocryptfs/issues/235),
[commit](https://github.com/rfjakob/gocryptfs/commit/ec2fdc19cf9358ae7ba09c528a5807b6b0760f9b))
* **Add support for the Trezor One HSM** [PR#247](https://github.com/rfjakob/gocryptfs/pull/247), thanks @xaionaro!
* Use `./build.bash -tags enable_trezor` to compile with Trezor support
* Then, use `gocryptfs -init -trezor` to create a filesystem locked with a physical Trezor device.
* Only print master key once, on init
([#76](https://github.com/rfjakob/gocryptfs/issues/76),
[commit](https://github.com/rfjakob/gocryptfs/commit/6d64dfe8f7acd8e9ca4a659d26318e442c2db85a))
* Fall back to buffered IO even when passed `O_DIRECT`
([commit](https://github.com/rfjakob/gocryptfs/commit/893e41149ed353f355047003b89eeff456990e76))
v1.5, 2018-06-12
* **Support extended attributes (xattr)** in forward mode
([#217](https://github.com/rfjakob/gocryptfs/issues/217)). Older gocryptfs versions
will ignore the extended attributes.
* **Add `-fsck` function**
([#191](https://github.com/rfjakob/gocryptfs/issues/191))
* Fix clobbered timestamps on MacOS High Sierra
([#229](https://github.com/rfjakob/gocryptfs/issues/229))
* Add `-masterkey=stdin` functionality
([#218](https://github.com/rfjakob/gocryptfs/issues/218))
* Accept `-dev`/`-nodev`, `suid`/`nosuid`, `-exec`/`-noexec`,
`-ro`/`-rw` flags to make mounting via `/etc/fstab` possible.
Thanks @mahkoh! ([#233](https://github.com/rfjakob/gocryptfs/pull/233),
[commit](https://github.com/rfjakob/gocryptfs/commit/53d6a9999dd0e4c31636d16179f284fff35a35d9),
[commit](https://github.com/rfjakob/gocryptfs/commit/10212d791a3196c2c8705a7a3cccdeb14a8efdbe))
* Fix a `logger` path issue on SuSE
[#225](https://github.com/rfjakob/gocryptfs/issues/225)
* Stop printing the help text on a "flag provided but not defined"
error ([commit](https://github.com/rfjakob/gocryptfs/commit/5ad26495fc86527bbfe75ac6b46528d49a373676))
v1.4.4, 2018-03-18
* Overwrite secrets in memory with zeros as soon as possible
([#211](https://github.com/rfjakob/gocryptfs/issues/211))
* Fix Getdents problems on i386 and mips64le
([#197](https://github.com/rfjakob/gocryptfs/issues/197),
[#200](https://github.com/rfjakob/gocryptfs/issues/200))
* Make building with gccgo work
([#201](https://github.com/rfjakob/gocryptfs/issues/201))
* MacOS: fix `osxfuse: vnode changed generation` / `Error code -36` issue in go-fuse
([#213](https://github.com/rfjakob/gocryptfs/issues/213),
[commit](https://github.com/hanwen/go-fuse/commit/a9ddcb8a4b609500fc59c89ccc9ee05f00a5fefd))
* Fix various test issues on MacOS
v1.4.3, 2018-01-21
* **Fix several symlink race attacks** in connection with reverse mode
and allow_other. Thanks to @slackner for reporting and helping to fix
......
......@@ -66,10 +66,12 @@ if [[ $OPT_ENCFS -eq 1 ]]; then
echo "The option $OPT_OPENSSL only works with gocryptfs"
exit 1
fi
echo "Testing EncFS at $CRYPT"
echo -n "Testing EncFS at $CRYPT: "
encfs --version
/home/jakob.donotbackup/encfs/build/encfs --extpass="echo test" --standard $CRYPT $MNT > /dev/null
else
echo "Testing gocryptfs at $CRYPT"
echo -n "Testing gocryptfs at $CRYPT: "
gocryptfs -version
gocryptfs -q -init -extpass="echo test" -scryptn=10 $CRYPT
gocryptfs -q -extpass="echo test" $OPT_OPENSSL $CRYPT $MNT
fi
......
......@@ -58,9 +58,9 @@ if [[ -z ${BUILDDATE:-} ]] ; then
fi
LDFLAGS="-X main.GitVersion=$GITVERSION -X main.GitVersionFuse=$GITVERSIONFUSE -X main.BuildDate=$BUILDDATE"
go build "-ldflags=$LDFLAGS" $@
go build "-ldflags=$LDFLAGS" "$@"
(cd gocryptfs-xray; go build $@)
(cd gocryptfs-xray; go build "$@")
./gocryptfs -version
......
package main
import (
"fmt"
"io/ioutil"
"os"
)
// checkDirEmpty - check if "dir" exists and is an empty directory.
// Returns an *os.PathError if Stat() on the path fails.
func checkDirEmpty(dir string) error {
err := checkDir(dir)
if err != nil {
return err
}
entries, err := ioutil.ReadDir(dir)
if err != nil {
return err
}
if len(entries) == 0 {
return nil
}
return fmt.Errorf("directory %s not empty", dir)
}
// checkDir - check if "dir" exists and is a directory
func checkDir(dir string) error {
fi, err := os.Stat(dir)
if err != nil {
return err
}
if !fi.IsDir() {
return fmt.Errorf("%s is not a directory", dir)
}
return nil
}
......@@ -12,6 +12,7 @@ import (
"github.com/rfjakob/gocryptfs/internal/configfile"
"github.com/rfjakob/gocryptfs/internal/exitcodes"
"github.com/rfjakob/gocryptfs/internal/prefer_openssl"
"github.com/rfjakob/gocryptfs/internal/readpassword"
"github.com/rfjakob/gocryptfs/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/internal/tlog"
)
......@@ -20,11 +21,15 @@ import (
type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, fg, version,
plaintextnames, quiet, nosyslog, wpanic,
longnames, allow_other, ro, reverse, aessiv, nonempty, raw64,
longnames, allow_other, reverse, aessiv, nonempty, raw64,
noprealloc, speed, hkdf, serialize_reads, forcedecode, hh, info,
sharedstorage, devrandom bool
sharedstorage, devrandom, fsck, trezor bool
// Mount options with opposites
dev, nodev, suid, nosuid, exec, noexec, rw, ro bool
masterkey, mountpoint, cipherdir, cpuprofile, extpass,
memprofile, ko, passfile, ctlsock, fsname, force_owner, trace string
// For reverse mode, --exclude is available. It can be specified multiple times.
exclude multipleStrings
// Configuration file name override
config string
notifypid, scryptn int
......@@ -37,21 +42,33 @@ type argContainer struct {
_forceOwner *fuse.Owner
}
type multipleStrings []string
func (s *multipleStrings) String() string {
s2 := []string(*s)
return fmt.Sprint(s2)
}
func (s *multipleStrings) Set(val string) error {
*s = append(*s, val)
return nil
}
var flagSet *flag.FlagSet
// prefixOArgs transform options passed via "-o foo,bar" into regular options
// like "-foo -bar" and prefixes them to the command line.
// Testcases in TestPrefixOArgs().
func prefixOArgs(osArgs []string) []string {
func prefixOArgs(osArgs []string) ([]string, error) {
// Need at least 3, example: gocryptfs -o foo,bar
// ^ 0 ^ 1 ^ 2
if len(osArgs) < 3 {
return osArgs
return osArgs, nil
}
// Passing "--" disables "-o" parsing. Ignore element 0 (program name).
for _, v := range osArgs[1:] {
if v == "--" {
return osArgs
return osArgs, nil
}
}
// Find and extract "-o foo,bar"
......@@ -60,8 +77,7 @@ func prefixOArgs(osArgs []string) []string {