Update README and MANPAGE for v1.5

Also update the performance numbers. I see some slowdown, reason is not yet clear, but nothing to block the release.
rfjakob · Jun 12, 2018 · 009cc0a · 009cc0a
1 parent e925e1b
commit 009cc0a
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 9 deletions.
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
@@ -54,13 +54,22 @@ be suitable.
 #### -d, -debug
 Enable debug output.
 
+#### -dev, -nodev
+Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount
+(default: `-nodev`). If both are specified, `-nodev` takes precedence.
+You need root permissions to use `-dev`.
+
 #### -devrandom
 Use /dev/random for generating the master key instead of the default Go
 implementation. This is especially useful on embedded systems with Go versions
 prior to 1.9, which fall back to weak random data when the getrandom syscall
 is blocking. Using this option can block indefinitely when the kernel cannot
 harvest enough entropy.
 
+#### -exec, -noexec
+Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount
+(default: `-exec`). If both are specified, `-noexec` takes precedence.
+
 #### -extpass string
 Use an external program (like ssh-askpass) for the password prompt.
 The program should return the password on stdout, a trailing newline is
@@ -172,6 +181,12 @@ Examples:
 Write memory profile to the specified file. This is useful when debugging
 memory usage of gocryptfs.
 
+#### -nodev
+See `-dev, -nodev`.
+
+#### -noexec
+See `-exec, -noexec`.
+
 #### -nonempty
 Allow mounting over non-empty directories. FUSE by default disallows
 this to prevent accidental shadowing of files.
@@ -197,6 +212,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs
 daemonizes. This option disables the redirection and messages will
 continue be printed to stdout and stderr.
 
+#### -nosuid
+See `-suid, -nosuid`.
+
 #### -notifypid int
 Send USR1 to the specified process after successful mount. This is
 used internally for daemonization.
@@ -222,7 +240,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and
 you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
 option.
 
-#### -passfile string/
+#### -passfile string
 Read password from the specified file. This is a shortcut for
 specifying '-extpass="/bin/cat -- FILE"'.
 
@@ -253,8 +271,9 @@ mounted using gocryptfs v1.2 and higher.
 Reverse mode shows a read-only encrypted view of a plaintext
 directory. Implies "-aessiv".
 
-#### -ro
-Mount the filesystem read-only.
+#### -rw, -ro
+Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`).
+If both are specified, `-ro` takes precence.
 
 #### -scryptn int
 scrypt cost parameter expressed as scryptn=log2(N). Possible values are
@@ -311,6 +330,11 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
 (if available). The library that will be selected on "-openssl=auto"
 (the default) is marked as such.
 
+#### -suid, -nosuid
+Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs
+mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence.
+You need root permissions to use `-suid`.
+
 #### -trace string
 Write execution trace to file. View the trace using "go tool trace FILE".
 
@@ -363,4 +387,4 @@ other: please check the error message
 
 SEE ALSO
 ========
-fuse(8) fallocate(2)
+mount(2) fuse(8) fallocate(2)
diff --git a/Documentation/performance.txt b/Documentation/performance.txt
@@ -41,6 +41,7 @@ v1.4-45-gd5671b7  183      282      14.9   7.3  1.1    2.9
 v1.4-45-gd5671b7  252      285      15.5   7.2  1.1    2.9    go1.8.3, Linux 4.11
 v1.4.1            253      285      16.0   7.4  1.3    3.0    go1.9,   Linux 4.12.5
 v1.4.1-6-g276567e 258      289      16.1   7.5  1.3    3.0
+v1.5              228      292      17.6   9.3  1.5    3.5    go1.10.2, Linux 4.16.8
 
 Results for EncFS for comparison (benchmark.bash -encfs):
 

diff --git a/README.md b/README.md
@@ -153,13 +153,25 @@ RM:    4.42
 Changelog
 ---------
 
-vNEXT, in progress
+v1.5, 2018-06-12
+* **Support extended attributes (xattr)** in forward mode
+  ([#217](https://github.com/rfjakob/gocryptfs/issues/217)). Older gocryptfs versions
+  will ignore the extended attributes.
+* **Add `-fsck` function**
+  ([#191](https://github.com/rfjakob/gocryptfs/issues/191))
+* Fix clobbered timestamps on MacOS High Sierra
+  ([#229](https://github.com/rfjakob/gocryptfs/issues/229))
 * Add `-masterkey=stdin` functionality
   ([#218](https://github.com/rfjakob/gocryptfs/issues/218))
-* Support extended attributes (xattr) in forward mode
-  ([#217](https://github.com/rfjakob/gocryptfs/issues/217))
-* Add `-fsck` function
-  ([#191](https://github.com/rfjakob/gocryptfs/issues/191))
+* Accept `-dev`/`-nodev`, `suid`/`nosuid`, `-exec`/`-noexec`,
+  `-ro`/`-rw` flags to make mounting via `/etc/fstab` possible.
+  Thanks @mahkoh! ([#233](https://github.com/rfjakob/gocryptfs/pull/233),
+  [commit](https://github.com/rfjakob/gocryptfs/commit/53d6a9999dd0e4c31636d16179f284fff35a35d9),
+  [commit](https://github.com/rfjakob/gocryptfs/commit/10212d791a3196c2c8705a7a3cccdeb14a8efdbe))
+* Fix a `logger` path issue on SuSE
+  [#225](https://github.com/rfjakob/gocryptfs/issues/225)
+* Stop printing the help text on a "flag provided but not defined"
+  error ([commit](https://github.com/rfjakob/gocryptfs/commit/5ad26495fc86527bbfe75ac6b46528d49a373676))
 
 v1.4.4, 2018-03-18
 * Overwrite secrets in memory with zeros as soon as possible