Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rage-mount-dir: OverlayFS that transparently decrypts age-encrypted files #233

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

rage-mount-dir: OverlayFS that transparently decrypts age-encrypted files #233

wants to merge 3 commits into from

Conversation

str4d
Copy link
Owner

@str4d str4d commented May 14, 2021
edited

Usage: rage-mount-dir -i IDENTITY [-i IDENTITY ..] DIRECTORY MOUNT_POINT

  • The caller provides a directory to be mounted, and some age identities.
  • The directory is transparently mounted at a provided destination.
  • Any *.age files inside the directory's subtree are checked for decryptability (by the given identities) on first interaction (when the directory containing the file is read).
    • If an age file can be decrypted, it is shown inside the mount point without its .age suffix, and with a filesize equivalent to the decrypted file.
    • If an age file cannot be decrypted, it is show unmodified inside the mount point.
  • On read, normal files and undecryptable age files are read as-normal, while decryptable age files are transparently decrypted.

Part of #188.

@codecov
Copy link

codecov bot commented May 14, 2021
edited

Codecov Report

Merging #233 (6794269) into main (c028790) will decrease coverage by 2.19%.
The diff coverage is 3.90%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #233      +/-   ##
==========================================
- Coverage   33.79%   31.59%   -2.20%     
==========================================
  Files          34       38       +4     
  Lines        3063     3307     +244     
==========================================
+ Hits         1035     1045      +10     
- Misses       2028     2262     +234
Impacted Files Coverage Δ
age-core/src/format.rs 77.63% <ø> (+1.00%) ⬆️
age/src/cli_common.rs 18.18% <ø> (ø)
age/src/identity.rs 48.68% <ø> (ø)
rage/src/bin/rage-mount-dir/main.rs 0.00% <0.00%> (ø)
rage/src/bin/rage-mount-dir/overlay.rs 0.00% <0.00%> (ø)
rage/src/bin/rage-mount-dir/reader.rs 0.00% <0.00%> (ø)
rage/src/bin/rage-mount-dir/wrapper.rs 0.00% <0.00%> (ø)
rage/src/bin/rage-mount/main.rs 1.85% <ø> (ø)
rage/src/bin/rage/main.rs 100.00% <ø> (ø)
age/src/encrypted.rs 50.00% <55.55%> (+5.91%) ⬆️
... and 9 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c028790...6794269. Read the comment docs.

@str4d
rage-mount-dir: Implement transparent read-only FUSE overlay
44db419 
This creates a read-only view over the source directory.
@str4d
age: Return Box<dyn Identity + Send + Sync> from read_identities
a63c28c 
This exposes `Send + Sync` (which is always present for `Identity` types
that we parse, including `age::encrypted::Identity` after this commit) to
users that require it, without adding bounds to `Identity` itself. Users
who do not require these bounds can map the output of `read_identities`
to drop them.
@str4d
rage-mount-dir: Transparently decrypt files with provided identities
6794269
@str4d str4d mentioned this pull request Sep 11, 2021
Closed
@Macil Macil mentioned this pull request May 10, 2022
Open
@dmadisetti
Copy link

I think this looks awesome. What are your blockers? It looks like this is mainly stubs. Was it just lack of interest that stopped you from pursuing this change?

Also, I'm not sure why you have fuser and fuse_mt as deps; shouldn't one be sufficient?

@str4d
Copy link
Owner Author

str4d commented Mar 30, 2024

If I recall correctly (and I probably don't), I ran into UX issues that I didn't have time to figure out a solution for at the time. And as this was not motivated by any personal use case (someone else suggested the idea, and I wanted to see what it would look like in practice), I ended up putting it aside as I worked on other things.

As of the time of this PR, fuser was single-threaded; fuse_mt was a wrapper around it that provides multi threading support. I don't believe that has changed in the intervening time, but I haven't checked recently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@str4d @dmadisetti