summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndy Weidenbaum2016-12-13 08:41:11 -0800
committerAndy Weidenbaum2016-12-13 08:41:11 -0800
commit726ccfaa2da19bc8f429f6a348a5e4de8a89edc4 (patch)
tree900676798420589b259e9a6b0cf93841a2f2a77f
downloadaur-726ccfaa2da19bc8f429f6a348a5e4de8a89edc4.tar.gz
Initial import
-rw-r--r--.SRCINFO22
-rw-r--r--PKGBUILD62
-rw-r--r--gocryptfs.1242
3 files changed, 326 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 00000000000..07626464d34
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,22 @@
+# Generated by mksrcinfo v8
+# Tue Dec 13 16:41:04 UTC 2016
+pkgbase = gocryptfs-git
+ pkgdesc = Encrypted overlay filesystem written in Go
+ pkgver = 20161206
+ pkgrel = 1
+ url = https://github.com/rfjakob/gocryptfs
+ arch = i686
+ arch = x86_64
+ license = MIT
+ makedepends = git
+ makedepends = go
+ depends = fuse
+ provides = gocryptfs
+ conflicts = gocryptfs
+ source = git+https://github.com/rfjakob/gocryptfs
+ source = gocryptfs.1
+ sha256sums = SKIP
+ sha256sums = 0944535a1bba09d9a56a0abfcf35d00b17338aa10078488aa20116a96bbb4fef
+
+pkgname = gocryptfs-git
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 00000000000..96ab688501c
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,62 @@
+# Maintainer: Andy Weidenbaum <archbaum@gmail.com>
+# Contributor: Peter Reschenhofer <peter.reschenhofer@gmail.com>
+
+pkgname=gocryptfs-git
+pkgver=20161206
+pkgrel=1
+pkgdesc="Encrypted overlay filesystem written in Go"
+arch=('i686' 'x86_64')
+depends=('fuse')
+# Go 1.6 added an optimized GCM implementation in amd64 assembly that
+# uses AES-NI. This is faster than OpenSSL and is used if available. In
+# all other cases OpenSSL is much faster and is used instead.
+#
+# https://github.com/rfjakob/gocryptfs#changelog
+makedepends=('git' 'go')
+url="https://github.com/rfjakob/gocryptfs"
+license=('MIT')
+source=(git+https://github.com/rfjakob/gocryptfs
+ "gocryptfs.1")
+sha256sums=('SKIP'
+ '0944535a1bba09d9a56a0abfcf35d00b17338aa10078488aa20116a96bbb4fef')
+provides=('gocryptfs')
+conflicts=('gocryptfs')
+
+pkgver() {
+ cd ${pkgname%-git}
+ git log -1 --format="%cd" --date=short | sed "s|-||g"
+}
+
+prepare() {
+ msg2 'Fetching dependencies...'
+ export GOPATH="$PWD/GO"
+ mkdir -p "$GOPATH/src/github.com/rfjakob"
+ ln -sf "$PWD/gocryptfs" "$GOPATH/src/github.com/rfjakob/"
+ go get -v -d github.com/rfjakob/gocryptfs
+}
+
+build() {
+ msg2 'Building...'
+ export GOPATH="$PWD/GO"
+ "$GOPATH/src/github.com/rfjakob/gocryptfs/build.bash"
+}
+
+package() {
+ pushd ${pkgname%-git}
+
+ msg2 'Installing license...'
+ install -Dm 644 LICENSE \
+ -t "$pkgdir/usr/share/licenses/${pkgname%-git}"
+
+ msg2 'Installing documentation...'
+ install -Dm 644 *.md Documentation/* \
+ -t "$pkgdir/usr/share/doc/${pkgname%-git}"
+
+ msg2 'Installing man pages...'
+ install -Dm 644 "$srcdir/gocryptfs.1" -t "$pkgdir/usr/share/man/man1"
+
+ popd
+
+ msg2 'Installing...'
+ install -Dm 755 "$PWD/GO/bin/gocryptfs" -t "$pkgdir/usr/bin"
+}
diff --git a/gocryptfs.1 b/gocryptfs.1
new file mode 100644
index 00000000000..30ebd15ab85
--- /dev/null
+++ b/gocryptfs.1
@@ -0,0 +1,242 @@
+.\" Automatically generated by Pandoc 1.17.2
+.\"
+.TH "GOCRYPTFS" "1" "May 2016" "" ""
+.hy
+.SH NAME
+.PP
+gocryptfs \- mount an encrypted directory
+.SH SYNOPSIS
+.SS Initialize encrypted filesystem
+.PP
+gocryptfs \-init [OPTIONS] CIPHERDIR
+.SS Mount
+.PP
+gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT [\-o COMMA\-SEPARATED\-OPTIONS]
+.SS Change password
+.PP
+gocryptfs \-passwd [OPTIONS] CIPHERDIR
+.SH DESCRIPTION
+.PP
+Options:
+.TP
+.B \f[B]\-aessiv\f[]
+Use the AES\-SIV encryption mode.
+This is slower than GCM but is secure with deterministic nonces as used
+in "\-reverse" mode.
+.RS
+.RE
+.TP
+.B \f[B]\-allow_other\f[]
+By default, the Linux kernel prevents any other user (even root) to
+access a mounted FUSE filesystem.
+Settings this option allows access for other users, subject to file
+permission checking.
+Only works if user_allow_other is set in /etc/fuse.conf.
+This option is equivalent to "allow_other" plus "default_permissions"
+described in fuse(8).
+.RS
+.RE
+.TP
+.B \f[B]\-config string\f[]
+Use specified config file instead of CIPHERDIR/gocryptfs.conf
+.RS
+.RE
+.TP
+.B \f[B]\-cpuprofile string\f[]
+Write cpu profile to specified file
+.RS
+.RE
+.TP
+.B \f[B]\-d, \-debug\f[]
+Enable debug output
+.RS
+.RE
+.TP
+.B \f[B]\-extpass string\f[]
+Use an external program (like ssh\-askpass) for the password prompt.
+The program should return the password on stdout, a trailing newline is
+stripped by gocryptfs.
+Using something like "cat /mypassword.txt" allows to mount the gocryptfs
+filesytem without user interaction.
+.RS
+.RE
+.TP
+.B \f[B]\-f\f[]
+Stay in the foreground instead of forking away.
+Implies "\-nosyslog".
+.RS
+.RE
+.TP
+.B \f[B]\-fusedebug\f[]
+Enable fuse library debug output
+.RS
+.RE
+.TP
+.B \f[B]\-init\f[]
+Initialize encrypted directory
+.RS
+.RE
+.TP
+.B \f[B]\-ko\f[]
+Pass additonal mount options to the kernel (comma\-separated list).
+FUSE filesystems are mounted with "nodev,nosuid" by default.
+If gocryptfs runs as root, you can enable device files by passing the
+opposite mount option, "dev", and if you want to enable suid\-binaries,
+pass "suid".
+"ro" (equivalent to passing the "\-ro" option) and "noexec" may also be
+interesting.
+For a complete list see the section
+\f[C]FILESYSTEM\-INDEPENDENT\ MOUNT\ OPTIONS\f[] in mount(8).
+.RS
+.RE
+.TP
+.B \f[B]\-longnames\f[]
+Store names longer than 176 bytes in extra files (default true) This
+flag is useful when recovering old gocryptfs filesystems using
+"\-masterkey".
+It is ignored (stays at the default) otherwise.
+.RS
+.RE
+.TP
+.B \f[B]\-masterkey string\f[]
+Use a explicit master key specified on the command line.
+This option can be used to mount a gocryptfs filesystem without a config
+file.
+Note that the command line, and with it the master key, is visible to
+anybody on the machine who can execute "ps \-auxwww".
+This is meant as a recovery option for emergencies, such as if you have
+forgotten your password.
+.RS
+.PP
+Example master key:
+6f717d8b\-6b5f8e8a\-fd0aa206\-778ec093\-62c5669b\-abd229cd\-241e00cd\-b4d6713d
+.RE
+.TP
+.B \f[B]\-memprofile string\f[]
+Write memory profile to specified file.
+This is useful when debugging memory usage of gocryptfs.
+.RS
+.RE
+.TP
+.B \f[B]\-nonempty\f[]
+Allow mounting over non\-empty directories.
+FUSE by default disallows this to prevent accidential shadowing of
+files.
+.RS
+.RE
+.TP
+.B \f[B]\-nosyslog\f[]
+Diagnostic messages are normally redirected to syslog once gocryptfs
+daemonizes.
+This option disables the redirection and messages will continue be
+printed to stdout and stderr.
+.RS
+.RE
+.TP
+.B \f[B]\-notifypid int\f[]
+Send USR1 to the specified process after successful mount.
+This is used internally for daemonization.
+.RS
+.RE
+.TP
+.B \f[B]\-openssl bool/"auto"\f[]
+Use OpenSSL instead of built\-in Go crypto (default "auto").
+Using built\-in crypto is 4x slower unless your CPU has AES instructions
+and you are using Go 1.6+.
+In mode "auto", gocrypts chooses the faster option.
+.RS
+.RE
+.TP
+.B \f[B]\-passfile string\f[]
+Read password from the specified file.
+This is a shortcut for specifying "\-extpass /bin/cat FILE".
+.RS
+.RE
+.TP
+.B \f[B]\-passwd\f[]
+Change the password.
+Will ask for the old password, check if it is correct, and ask for a new
+one.
+.RS
+.PP
+This can be used together with \f[C]\-masterkey\f[] if you forgot the
+password but know the master key.
+Note that without the old password, gocryptfs cannot tell if the master
+key is correct and will overwrite the old one without mercy.
+It will, however, create a backup copy of the old config file as
+\f[C]gocryptfs.conf.bak\f[].
+Delete it after you have verified that you can access your files with
+the new password.
+.RE
+.TP
+.B \f[B]\-plaintextnames\f[]
+Do not encrypt file names and symlink targets
+.RS
+.RE
+.TP
+.B \f[B]\-q, \-quiet\f[]
+Quiet \- silence informational messages
+.RS
+.RE
+.TP
+.B \f[B]\-reverse\f[]
+Reverse mode shows a read\-only encrypted view of a plaintext directory.
+Implies "\-aessiv".
+.RS
+.RE
+.TP
+.B \f[B]\-ro\f[]
+Mount the filesystem read\-only
+.RS
+.RE
+.TP
+.B \f[B]\-scryptn int\f[]
+scrypt cost parameter logN.
+Setting this to a lower value speeds up mounting but makes the password
+susceptible to brute\-force attacks (default 16)
+.RS
+.RE
+.TP
+.B \f[B]\-version\f[]
+Print version and exit.
+The output contains three fields seperated by ";".
+Example: "gocryptfs v0.12\-2; go\-fuse a4c968c; go1.6.2".
+Field 1 is the gocryptfs version, field 2 is the version of the go\-fuse
+library, field 3 is the Go version that was used to compile the binary.
+.RS
+.RE
+.TP
+.B \f[B]\-wpanic\f[]
+When encountering a warning, panic and exit immediately.
+This is useful in regression testing.
+.RS
+.RE
+.TP
+.B \f[B]\-zerokey\f[]
+Use all\-zero dummy master key.
+This options is only intended for automated testing as it does not
+provide any security.
+.RS
+.RE
+.PP
+Comma\-Separated\-Options:
+.PP
+For compatability with mount(1), options are also accepted as "\-o
+COMMA\-SEPARATED\-OPTIONS" at the end of the command line.
+For example, "\-o q,zerokey" is equivalent to "\-q \-zerokey".
+.SH EXAMPLES
+.PP
+Create and mount an encrypted filesystem:
+.PP
+mkdir /tmp/g1 /tmp/g2
+.PP
+gocryptfs \-init /tmp/g1
+.PD 0
+.P
+.PD
+gocryptfs /tmp/g1 /tmp/g2
+.SH SEE ALSO
+.PP
+fuse(8)
+.SH AUTHORS
+github.com/rfjakob.