Also, fix "make distcheck", it failed because of the relative path "*.m4":
make[3]: Entering directory `/home/jakob/encfs/encfs-1.8.1/_build/m4'
make[3]: *** No rule to make target `*.m4', needed by `distdir'. Stop.
Actually, "--add-location=file" would be better than "--no-location",
but this flag only supported from gettext 0.19.4 (released Dec 2014).
We can switch to "--add-location=file" onclude gettext 0.19.4 is
the major distributions.
This patch implements the workaround proposed by
https://defuse.ca/audits/encfs.htm to create a --require-macs command
line argument. If this argument is passed, encfs will refuse to mount
with MACs disabled. When creating a filesystem, encfs will force MACs to
be enabled.
Addressed CR comments, and added docs.
It is only needed when "-o allow_other" is specified.
"-o default_permissions" causes libfuse to check file access
in userspace. This costs CPU cycles and causes additional
stat() calls - libfuse has to walk up the whole path to check
for "x" permissions on directories.
This improves "make benchmark-reverse" performance
by 30% when caching is disabled. It also gives a slight
improvement with caches on.
Before:
tests/benchmark-reverse.pl /var/tmp
* rsync 1 (initial copy)... 12179 ms
* rsync 2 (no changes)... 1840 ms
cleaning up... done
tests/benchmark-reverse.pl /var/tmp --nocache
* rsync 1 (initial copy)... 30696 ms
* rsync 2 (no changes)... 10552 ms
cleaning up... done
After:
tests/benchmark-reverse.pl /var/tmp
* rsync 1 (initial copy)... 12095 ms
* rsync 2 (no changes)... 1693 ms
cleaning up... done
tests/benchmark-reverse.pl /var/tmp --nocache
* rsync 1 (initial copy)... 21266 ms
* rsync 2 (no changes)... 6486 ms
cleaning up... done
Commit 76424a58cb enabled unique IV
for reverse mode by default, to get more testing and to increase
security of reverse mode.
The downside is that all IVs change when the inode numbers change,
which means that all of the ciphertext changes.
This may bite people who copied the plaintext to a new filesystem
- they will find out that they have to rsync everything again.
This commit disables unique IV for reverse mode by default. It can
still be enabled through expert mode.
Disabling the kernel cache make sure the encrypted view is always
up-to-date, however, it causes a factor 3 slowdown.
Please use --nocache manually if you want to disable caching.
Closes#60.
Also replaces the magic identifiers 513 and 514 by proper defines.
With pkg-config missing, a broken configure was generated, that failed
with a confusing error:
./configure: line 19272: syntax error near unexpected token `OPENSSL,'
./configure: line 19272: ` PKG_CHECK_MODULES(OPENSSL, openssl >= 0.9.7,'
Now, it errors out in the autoconf stage with:
configure.ac:23: error: possibly undefined macro: PKG_CHECK_MODULES
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.