github netheril96/securefs v1.0.0

latest releases: v1.0.1, 1.0.0-issue184-2, 1.0.0-issue184-1...
6 months ago

Major version bump since changes are a lot.

New features

  • New lite format repositories no longer have any restrictions on file name lengths (OS limits still apply, but underlying filesystem limits don't).
    • Here "filename" refers to individual components of the full path. For example, in /usr/local/bin, the filenames are usr, local, and bin.
    • Existing repositories can be upgraded by securefs migrate-long-name, provided that they don't have any symlinks.
    • Basically if a filename is too long, it is encrypted and stored in a SQLite database. This incurs a small performance overhead but such long names should be rare occurrences. For more information, see here.
  • New options for full format repositories
    • Case insensitive yet case preserving (like the default behavior of NTFS)
    • Unicode normalization insensitive and preserving (like the default behavior of APFS/HFS+).
    • These enable better compatibility with native filesystems. Note both of the features cannot be changed after creation.
  • The config file format and default name is changed
    • The config file is now in protobuf.
    • The default name is now .config.pb rather than .securefs.json, since some people do not like revealing the name securefs to potential peekers.
    • Everything except the password derivation parameters are now encrypted and validated. Information such as max padding size is no longer visible without the password.
    • Loading old repos with JSON config is still supported. To upgrade, please run securefs chpass (in which case the config file will misleadingly stay the same name but be protobuf).
  • Creating format code 1 and 3 filesystems are now impossible. Mounting them still works.
  • The internals of the code base is heavily refactored to allow for easier feature development in the future.

Performance

  • Reads and writes are now coalesced such that throughput on non-cached disks are significantly faster.
  • We have implemented a workaround for libfuse2's performance problem where threads are repeatedly created and destroyed. libfuse3 fixes this problem, but we cannot upgrade yet for macFUSE compatibility.
  • The binary releases are built with link time optimization. It is difficult to get this to compile, so it is not listed in README. If you want to try, you can refer to release.yml.

Misc

  • securefs now reports stable inode numbers on most cases.

Don't miss a new securefs release

NewReleases is sending notifications on new releases.