Skip to content
rfjakob edited this page Oct 8, 2023 · 16 revisions

Upgrading a gocryptfs filesystem

Note: This article was originally written in gocryptfs 0.x times, where the on-disk format still saw some changes. Users of gocryptfs v1.0 and later should not need to complete this process. See also: https://github.com/rfjakob/gocryptfs/wiki/Compatibility

To upgrade your filesystem, you create a new empty one with the newer version of gocryptfs (currently v0.11), mount it, and copy all the files over.

Let's assume you have an old gocryptfs filesystem stored in /old.enc, mounted to /old. You have created a new filesystem in /new.enc and mounted it to /new. The df -Th output would look like this:

$ df -Th
Filesystem           Type            Size  Used Avail Use% Mounted on
[...]
/new.enc             fuse.gocryptfs   30G   23G  5,7G  80% /new
/old.enc             fuse.gocryptfs   30G   23G  5,7G  80% /old

Now you can simply use your graphical file manager to copy the files (or see the next sections for using command-line tools).

Once you feel confident that have remembered the new passphrase (if you picked a new one) AND have stored the new masterkey at a safe place (this one is definitely new), delete old.enc.

Copy using rsync

I recommend using rsync because it allows to resume interrupted copies and is generally a lot smarter than anything else.

$ shopt -s dotglob
$ rsync -a --progress /old/* /new

The bash option shopt -s dotglob makes sure that /old/* also matches hidden files (dotfiles). If you don't have any in /old (check with ls -la /old), you can skip that command.

Move using rsync

Note: If your filesystem is so old that it can only be mounted read-only, you cannot use this method. Create a copy using the instructions above.

If you don't have the space to store a copy of your data, you can use the --remove-source-files option to rsync. This will delete each file after it has been transferred. Note that mv is pretty dumb: it copies everything and only then deletes the source files, so you will still need twice the space.

As mentioned earlier, double-check that you remember the passphrase for /new and have the new masterkey saved somewhere before moving the files.

$ shopt -s dotglob
$ rsync -a --progress --remove-source-files /old/* /new

As above, dotglob makes sure that dotfiles in /old/ are copied as well.

When rsync is finished, it will leave an empty directory tree in /old. A safe way to delete these directories is:

find /old -type d -delete

This is safer than rm -R because it will only remove directories and error out if any files are left behind. Note that it will also try to delete the mountpoint /old and fail at doing so. This is expected,

find: cannot delete ‘/old’: Device or resource busy

but no other errors should be printed.