diff options
author | Andy Weidenbaum | 2016-12-13 08:41:11 -0800 |
---|---|---|
committer | Andy Weidenbaum | 2016-12-13 08:41:11 -0800 |
commit | 726ccfaa2da19bc8f429f6a348a5e4de8a89edc4 (patch) | |
tree | 900676798420589b259e9a6b0cf93841a2f2a77f | |
download | aur-726ccfaa2da19bc8f429f6a348a5e4de8a89edc4.tar.gz |
Initial import
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | PKGBUILD | 62 | ||||
-rw-r--r-- | gocryptfs.1 | 242 |
3 files changed, 326 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..07626464d34e --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,22 @@ +# Generated by mksrcinfo v8 +# Tue Dec 13 16:41:04 UTC 2016 +pkgbase = gocryptfs-git + pkgdesc = Encrypted overlay filesystem written in Go + pkgver = 20161206 + pkgrel = 1 + url = https://github.com/rfjakob/gocryptfs + arch = i686 + arch = x86_64 + license = MIT + makedepends = git + makedepends = go + depends = fuse + provides = gocryptfs + conflicts = gocryptfs + source = git+https://github.com/rfjakob/gocryptfs + source = gocryptfs.1 + sha256sums = SKIP + sha256sums = 0944535a1bba09d9a56a0abfcf35d00b17338aa10078488aa20116a96bbb4fef + +pkgname = gocryptfs-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..96ab688501cb --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,62 @@ +# Maintainer: Andy Weidenbaum <archbaum@gmail.com> +# Contributor: Peter Reschenhofer <peter.reschenhofer@gmail.com> + +pkgname=gocryptfs-git +pkgver=20161206 +pkgrel=1 +pkgdesc="Encrypted overlay filesystem written in Go" +arch=('i686' 'x86_64') +depends=('fuse') +# Go 1.6 added an optimized GCM implementation in amd64 assembly that +# uses AES-NI. This is faster than OpenSSL and is used if available. In +# all other cases OpenSSL is much faster and is used instead. +# +# https://github.com/rfjakob/gocryptfs#changelog +makedepends=('git' 'go') +url="https://github.com/rfjakob/gocryptfs" +license=('MIT') +source=(git+https://github.com/rfjakob/gocryptfs + "gocryptfs.1") +sha256sums=('SKIP' + '0944535a1bba09d9a56a0abfcf35d00b17338aa10078488aa20116a96bbb4fef') +provides=('gocryptfs') +conflicts=('gocryptfs') + +pkgver() { + cd ${pkgname%-git} + git log -1 --format="%cd" --date=short | sed "s|-||g" +} + +prepare() { + msg2 'Fetching dependencies...' + export GOPATH="$PWD/GO" + mkdir -p "$GOPATH/src/github.com/rfjakob" + ln -sf "$PWD/gocryptfs" "$GOPATH/src/github.com/rfjakob/" + go get -v -d github.com/rfjakob/gocryptfs +} + +build() { + msg2 'Building...' + export GOPATH="$PWD/GO" + "$GOPATH/src/github.com/rfjakob/gocryptfs/build.bash" +} + +package() { + pushd ${pkgname%-git} + + msg2 'Installing license...' + install -Dm 644 LICENSE \ + -t "$pkgdir/usr/share/licenses/${pkgname%-git}" + + msg2 'Installing documentation...' + install -Dm 644 *.md Documentation/* \ + -t "$pkgdir/usr/share/doc/${pkgname%-git}" + + msg2 'Installing man pages...' + install -Dm 644 "$srcdir/gocryptfs.1" -t "$pkgdir/usr/share/man/man1" + + popd + + msg2 'Installing...' + install -Dm 755 "$PWD/GO/bin/gocryptfs" -t "$pkgdir/usr/bin" +} diff --git a/gocryptfs.1 b/gocryptfs.1 new file mode 100644 index 000000000000..30ebd15ab857 --- /dev/null +++ b/gocryptfs.1 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pandoc 1.17.2 +.\" +.TH "GOCRYPTFS" "1" "May 2016" "" "" +.hy +.SH NAME +.PP +gocryptfs \- mount an encrypted directory +.SH SYNOPSIS +.SS Initialize encrypted filesystem +.PP +gocryptfs \-init [OPTIONS] CIPHERDIR +.SS Mount +.PP +gocryptfs [OPTIONS] CIPHERDIR MOUNTPOINT [\-o COMMA\-SEPARATED\-OPTIONS] +.SS Change password +.PP +gocryptfs \-passwd [OPTIONS] CIPHERDIR +.SH DESCRIPTION +.PP +Options: +.TP +.B \f[B]\-aessiv\f[] +Use the AES\-SIV encryption mode. +This is slower than GCM but is secure with deterministic nonces as used +in "\-reverse" mode. +.RS +.RE +.TP +.B \f[B]\-allow_other\f[] +By default, the Linux kernel prevents any other user (even root) to +access a mounted FUSE filesystem. +Settings this option allows access for other users, subject to file +permission checking. +Only works if user_allow_other is set in /etc/fuse.conf. +This option is equivalent to "allow_other" plus "default_permissions" +described in fuse(8). +.RS +.RE +.TP +.B \f[B]\-config string\f[] +Use specified config file instead of CIPHERDIR/gocryptfs.conf +.RS +.RE +.TP +.B \f[B]\-cpuprofile string\f[] +Write cpu profile to specified file +.RS +.RE +.TP +.B \f[B]\-d, \-debug\f[] +Enable debug output +.RS +.RE +.TP +.B \f[B]\-extpass string\f[] +Use an external program (like ssh\-askpass) for the password prompt. +The program should return the password on stdout, a trailing newline is +stripped by gocryptfs. +Using something like "cat /mypassword.txt" allows to mount the gocryptfs +filesytem without user interaction. +.RS +.RE +.TP +.B \f[B]\-f\f[] +Stay in the foreground instead of forking away. +Implies "\-nosyslog". +.RS +.RE +.TP +.B \f[B]\-fusedebug\f[] +Enable fuse library debug output +.RS +.RE +.TP +.B \f[B]\-init\f[] +Initialize encrypted directory +.RS +.RE +.TP +.B \f[B]\-ko\f[] +Pass additonal mount options to the kernel (comma\-separated list). +FUSE filesystems are mounted with "nodev,nosuid" by default. +If gocryptfs runs as root, you can enable device files by passing the +opposite mount option, "dev", and if you want to enable suid\-binaries, +pass "suid". +"ro" (equivalent to passing the "\-ro" option) and "noexec" may also be +interesting. +For a complete list see the section +\f[C]FILESYSTEM\-INDEPENDENT\ MOUNT\ OPTIONS\f[] in mount(8). +.RS +.RE +.TP +.B \f[B]\-longnames\f[] +Store names longer than 176 bytes in extra files (default true) This +flag is useful when recovering old gocryptfs filesystems using +"\-masterkey". +It is ignored (stays at the default) otherwise. +.RS +.RE +.TP +.B \f[B]\-masterkey string\f[] +Use a explicit master key specified on the command line. +This option can be used to mount a gocryptfs filesystem without a config +file. +Note that the command line, and with it the master key, is visible to +anybody on the machine who can execute "ps \-auxwww". +This is meant as a recovery option for emergencies, such as if you have +forgotten your password. +.RS +.PP +Example master key: +6f717d8b\-6b5f8e8a\-fd0aa206\-778ec093\-62c5669b\-abd229cd\-241e00cd\-b4d6713d +.RE +.TP +.B \f[B]\-memprofile string\f[] +Write memory profile to specified file. +This is useful when debugging memory usage of gocryptfs. +.RS +.RE +.TP +.B \f[B]\-nonempty\f[] +Allow mounting over non\-empty directories. +FUSE by default disallows this to prevent accidential shadowing of +files. +.RS +.RE +.TP +.B \f[B]\-nosyslog\f[] +Diagnostic messages are normally redirected to syslog once gocryptfs +daemonizes. +This option disables the redirection and messages will continue be +printed to stdout and stderr. +.RS +.RE +.TP +.B \f[B]\-notifypid int\f[] +Send USR1 to the specified process after successful mount. +This is used internally for daemonization. +.RS +.RE +.TP +.B \f[B]\-openssl bool/"auto"\f[] +Use OpenSSL instead of built\-in Go crypto (default "auto"). +Using built\-in crypto is 4x slower unless your CPU has AES instructions +and you are using Go 1.6+. +In mode "auto", gocrypts chooses the faster option. +.RS +.RE +.TP +.B \f[B]\-passfile string\f[] +Read password from the specified file. +This is a shortcut for specifying "\-extpass /bin/cat FILE". +.RS +.RE +.TP +.B \f[B]\-passwd\f[] +Change the password. +Will ask for the old password, check if it is correct, and ask for a new +one. +.RS +.PP +This can be used together with \f[C]\-masterkey\f[] if you forgot the +password but know the master key. +Note that without the old password, gocryptfs cannot tell if the master +key is correct and will overwrite the old one without mercy. +It will, however, create a backup copy of the old config file as +\f[C]gocryptfs.conf.bak\f[]. +Delete it after you have verified that you can access your files with +the new password. +.RE +.TP +.B \f[B]\-plaintextnames\f[] +Do not encrypt file names and symlink targets +.RS +.RE +.TP +.B \f[B]\-q, \-quiet\f[] +Quiet \- silence informational messages +.RS +.RE +.TP +.B \f[B]\-reverse\f[] +Reverse mode shows a read\-only encrypted view of a plaintext directory. +Implies "\-aessiv". +.RS +.RE +.TP +.B \f[B]\-ro\f[] +Mount the filesystem read\-only +.RS +.RE +.TP +.B \f[B]\-scryptn int\f[] +scrypt cost parameter logN. +Setting this to a lower value speeds up mounting but makes the password +susceptible to brute\-force attacks (default 16) +.RS +.RE +.TP +.B \f[B]\-version\f[] +Print version and exit. +The output contains three fields seperated by ";". +Example: "gocryptfs v0.12\-2; go\-fuse a4c968c; go1.6.2". +Field 1 is the gocryptfs version, field 2 is the version of the go\-fuse +library, field 3 is the Go version that was used to compile the binary. +.RS +.RE +.TP +.B \f[B]\-wpanic\f[] +When encountering a warning, panic and exit immediately. +This is useful in regression testing. +.RS +.RE +.TP +.B \f[B]\-zerokey\f[] +Use all\-zero dummy master key. +This options is only intended for automated testing as it does not +provide any security. +.RS +.RE +.PP +Comma\-Separated\-Options: +.PP +For compatability with mount(1), options are also accepted as "\-o +COMMA\-SEPARATED\-OPTIONS" at the end of the command line. +For example, "\-o q,zerokey" is equivalent to "\-q \-zerokey". +.SH EXAMPLES +.PP +Create and mount an encrypted filesystem: +.PP +mkdir /tmp/g1 /tmp/g2 +.PP +gocryptfs \-init /tmp/g1 +.PD 0 +.P +.PD +gocryptfs /tmp/g1 /tmp/g2 +.SH SEE ALSO +.PP +fuse(8) +.SH AUTHORS +github.com/rfjakob. |