Page MenuHomeSolus

Update cryfs to 0.10.1
AbandonedPublic

Authored by clivejo on Apr 6 2019, 9:29 PM.

Details

Reviewers
DataDrake
Group Reviewers
Triage Team
Summary

Update cryfs to 0.10.1
New Features & Improvements:

  • Experimental Windows support
  • Integrity checks ensure you notice when someone modifies your file system.
  • File system nodes (files, directories, symlinks) store a parent pointer to the directory that contains them. This information can be used in later versions to resolve some synchronization conflicts.
  • Allow mounting using system mount tool and /etc/fstab (e.g. mount -t fuse.cryfs basedir mountdir)
  • Performance improvements
  • Use relatime instead of strictatime (further performance improvement)
  • Pass fuse options directly to cryfs (i.e. 'cryfs basedir mountdir -o allow_other' instead of 'cryfs basedir mountdir -- -o allow_other')
  • CryFS tells the operating system to lock the encryption key to memory, i.e. not swap it to the disk (note: this is best-effort and cannot be guaranteed. Hibernation, for example, will still write the encryption key to the disk).
  • New block size options: 4KB and 16KB
  • New default block size: 16KB. This should decrease the size of the ciphertext directory for most users.
  • Increased scrypt hardness to (N=1048576, r=4, p=8) to make it harder to crack the key while allowing cryfs to take advantage of multicore machines.
  • cryfs-unmount tool to unmount filesystems

Fixed bugs:

  • du shows correct file system size on Mac OS X.
  • On Mac OS X, Finder shows the correct name for the mount directory
  • If file system migration encounters files or folders with the wrong format in the base directory, it now just ignores them instead of crashing.
  • When trying to migrate a file system from CryFS 0.9.3 or older, show an error message suggesting to first open it with 0.9.10 because we can't load that anymore.
  • The '--unmount-idle' parameter works again
  • Fix building with boost 1.67

Compatibility:

  • Fixed some incompatibilities with systems using the musl libc
  • Use boost::stacktrace instead of libbacktrace to build stack traces. This fixes a segfault issue with platforms using libexecinfo and is generally more portable.

Other:

  • Updated to crypto++ 8.1
  • Updated to DokanY 1.2.1
  • Unit tests can now be run from any directory
Test Plan

Installed version 0.10.1, upgraded my vaults in Plasma and checked my senstive data was still accessible via Plasma Vaults.

Diff Detail

Branch
master
Lint
No Linters Available
Unit
No Unit Test Coverage
clivejo created this revision.Apr 6 2019, 9:29 PM
clivejo requested review of this revision.Apr 6 2019, 9:29 PM
DataDrake accepted this revision.Thu, May 16, 11:05 PM
DataDrake added a subscriber: DataDrake.

LGTM. Thanks!

This revision is now accepted and ready to land.Thu, May 16, 11:05 PM
DataDrake requested changes to this revision.Thu, May 16, 11:05 PM

Needs a rebase.

This revision now requires changes to proceed.Thu, May 16, 11:05 PM
DataDrake abandoned this revision.Mon, May 20, 11:22 PM

Closing due to lack of movement for 30 days.