gocryptfs, branch nfc_v2

macos: normalize unicode file names in forward mode

2026-01-24T19:00:43+00:00

Summary: Store as NFC, read as NFD. This commit resolves https://github.com/rfjakob/gocryptfs/issues/850 by addressing Unicode normalization mismatches on macOS between NFC (used by CLI tools) and NFD (used by GUI apps). The solution is inspired by Cryptomator's approach ( https://github.com/cryptomator/cryptomator/issues/264 ). Forward mode on MacOS now enforces NFC for storage but presents NFD as recommended by https://developer.apple.com/library/archive/qa/qa1173/_index.html and https://github.com/macfuse/macfuse/wiki/File-Names-(Unicode-Normalization-Forms) . See https://github.com/rfjakob/gocryptfs/pull/949 for more info. This commit does nothing for reverse mode as it is not clear if anything can be done. Reverse mode can not influence how the file names are stored, hence mapping normalized names back to what is actually on disk seems difficult.

Update hkdf.go

2026-01-07T20:59:39+00:00

Use hkdf from stable api instead of eXperimental

build(deps): bump actions/checkout from 5 to 6

2025-12-15T20:25:28+00:00

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot]

build(deps): bump actions/upload-artifact from 5 to 6

2025-12-15T20:25:09+00:00

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot]

bump golang.org/x/crypto from 0.33.0 to 0.45.0

2025-12-15T20:16:54+00:00

github ci: drop older Go versions

2025-12-15T20:16:54+00:00

This has become untenable as the golang.org/x packages started bumping their go.mod go directive automatically: https://github.com/golang/go/issues/69095 https://go.googlesource.com/proposal/+/HEAD/design/69095-x-repo-continuous-go.md

Drop deprecated rand.Seed calls

2025-12-14T10:39:31+00:00

$ staticcheck --version staticcheck 2025.1.1 (0.6.1) $ staticcheck ./... contrib/findholes/holes/holes.go:179:2: rand.Seed has been deprecated since Go 1.20 and an alternative has been available since Go 1.0: As of Go 1.20 there is no reason to call Seed with a random value. Programs that call Seed with a known value to get a specific sequence of results should use New(NewSource(seed)) to obtain a local random generator. (SA1019) tests/defaults/acl_test.go:24:2: rand.Seed has been deprecated since Go 1.20 and an alternative has been available since Go 1.0: As of Go 1.20 there is no reason to call Seed with a random value. Programs that call Seed with a known value to get a specific sequence of results should use New(NewSource(seed)) to obtain a local random generator. (SA1019) tests/plaintextnames/file_holes_test.go:143:2: rand.Seed has been deprecated since Go 1.20 and an alternative has been available since Go 1.0: As of Go 1.20 there is no reason to call Seed with a random value. Programs that call Seed with a known value to get a specific sequence of results should use New(NewSource(seed)) to obtain a local random generator. (SA1019)

Fix go vet 1.25.4 "non-constant format string" issues

2025-12-14T10:39:31+00:00

$ go version go version go1.25.4 linux/amd64 $ go vet ./... ./init_dir.go:71:21: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf ./main.go:123:19: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf ./masterkey.go:29:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf ./masterkey.go:56:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf ./mount.go:415:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf internal/tlog/log.go:76:18: non-constant format string in call to (*log.Logger).Printf internal/syscallcompat/quirks.go:19:19: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf

quirks: drop tmpfs xattr quirk

2025-11-29T21:01:03+00:00

tmpfs supports user xattrs since Linux 6.6 (anno 2023): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2daf18a7884dc03d5164ab9c7dc3f2ea70638469

reverse: fix TestXattrList failure

2025-11-22T20:51:27+00:00

On my Fedora I used to get this failure: --- FAIL: TestXattrList (0.00s) xattr_test.go:52: wrong number of names, want=20 have=21 xattr_test.go:58: mismatch on attr "security.selinux": valA = "", valC = "xxxxxxxxyyyyyyyyyyyyyyyzzzzzzzzzzzzz" First step is to print the actual value using xattr.LGet. This improves the error message to this: --- FAIL: TestXattrList (0.00s) xattr_test.go:53: wrong number of names, want=20 have=21 xattr_test.go:59: mismatch on attr "security.selinux": valA = "", valC = "system_u:object_r:fusefs_t:s0\x00" 2nd step is to ignore "security." attribs as we have no control over them.