summary refs log tree commit diff
diff options
context:
space:
mode:
authorFelix Lechner <felix.lechner@lease-up.com>2023-03-05 12:54:55 -0800
committerLeo Famulari <leo@famulari.name>2023-03-28 16:26:10 -0400
commita14e6eae08198c1b8934b50f4bf4a6385254a903 (patch)
tree4008eb15254e9aa2fec87f46c70168cafc775271
parentf6eb16ca3e20c6fa2a6fce9077c79e78aac39693 (diff)
downloadguix-a14e6eae08198c1b8934b50f4bf4a6385254a903.tar.gz
gnu: Add gocryptfs.
* gnu/packages/file-systems.scm (gocryptfs): New variable.

Signed-off-by: Leo Famulari <leo@famulari.name>
-rw-r--r--gnu/packages/file-systems.scm74
1 files changed, 74 insertions, 0 deletions
diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index bc5bb41fb3..a62433c01c 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -435,6 +435,80 @@ significantly increases the risk of irreversible data loss!")
     (license (list license:gpl2         ; fsattr/src/e4attr.* → sbin/fsattr
                    license:gpl3+))))    ; the rest
 
+(define-public gocryptfs
+  (package
+    (name "gocryptfs")
+    (version "2.3.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/rfjakob/gocryptfs")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1m0xk5imkx81i1l4wv1j1xh9ckp0gqssq4v46pkkcq2xlv2dvxlr"))))
+    (build-system go-build-system)
+    (arguments
+     (list
+      #:import-path "github.com/rfjakob/gocryptfs"
+      #:build-flags
+      #~(list
+         "-ldflags" (string-append
+                     "-X main.GitVersion=" #$version
+                     " -X main.GitVersionFuse=" #$(package-version
+                                                   go-github-com-hanwen-go-fuse-v2)
+                     " -X main.BuildDate=" "[reproducible]"))
+      #:phases
+      #~(modify-phases %standard-phases
+          ;; after 'check phase, should maybe unmount leftover mounts as in
+          ;; https://github.com/rfjakob/gocryptfs/blob/a55b3cc15a6d9bce116a90f33df4bc99d9dd6a10/test.bash#L28
+          (replace 'build
+            (lambda arguments
+              (for-each
+               (lambda (directory)
+                 (apply (assoc-ref %standard-phases 'build)
+                        (append arguments (list #:import-path directory))))
+               (list
+                "github.com/rfjakob/gocryptfs"
+                "github.com/rfjakob/gocryptfs/gocryptfs-xray"
+                "github.com/rfjakob/gocryptfs/contrib/statfs"
+                "github.com/rfjakob/gocryptfs/contrib/findholes"
+                "github.com/rfjakob/gocryptfs/contrib/atomicrename")))))))
+    (native-inputs (list
+                    go-github-com-hanwen-go-fuse-v2
+                    go-github-com-aperturerobotics-jacobsa-crypto
+                    go-github-com-jacobsa-oglematchers
+                    go-github-com-jacobsa-oglemock
+                    go-github-com-jacobsa-ogletest
+                    go-github-com-jacobsa-reqtrace
+                    go-github-com-pkg-xattr
+                    go-github-com-rfjakob-eme
+                    go-github-com-sabhiram-go-gitignore
+                    go-github-com-spf13-pflag
+                    go-golang-org-x-crypto
+                    go-golang-org-x-net
+                    go-golang-org-x-sys
+                    go-golang-org-x-term
+                    openssl
+                    pkg-config))
+    (home-page "https://github.com/rfjakob/gocryptfs")
+    (synopsis "Encrypted overlay filesystem")
+    (description
+     "Gocryptfs is an encrypted overlay filesystem written in Go.  It
+features a file-based encryption that is implemented as a mountable
+FUSE filesystem.
+
+Gocryptfs was inspired by EncFS and strives to fix its security issues
+while providing good performance.  Gocryptfs is as fast as EncFS in the
+default mode and significantly faster than paranoia mode in EncFS,
+which provides a security level comparable to Gocryptfs.
+
+On CPUs without AES-NI, gocryptfs uses OpenSSL through a thin wrapper
+called stupidgcm.  This provides a 4x speedup compared to Go's builtin
+AES-GCM implementation.")
+    (license license:expat)))
+
 (define-public gphotofs
   (package
     (name "gphotofs")