-
Notifications
You must be signed in to change notification settings - Fork 258
Upgrading
Note: This article was originally written in gocryptfs 0.x times, where the on-disk format still saw some changes. Users of gocryptfs v1.0 and later should not need to complete this process. See also: https://github.com/rfjakob/gocryptfs/wiki/Compatibility
To upgrade your filesystem, you create a new empty one with the newer version of gocryptfs (currently v0.11), mount it, and copy all the files over.
Let's assume you have an old gocryptfs filesystem stored in /old.enc
, mounted to /old
. You have created a new filesystem in /new.enc
and mounted it to /new
. The df -Th
output would look like this:
$ df -Th
Filesystem Type Size Used Avail Use% Mounted on
[...]
/new.enc fuse.gocryptfs 30G 23G 5,7G 80% /new
/old.enc fuse.gocryptfs 30G 23G 5,7G 80% /old
Now you can simply use your graphical file manager to copy the files (or see the next sections for using command-line tools).
Once you feel confident that have remembered the new passphrase (if you picked a new one) AND have stored the new masterkey at a safe place (this one is definitely new), delete old.enc
.
I recommend using rsync because it allows to resume interrupted copies and is generally a lot smarter than anything else.
$ shopt -s dotglob
$ rsync -a --progress /old/* /new
The bash option shopt -s dotglob
makes sure that /old/*
also matches hidden files (dotfiles). If you don't have any in /old
(check with ls -la /old
), you can skip that command.
Note: If your filesystem is so old that it can only be mounted read-only, you cannot use this method. Create a copy using the instructions above.
If you don't have the space to store a copy of your data, you can use the --remove-source-files
option to rsync. This will delete each file after it has been transferred. Note that mv
is pretty dumb: it copies everything and only then deletes the source files, so you will still need twice the space.
As mentioned earlier, double-check that you remember the passphrase for /new
and have the new masterkey saved somewhere before moving the files.
$ shopt -s dotglob
$ rsync -a --progress --remove-source-files /old/* /new
As above, dotglob
makes sure that dotfiles in /old/
are copied as well.
When rsync is finished, it will leave an empty directory tree in /old
. A safe way to delete these directories is:
find /old -type d -delete
This is safer than rm -R
because it will only remove directories and error out if any files are left behind. Note that it will also try to delete the mountpoint /old
and fail at doing so. This is expected,
find: cannot delete ‘/old’: Device or resource busy
but no other errors should be printed.