diff options
123 files changed, 922 insertions, 588 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..bf7c985 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# Set update schedule for GitHub Actions + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "weekly" + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c29194a..e5dbf76 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,8 +26,12 @@ jobs: runs-on: ${{ matrix.os }} steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 # Make "git describe" work + - name: Install Go ${{ matrix.go }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go }} @@ -35,10 +39,6 @@ jobs: # https://github.com/actions/runner/issues/1188 - run: ls -l /proc/self/fd - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # Make "git describe" work - # CI platform specific setup steps happen here - run: sudo apt-get install -qq fuse3 libssl-dev @@ -20,3 +20,6 @@ gocryptfs.1 # Source tarball version. Should never be committed to git. /VERSION + +# Ignore macos specific files +.DS_Store
\ No newline at end of file diff --git a/Documentation/file-format.md b/Documentation/file-format.md index 7cce72c..7c2e2c8 100644 --- a/Documentation/file-format.md +++ b/Documentation/file-format.md @@ -1,43 +1,67 @@ File Format =========== +Empty files are stored as empty files. + +Non-empty files contain a *Header* and one or more *Data blocks*. + Header +------ 2 bytes header version (big endian uint16, currently 2) 16 bytes file id Data block, default AES-GCM mode +-------------------------------- 16 bytes GCM IV (nonce) 1-4096 bytes encrypted data 16 bytes GHASH -Data block, AES-SIV mode (used in reverse mode, or when explicitly enabled with `-init -aessiv`) +Overhead = (16+16)/4096 = 1/128 = 0.78125 % + +Data block, AES-SIV mode +------------------------ + +AES-SIV is used in reverse mode, or when explicitly enabled with `-init -aessiv`. 16 bytes nonce 16 bytes SIV 1-4096 bytes encrypted data -Data block, XChaCha20-Poly1305 (enabled via `-init -xchacha`) +Overhead = (16+16)/4096 = 1/128 = 0.78125 % + +Data block, XChaCha20-Poly1305 +------------------------------ + +Enabled via `-init -xchacha` 24 bytes nonce 1-4096 bytes encrypted data 16 bytes Poly1305 tag -Full block overhead (AES-GCM and AES-SIV mode) = 32/4096 = 1/128 = 0.78125 % +Overhead = (24+16)/4096 = 0.98 % -Full block overhead (XChaCha20-Poly1305 mode) = 40/4096 = \~1 % +Examples +======== -Example: 1-byte file, AES-GCM and AES-SIV mode ----------------------------------------------- +0-byte file (all modes) +----------------------- + + (empty) + +Total: 0 bytes + +1-byte file, AES-GCM and AES-SIV mode +------------------------------------- Header 18 bytes Data block 33 bytes Total: 51 bytes -Example: 5000-byte file, , AES-GCM and AES-SIV mode ---------------------------------------------------- +5000-byte file, , AES-GCM and AES-SIV mode +------------------------------------------ Header 18 bytes Data block 4128 bytes @@ -45,19 +69,24 @@ Example: 5000-byte file, , AES-GCM and AES-SIV mode Total: 5082 bytes -Example: 1-byte file, XChaCha20-Poly1305 mode ----------------------------------------------- +1-byte file, XChaCha20-Poly1305 mode +------------------------------------ Header 18 bytes Data block 41 bytes Total: 59 bytes -Example: 5000-byte file, XChaCha20-Poly1305 mode ----------------------------------------------- +5000-byte file, XChaCha20-Poly1305 mode +--------------------------------------- Header 18 bytes Data block 4136 bytes Data block 944 bytes Total: 5098 bytes + +See Also +======== + +https://nuetzlich.net/gocryptfs/forward_mode_crypto/ / https://github.com/rfjakob/gocryptfs-website/blob/master/docs/forward_mode_crypto.md @@ -30,7 +30,7 @@ hours and hours of stress (fsstress, extractloop.bash) and correctness testing (xfstests). It is now considered ready for general consumption. The old principle still applies: Important data should have a backup. -Also, keep a copy of your master key (printed on mount) in a safe place. +Also, keep a copy of your master key (printed at init) in a safe place. This allows you to access the data even if the gocryptfs.conf config file is damaged or you lose the password. @@ -50,8 +50,14 @@ of macOS support but please create a new ticket if you hit a problem. For Windows, an independent C++ reimplementation can be found here: [cppcryptfs](https://github.com/bailey27/cppcryptfs) -A standalone Python tool that can decrypt files & file names is here: +Standalone tools: + [gocryptfs-inspect](https://github.com/slackner/gocryptfs-inspect) +is Python tool that can decrypt files & file names without +using FUSE. + +[gocryptfs-create-folder](https://codeberg.org/LGLQ/gocryptfs-create-folder) +is a Python tool can encrypt a directory without using FUSE. Installation ------------ @@ -195,6 +201,19 @@ RM: 2,367 Changelog --------- +#### v2.6.1, 2025-08-10 +* Fix warnings `cipherSize X: incomplete last block (Y bytes), padding to Z bytes` + (harmless but annoying, [#951](https://github.com/rfjakob/gocryptfs/issues/951)) +* MacOS: Fix GUI apps reporting failure to save files [#914](https://github.com/rfjakob/gocryptfs/issues/914) +* MacOS: Fix `test-without-openssl.bash` trying to build tests with openssl enabled + ([2ebd0d754b8ee4](https://github.com/rfjakob/gocryptfs/commit/2ebd0d754b8ee46e6c65e90e1d1e13491b03b7b5)) + +#### v2.6.0, 2025-07-14 +* Upgrade to go-fuse v2.8.0 +* Switch to the new go-fuse directory API( https://github.com/rfjakob/gocryptfs/commit/ae3c859c1179498a4882b4bd69c2243aa6912332 ) +* Fix `-force_owner` not allowing file/dir create ( https://github.com/rfjakob/gocryptfs/issues/783 ) +* Skip `TestBtrfsQuirks` if mkfs.btrfs is not installed ( https://github.com/rfjakob/gocryptfs/issues/930 ) + #### v2.5.4, 2025-04-13 * Drop `GOAMD64=v2` from `build.bash`, there's user(s) still running `GOAMD64=v1` CPUs ([#908](https://github.com/rfjakob/gocryptfs/issues/908), diff --git a/build-without-openssl.bash b/build-without-openssl.bash index d5dc218..c09e7f3 100755 --- a/build-without-openssl.bash +++ b/build-without-openssl.bash @@ -2,9 +2,4 @@ cd "$(dirname "$0")" -CGO_ENABLED=0 source ./build.bash -tags without_openssl - -if ldd gocryptfs 2> /dev/null ; then - echo "build-without-openssl.bash: error: compiled binary is not static" - exit 1 -fi +CGO_ENABLED=0 source ./build.bash diff --git a/cli_args.go b/cli_args.go index 4101b86..e690e15 100644 --- a/cli_args.go +++ b/cli_args.go @@ -84,7 +84,7 @@ func prefixOArgs(osArgs []string) ([]string, error) { if osArgs[i] == "-o" { // Last argument? if i+1 >= len(osArgs) { - return nil, fmt.Errorf("The \"-o\" option requires an argument") + return nil, fmt.Errorf("the \"-o\" option requires an argument") } oOpts = strings.Split(osArgs[i+1], ",") // Skip over the arguments to "-o" diff --git a/contrib/atomicrename/main.go b/contrib/atomicrename/main.go index 394753b..337371c 100644 --- a/contrib/atomicrename/main.go +++ b/contrib/atomicrename/main.go @@ -4,7 +4,6 @@ import ( "bytes" "flag" "fmt" - "io/ioutil" "os" "strings" "sync/atomic" @@ -49,7 +48,7 @@ func main() { srcFiles[srcName] = struct{}{} buf := bytes.Repeat([]byte("_"), i) buf = append(buf, hello...) - if err := ioutil.WriteFile(srcName, buf, 0600); err != nil { + if err := os.WriteFile(srcName, buf, 0600); err != nil { panic(err) } fmt.Print(".") @@ -58,7 +57,7 @@ func main() { // prepare destination file const dstName = "dst.atomicrename" - if err := ioutil.WriteFile(dstName, hello, 0600); err != nil { + if err := os.WriteFile(dstName, hello, 0600); err != nil { panic(err) } @@ -69,7 +68,7 @@ func main() { // read thread go func() { for atomic.LoadInt32(&running) == 1 { - have, err := ioutil.ReadFile(dstName) + have, err := os.ReadFile(dstName) if err != nil { fmt.Println(err) stats.readError++ diff --git a/contrib/findholes/holes/holes.go b/contrib/findholes/holes/holes.go index 95c9d2b..d298efb 100644 --- a/contrib/findholes/holes/holes.go +++ b/contrib/findholes/holes/holes.go @@ -130,7 +130,7 @@ func Find(fd int) (segments []Segment, err error) { cursor = off if oldCursor == cursor { - return nil, fmt.Errorf("%s\nerror: seek loop!", PrettyPrint(segments)) + return nil, fmt.Errorf("%s\nerror: seek loop", PrettyPrint(segments)) } } return segments, nil @@ -4,7 +4,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "os/signal" "path/filepath" @@ -264,7 +263,7 @@ func fsck(args *argContainer) (exitcode int) { args.allow_other = false args.ro = true var err error - args.mountpoint, err = ioutil.TempDir("", "gocryptfs.fsck.") + args.mountpoint, err = os.MkdirTemp("", "gocryptfs.fsck.") if err != nil { tlog.Fatal.Printf("fsck: TmpDir: %v", err) os.Exit(exitcodes.MountPoint) @@ -3,8 +3,8 @@ module github.com/rfjakob/gocryptfs/v2 go 1.19 require ( - github.com/aperturerobotics/jacobsa-crypto v1.0.2 - github.com/hanwen/go-fuse/v2 v2.7.3-0.20250306214706-e3463465126a + github.com/aperturerobotics/jacobsa-crypto v1.1.0 + github.com/hanwen/go-fuse/v2 v2.8.0 github.com/moby/sys/mountinfo v0.7.2 github.com/pkg/xattr v0.4.9 github.com/rfjakob/eme v1.1.2 @@ -1,9 +1,9 @@ -github.com/aperturerobotics/jacobsa-crypto v1.0.2 h1:tNvVy1rev9FagnOyBmTcI6d23FfNceG9IujZROTRtlc= -github.com/aperturerobotics/jacobsa-crypto v1.0.2/go.mod h1:buWU1iY+FjIcfpb1aYfFJZfl07WlS7O30lTyC2iwjv8= +github.com/aperturerobotics/jacobsa-crypto v1.1.0 h1:0hig54FMzU80OHrqSfqmj/W8HydRymVdz2K6D9Guffs= +github.com/aperturerobotics/jacobsa-crypto v1.1.0/go.mod h1:buWU1iY+FjIcfpb1aYfFJZfl07WlS7O30lTyC2iwjv8= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/hanwen/go-fuse/v2 v2.7.3-0.20250306214706-e3463465126a h1:Q+A/Qcj02oRubB/7+18SGNxAG/GtnoXxf0UKRJ2/ZE4= -github.com/hanwen/go-fuse/v2 v2.7.3-0.20250306214706-e3463465126a/go.mod h1:yE6D2PqWwm3CbYRxFXV9xUd8Md5d6NG0WBs5spCswmI= +github.com/hanwen/go-fuse/v2 v2.8.0 h1:wV8rG7rmCz8XHSOwBZhG5YcVqcYjkzivjmbaMafPlAs= +github.com/hanwen/go-fuse/v2 v2.8.0/go.mod h1:yE6D2PqWwm3CbYRxFXV9xUd8Md5d6NG0WBs5spCswmI= github.com/jacobsa/oglematchers v0.0.0-20150720000706-141901ea67cd h1:9GCSedGjMcLZCrusBZuo4tyKLpKUPenUUqi34AkuFmA= github.com/jacobsa/oglemock v0.0.0-20150831005832-e94d794d06ff h1:2xRHTvkpJ5zJmglXLRqHiZQNjUoOkhUyhTAhEQvPAWw= github.com/jacobsa/ogletest v0.0.0-20170503003838-80d50a735a11 h1:BMb8s3ENQLt5ulwVIHVDWFHp8eIXmbfSExkvdn9qMXI= diff --git a/gocryptfs-xray/xray_tests/xray_test.go b/gocryptfs-xray/xray_tests/xray_test.go index 6dc7c13..e9b9eab 100644 --- a/gocryptfs-xray/xray_tests/xray_test.go +++ b/gocryptfs-xray/xray_tests/xray_test.go @@ -3,7 +3,7 @@ package xray_tests import ( "bytes" "fmt" - "io/ioutil" + "os" "os/exec" "testing" @@ -11,7 +11,7 @@ import ( ) func TestAesgcmXray(t *testing.T) { - expected, err := ioutil.ReadFile("aesgcm_fs.xray.txt") + expected, err := os.ReadFile("aesgcm_fs.xray.txt") if err != nil { t.Fatal(err) } @@ -28,7 +28,7 @@ func TestAesgcmXray(t *testing.T) { } func TestAessivXray(t *testing.T) { - expected, err := ioutil.ReadFile("aessiv_fs.xray.txt") + expected, err := os.ReadFile("aessiv_fs.xray.txt") if err != nil { t.Fatal(err) } diff --git a/golint.bash b/golint.bash deleted file mode 100755 index d6fe729..0000000 --- a/golint.bash +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -u - -OUTPUT=$( - golint ./... | \ - grep -v "don't use an underscore in package name" | \ - grep -v "don't use ALL_CAPS in Go names; use CamelCase" | - grep -v "don't use underscores in Go names" -) - -# No output --> all good -if [[ -z $OUTPUT ]] ; then - exit 0 -fi - -echo "golint.bash:" -echo "$OUTPUT" -exit 1 @@ -13,8 +13,8 @@ const tUsage = "" + // helpShort is what gets displayed when passed "-h" or on syntax error. func helpShort() { printVersion() - fmt.Printf("\n") - fmt.Printf(tUsage) + fmt.Print("\n") + fmt.Print(tUsage) fmt.Printf(` Common Options (use -hh to show all): -aessiv Use AES-SIV encryption (with -init) @@ -48,8 +48,8 @@ Common Options (use -hh to show all): // helpLong gets only displayed on "-hh" func helpLong() { printVersion() - fmt.Printf("\n") - fmt.Printf(tUsage) + fmt.Print("\n") + fmt.Print(tUsage) fmt.Printf(` Notes: All options can equivalently use "-" (single dash) or "--" (double dash). A standalone "--" stops option parsing. diff --git a/init_dir.go b/init_dir.go index d79a4b7..3546084 100644 --- a/init_dir.go +++ b/init_dir.go @@ -2,7 +2,6 @@ package main import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -26,7 +25,7 @@ func isEmptyDir(dir string) error { if err != nil { return err } - entries, err := ioutil.ReadDir(dir) + entries, err := os.ReadDir(dir) if err != nil { return err } diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index 995a0c8..28a1ca5 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -5,7 +5,6 @@ package configfile import ( "encoding/json" "fmt" - "io/ioutil" "syscall" "os" @@ -183,12 +182,12 @@ func Load(filename string) (*ConfFile, error) { cf.filename = filename // Read from disk - js, err := ioutil.ReadFile(filename) + js, err := os.ReadFile(filename) if err != nil { return nil, err } if len(js) == 0 { - return nil, fmt.Errorf("Config file is empty") + return nil, fmt.Errorf("config file is empty") } // Unmarshal diff --git a/internal/configfile/scrypt.go b/internal/configfile/scrypt.go index 0ce8777..f6201ba 100644 --- a/internal/configfile/scrypt.go +++ b/internal/configfile/scrypt.go @@ -87,19 +87,19 @@ func (s *ScryptKDF) LogN() int { func (s *ScryptKDF) validateParams() error { minN := 1 << scryptMinLogN if s.N < minN { - return fmt.Errorf("Fatal: scryptn below 10 is too low to make sense") + return fmt.Errorf("fatal: scryptn below 10 is too low to make sense") } if s.R < scryptMinR { - return fmt.Errorf("Fatal: scrypt parameter R below minimum: value=%d, min=%d", s.R, scryptMinR) + return fmt.Errorf("fatal: scrypt parameter R below minimum: value=%d, min=%d", s.R, scryptMinR) } if s.P < scryptMinP { - return fmt.Errorf("Fatal: scrypt parameter P below minimum: value=%d, min=%d", s.P, scryptMinP) + return fmt.Errorf("fatal: scrypt parameter P below minimum: value=%d, min=%d", s.P, scryptMinP) } if len(s.Salt) < scryptMinSaltLen { - return fmt.Errorf("Fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen) + return fmt.Errorf("fatal: scrypt salt length below minimum: value=%d, min=%d", len(s.Salt), scryptMinSaltLen) } if s.KeyLen < cryptocore.KeyLen { - return fmt.Errorf("Fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen) + return fmt.Errorf("fatal: scrypt parameter KeyLen below minimum: value=%d, min=%d", s.KeyLen, cryptocore.KeyLen) } return nil } diff --git a/internal/configfile/validate.go b/internal/configfile/validate.go index ab8917d..5428a7b 100644 --- a/internal/configfile/validate.go +++ b/internal/configfile/validate.go @@ -9,7 +9,7 @@ import ( // Validate that the combination of settings makes sense and is supported func (cf *ConfFile) Validate() error { if cf.Version != contentenc.CurrentVersion { - return fmt.Errorf("Unsupported on-disk format %d", cf.Version) + return fmt.Errorf("unsupported on-disk format %d", cf.Version) } // scrypt params ok? if err := cf.ScryptObject.validateParams(); err != nil { @@ -18,13 +18,13 @@ func (cf *ConfFile) Validate() error { // All feature flags that are in the config file are known? for _, flag := range cf.FeatureFlags { if !isFeatureFlagKnown(flag) { - return fmt.Errorf("Unknown feature flag %q", flag) + return fmt.Errorf("unknown feature flag %q", flag) } } // File content encryption { if cf.IsFeatureFlagSet(FlagXChaCha20Poly1305) && cf.IsFeatureFlagSet(FlagAESSIV) { - return fmt.Errorf("Can't have both XChaCha20Poly1305 and AESSIV feature flags") + return fmt.Errorf("can't have both XChaCha20Poly1305 and AESSIV feature flags") } if cf.IsFeatureFlagSet(FlagAESSIV) && !cf.IsFeatureFlagSet(FlagGCMIV128) { diff --git a/internal/contentenc/bpool.go b/internal/contentenc/bpool.go index c4517d3..c62170d 100644 --- a/internal/contentenc/bpool.go +++ b/internal/contentenc/bpool.go @@ -26,6 +26,7 @@ func (b *bPool) Put(s []byte) { if len(s) != b.sliceLen { log.Panicf("wrong len=%d, want=%d", len(s), b.sliceLen) } + //lint:ignore SA6002 We intentionally pass slice by value to avoid allocation overhead in this specific use case b.Pool.Put(s) } diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index 3005bf5..5bf0b3c 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -151,7 +151,7 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b if len(ciphertext) < be.cryptoCore.IVLen { tlog.Warn.Printf("DecryptBlock: Block is too short: %d bytes", len(ciphertext)) - return nil, errors.New("Block is too short") + return nil, errors.New("block is too short") } // Extract nonce diff --git a/internal/cryptocore/nonce.go b/internal/cryptocore/nonce.go index 9df094c..c800807 100644 --- a/internal/cryptocore/nonce.go +++ b/internal/cryptocore/nonce.go @@ -11,6 +11,8 @@ func RandBytes(n int) []byte { b := make([]byte, n) _, err := rand.Read(b) if err != nil { + // crypto/rand.Read() is documented to never return an + // error, so this should never happen. Still, better safe than sorry. log.Panic("Failed to read random bytes: " + err.Error()) } return b diff --git a/internal/ctlsocksrv/ctlsock_serve.go b/internal/ctlsocksrv/ctlsock_serve.go index 85f5b65..25d1e44 100644 --- a/internal/ctlsocksrv/ctlsock_serve.go +++ b/internal/ctlsocksrv/ctlsock_serve.go @@ -101,7 +101,7 @@ func (ch *ctlSockHandler) handleRequest(in *ctlsock.RequestStruct, conn *net.Uni } // Neither encryption nor encryption has been requested, makes no sense if in.DecryptPath == "" && in.EncryptPath == "" { - err = errors.New("Empty input") + err = errors.New("empty input") sendResponse(conn, err, "", "") return } @@ -118,7 +118,7 @@ func (ch *ctlSockHandler) handleRequest(in *ctlsock.RequestStruct, conn *net.Uni } // Error out if the canonical path is now empty if clean == "" { - err = errors.New("Empty input after canonicalization") + err = errors.New("empty input after canonicalization") sendResponse(conn, err, "", warnText) return } diff --git a/internal/exitcodes/exitcodes.go b/internal/exitcodes/exitcodes.go index 508ba38..881afda 100644 --- a/internal/exitcodes/exitcodes.go +++ b/internal/exitcodes/exitcodes.go @@ -3,7 +3,7 @@ package exitcodes import ( - "fmt" + "errors" "os" ) @@ -83,7 +83,7 @@ type Err struct { // NewErr returns an error containing "msg" and the exit code "code". func NewErr(msg string, code int) Err { return Err{ - error: fmt.Errorf(msg), + error: errors.New(msg), code: code, } } diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go index 103c217..afee158 100644 --- a/internal/fusefrontend/file.go +++ b/internal/fusefrontend/file.go @@ -37,8 +37,6 @@ type File struct { // Every FUSE entrypoint should RLock(). The only user of Lock() is // Release(), which closes the fd and sets "released" to true. fdLock sync.RWMutex - // Content encryption helper - contentEnc *contentenc.ContentEnc // Device and inode number uniquely identify the backing file qIno inomap.QIno // Entry in the open file table @@ -73,7 +71,6 @@ func NewFile(fd int, cName string, rn *RootNode) (f *File, st *syscall.Stat_t, e f = &File{ fd: osFile, - contentEnc: rn.contentEnc, qIno: qi, fileTableEntry: e, rootNode: rn, @@ -177,7 +174,7 @@ func (f *File) doRead(dst []byte, off uint64, length uint64) ([]byte, syscall.Er log.Panicf("fileID=%v", fileID) } // Read the backing ciphertext in one go - blocks := f.contentEnc.ExplodePlainRange(off, length) + blocks := f.rootNode.contentEnc.ExplodePlainRange(off, length) alignedOffset, alignedLength := blocks[0].JointCiphertextRange(blocks) // f.fd.ReadAt takes an int64! if alignedOffset > math.MaxInt64 { @@ -206,10 +203,10 @@ func (f *File) doRead(dst []byte, off uint64, length uint64) ([]byte, syscall.Er tlog.Debug.Printf("ReadAt offset=%d bytes (%d blocks), want=%d, got=%d", alignedOffset, firstBlockNo, alignedLength, n) // Decrypt it - plaintext, err := f.contentEnc.DecryptBlocks(ciphertext, firstBlockNo, fileID) + plaintext, err := f.rootNode.contentEnc.DecryptBlocks(ciphertext, firstBlockNo, fileID) f.rootNode.contentEnc.CReqPool.Put(ciphertext) if err != nil { - corruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext))) + corruptBlockNo := firstBlockNo + f.rootNode.contentEnc.PlainOffToBlockNo(uint64(len(plaintext))) tlog.Warn.Printf("doRead %d: corrupt block #%d: %v", f.qIno.Ino, corruptBlockNo, err) return nil, syscall.EIO } @@ -287,20 +284,20 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) { } // Handle payload data dataBuf := bytes.NewBuffer(data) - blocks := f.contentEnc.ExplodePlainRange(uint64(off), uint64(len(data))) + blocks := f.rootNode.contentEnc.ExplodePlainRange(uint64(off), uint64(len(data))) toEncrypt := make([][]byte, len(blocks)) for i, b := range blocks { blockData := dataBuf.Next(int(b.Length)) // Incomplete block -> Read-Modify-Write if b.IsPartial() { // Read - oldData, errno := f.doRead(nil, b.BlockPlainOff(), f.contentEnc.PlainBS()) + oldData, errno := f.doRead(nil, b.BlockPlainOff(), f.rootNode.contentEnc.PlainBS()) if errno != 0 { tlog.Warn.Printf("ino%d fh%d: RMW read failed: errno=%d", f.qIno.Ino, f.intFd(), errno) return 0, errno } // Modify - blockData = f.contentEnc.MergeBlocks(oldData, blockData, int(b.Skip)) + blockData = f.rootNode.contentEnc.MergeBlocks(oldData, blockData, int(b.Skip)) tlog.Debug.Printf("len(oldData)=%d len(blockData)=%d", len(oldData), len(blockData)) } tlog.Debug.Printf("ino%d: Writing %d bytes to block #%d", @@ -309,7 +306,7 @@ func (f *File) doWrite(data []byte, off int64) (uint32, syscall.Errno) { toEncrypt[i] = blockData } // Encrypt all blocks - ciphertext := f.contentEnc.EncryptBlocks(toEncrypt, blocks[0].BlockNo, f.fileTableEntry.ID) + ciphertext := f.rootNode.contentEnc.EncryptBlocks(toEncrypt, blocks[0].BlockNo, f.fileTableEntry.ID) // Preallocate so we cannot run out of space in the middle of the write. // This prevents partially written (=corrupt) blocks. var err error @@ -439,7 +436,10 @@ func (f *File) Getattr(ctx context.Context, a *fuse.AttrOut) syscall.Errno { } f.rootNode.inoMap.TranslateStat(&st) a.FromStat(&st) - a.Size = f.contentEnc.CipherSizeToPlainSize(a.Size) + if a.IsRegular() { + a.Size = f.rootNode.contentEnc.CipherSizeToPlainSize(a.Size) + } + // TODO: Handle symlink size similar to node.translateSize() if f.rootNode.args.ForceOwner != nil { a.Owner = *f.rootNode.args.ForceOwner } diff --git a/internal/fusefrontend/file_allocate_truncate.go b/internal/fusefrontend/file_allocate_truncate.go index cae796e..a3decf9 100644 --- a/internal/fusefrontend/file_allocate_truncate.go +++ b/internal/fusefrontend/file_allocate_truncate.go @@ -54,7 +54,7 @@ func (f *File) Allocate(ctx context.Context, off uint64, sz uint64, mode uint32) f.fileTableEntry.ContentLock.Lock() defer f.fileTableEntry.ContentLock.Unlock() - blocks := f.contentEnc.ExplodePlainRange(off, sz) + blocks := f.rootNode.contentEnc.ExplodePlainRange(off, sz) firstBlock := blocks[0] lastBlock := blocks[len(blocks)-1] @@ -63,7 +63,7 @@ func (f *File) Allocate(ctx context.Context, off uint64, sz uint64, mode uint32) // the file. cipherOff := firstBlock.BlockCipherOff() cipherSz := lastBlock.BlockCipherOff() - cipherOff + - f.contentEnc.BlockOverhead() + lastBlock.Skip + lastBlock.Length + f.rootNode.contentEnc.BlockOverhead() + lastBlock.Skip + lastBlock.Length err := syscallcompat.Fallocate(f.intFd(), FALLOC_FL_KEEP_SIZE, int64(cipherOff), int64(cipherSz)) tlog.Debug.Printf("Allocate off=%d sz=%d mode=%x cipherOff=%d cipherSz=%d\n", off, sz, mode, cipherOff, cipherSz) @@ -113,8 +113,8 @@ func (f *File) truncate(newSize uint64) (errno syscall.Errno) { return fs.ToErrno(err) } - oldB := float32(oldSize) / float32(f.contentEnc.PlainBS()) - newB := float32(newSize) / float32(f.contentEnc.PlainBS()) + oldB := float32(oldSize) / float32(f.rootNode.contentEnc.PlainBS()) + newB := float32(newSize) / float32(f.rootNode.contentEnc.PlainBS()) tlog.Debug.Printf("ino%d: FUSE Truncate from %.2f to %.2f blocks (%d to %d bytes)", f.qIno.Ino, oldB, newB, oldSize, newSize) // File size stays the same - nothing to do @@ -127,9 +127,9 @@ func (f *File) truncate(newSize uint64) (errno syscall.Errno) { } // File shrinks - blockNo := f.contentEnc.PlainOffToBlockNo(newSize) - cipherOff := f.contentEnc.BlockNoToCipherOff(blockNo) - plainOff := f.contentEnc.BlockNoToPlainOff(blockNo) + blockNo := f.rootNode.contentEnc.PlainOffToBlockNo(newSize) + cipherOff := f.rootNode.contentEnc.BlockNoToCipherOff(blockNo) + plainOff := f.rootNode.contentEnc.BlockNoToPlainOff(blockNo) lastBlockLen := newSize - plainOff var data []byte if lastBlockLen > 0 { @@ -161,7 +161,7 @@ func (f *File) statPlainSize() (uint64, error) { return 0, err } cipherSz := uint64(fi.Size()) - plainSz := uint64(f.contentEnc.CipherSizeToPlainSize(cipherSz)) + plainSz := uint64(f.rootNode.contentEnc.CipherSizeToPlainSize(cipherSz)) return plainSz, nil } @@ -174,8 +174,8 @@ func (f *File) truncateGrowFile(oldPlainSz uint64, newPlainSz uint64) syscall.Er } newEOFOffset := newPlainSz - 1 if oldPlainSz > 0 { - n1 := f.contentEnc.PlainOffToBlockNo(oldPlainSz - 1) - n2 := f.contentEnc.PlainOffToBlockNo(newEOFOffset) + n1 := f.rootNode.contentEnc.PlainOffToBlockNo(oldPlainSz - 1) + n2 := f.rootNode.contentEnc.PlainOffToBlockNo(newEOFOffset) // The file is grown within one block, no need to pad anything. // Write a single zero to the last byte and let doWrite figure out the RMW. if n1 == n2 { @@ -194,7 +194,7 @@ func (f *File) truncateGrowFile(oldPlainSz uint64, newPlainSz uint64) syscall.Er } // The new size is block-aligned. In this case we can do everything ourselves // and avoid the call to doWrite. - if newPlainSz%f.contentEnc.PlainBS() == 0 { + if newPlainSz%f.rootNode.contentEnc.PlainBS() == 0 { // The file was empty, so it did not have a header. Create one. if oldPlainSz == 0 { id, err := f.createHeader() @@ -203,7 +203,7 @@ func (f *File) truncateGrowFile(oldPlainSz uint64, newPlainSz uint64) syscall.Er } f.fileTableEntry.ID = id } - cSz := int64(f.contentEnc.PlainSizeToCipherSize(newPlainSz)) + cSz := int64(f.rootNode.contentEnc.PlainSizeToCipherSize(newPlainSz)) err := syscall.Ftruncate(f.intFd(), cSz) if err != nil { tlog.Warn.Printf("Truncate: grow Ftruncate returned error: %v", err) diff --git a/internal/fusefrontend/file_holes.go b/internal/fusefrontend/file_holes.go index f35fa70..fc58898 100644 --- a/internal/fusefrontend/file_holes.go +++ b/internal/fusefrontend/file_holes.go @@ -21,12 +21,12 @@ func (f *File) writePadHole(targetOff int64) syscall.Errno { tlog.Warn.Printf("checkAndPadHole: Fstat failed: %v", err) return fs.ToErrno(err) } - plainSize := f.contentEnc.CipherSizeToPlainSize(uint64(fi.Size())) + plainSize := f.rootNode.contentEnc.CipherSizeToPlainSize(uint64(fi.Size())) // Appending a single byte to the file (equivalent to writing to // offset=plainSize) would write to "nextBlock". - nextBlock := f.contentEnc.PlainOffToBlockNo(plainSize) + nextBlock := f.rootNode.contentEnc.PlainOffToBlockNo(plainSize) // targetBlock is the block the user wants to write to. - targetBlock := f.contentEnc.PlainOffToBlockNo(uint64(targetOff)) + targetBlock := f.rootNode.contentEnc.PlainOffToBlockNo(uint64(targetOff)) // The write goes into an existing block or (if the last block was full) // starts a new one directly after the last block. Nothing to do. if targetBlock <= nextBlock { @@ -45,12 +45,12 @@ func (f *File) writePadHole(targetOff int64) syscall.Errno { // Zero-pad the file of size plainSize to the next block boundary. This is a no-op // if the file is already block-aligned. func (f *File) zeroPad(plainSize uint64) syscall.Errno { - lastBlockLen := plainSize % f.contentEnc.PlainBS() + lastBlockLen := plainSize % f.rootNode.contentEnc.PlainBS() if lastBlockLen == 0 { // Already block-aligned return 0 } - missing := f.contentEnc.PlainBS() - lastBlockLen + missing := f.rootNode.contentEnc.PlainBS() - lastBlockLen pad := make([]byte, missing) tlog.Debug.Printf("zeroPad: Writing %d bytes\n", missing) _, errno := f.doWrite(pad, int64(plainSize)) diff --git a/internal/fusefrontend/node.go b/internal/fusefrontend/node.go index 91c947e..95be48d 100644 --- a/internal/fusefrontend/node.go +++ b/internal/fusefrontend/node.go @@ -75,26 +75,50 @@ func (n *Node) Getattr(ctx context.Context, f fs.FileHandle, out *fuse.AttrOut) return fga.Getattr(ctx, out) } } + rn := n.rootNode() + var st *syscall.Stat_t + var err error dirfd, cName, errno := n.prepareAtSyscallMyself() + // Hack for deleted fifos. As OPEN on a fifo does not reach + // the filesystem, we have no fd to access it. To make "cat" and git's + // t9300-fast-import.sh happy, we fake it as best as we can. + // https://github.com/rfjakob/gocryptfs/issues/929 + if errno == syscall.ENOENT && n.StableAttr().Mode == syscall.S_IFIFO { + out.Mode = syscall.S_IFIFO + out.Ino = n.StableAttr().Ino + // cat looks at this to determine the optimal io size. Seems to be always 4096 for fifos. + out.Blksize = 4096 + // We don't know what the owner was. Set it to nobody which seems safer + // than leaving it at 0 (root). + out.Owner.Gid = 65534 + out.Owner.Uid = 65534 + // All the other fields stay 0. This is what cat sees (strace -v log): + // + // fstat(1, {st_dev=makedev(0, 0x4d), st_ino=3838227, st_mode=S_IFIFO|000, st_nlink=0, + // st_uid=65534, st_gid=65534, st_blksize=4096, st_blocks=0, st_size=0, st_atime=0, + // st_atime_nsec=0, st_mtime=0, st_mtime_nsec=0, st_ctime=0, st_ctime_nsec=0}) = 0 + goto out + } if errno != 0 { return } + defer syscall.Close(dirfd) - st, err := syscallcompat.Fstatat2(dirfd, cName, unix.AT_SYMLINK_NOFOLLOW) + st, err = syscallcompat.Fstatat2(dirfd, cName, unix.AT_SYMLINK_NOFOLLOW) if err != nil { return fs.ToErrno(err) } // Fix inode number - rn := n.rootNode() rn.inoMap.TranslateStat(st) out.Attr.FromStat(st) // Translate ciphertext size in `out.Attr.Size` to plaintext size n.translateSize(dirfd, cName, &out.Attr) +out: if rn.args.ForceOwner != nil { out.Owner = *rn.args.ForceOwner } diff --git a/internal/fusefrontend/node_dir_ops.go b/internal/fusefrontend/node_dir_ops.go index 11ff83d..97327ce 100644 --- a/internal/fusefrontend/node_dir_ops.go +++ b/internal/fusefrontend/node_dir_ops.go @@ -136,12 +136,6 @@ func (n *Node) Mkdir(ctx context.Context, name string, mode uint32, out *fuse.En } defer syscall.Close(fd) - err = syscall.Fstat(fd, &st) - if err != nil { - tlog.Warn.Printf("Mkdir %q: Fstat failed: %v", cName, err) - return nil, fs.ToErrno(err) - } - // Fix permissions if origMode != mode { // Preserve SGID bit if it was set due to inheritance. @@ -150,7 +144,12 @@ func (n *Node) Mkdir(ctx context.Context, name string, mode uint32, out *fuse.En if err != nil { tlog.Warn.Printf("Mkdir %q: Fchmod %#o -> %#o failed: %v", cName, mode, origMode, err) } + } + err = syscall.Fstat(fd, &st) + if err != nil { + tlog.Warn.Printf("Mkdir %q: Fstat failed: %v", cName, err) + return nil, fs.ToErrno(err) } // Create child node & return diff --git a/internal/fusefrontend/node_helpers.go b/internal/fusefrontend/node_helpers.go index f5dfeb6..e8fca80 100644 --- a/internal/fusefrontend/node_helpers.go +++ b/internal/fusefrontend/node_helpers.go @@ -2,7 +2,6 @@ package fusefrontend import ( "context" - "sync/atomic" "syscall" "github.com/hanwen/go-fuse/v2/fs" @@ -91,12 +90,12 @@ func (n *Node) newChild(ctx context.Context, st *syscall.Stat_t, out *fuse.Entry if rn.args.SharedStorage || rn.quirks&syscallcompat.QuirkDuplicateIno1 != 0 { // Make each directory entry a unique node by using a unique generation // value - see the comment at RootNode.gen for details. - gen = atomic.AddUint64(&rn.gen, 1) + gen = rn.gen.Add(1) } // Create child node id := fs.StableAttr{ - Mode: uint32(st.Mode), + Mode: uint32(st.Mode), // go-fuse masks this with syscall.S_IFMT Gen: gen, Ino: st.Ino, } diff --git a/internal/fusefrontend/node_prepare_syscall.go b/internal/fusefrontend/node_prepare_syscall.go index 2a4d6ab..9021350 100644 --- a/internal/fusefrontend/node_prepare_syscall.go +++ b/internal/fusefrontend/node_prepare_syscall.go @@ -1,7 +1,6 @@ package fusefrontend import ( - "sync/atomic" "syscall" "github.com/rfjakob/gocryptfs/v2/internal/tlog" @@ -24,7 +23,7 @@ func (n *Node) prepareAtSyscall(child string) (dirfd int, cName string, errno sy // All filesystem operations go through here, so this is a good place // to reset the idle marker. - atomic.StoreUint32(&rn.IsIdle, 0) + rn.IsIdle.Store(false) if n.IsRoot() && rn.isFiltered(child) { return -1, "", syscall.EPERM diff --git a/internal/fusefrontend/prepare_syscall_test.go b/internal/fusefrontend/prepare_syscall_test.go index acddaf3..e2c7d08 100644 --- a/internal/fusefrontend/prepare_syscall_test.go +++ b/internal/fusefrontend/prepare_syscall_test.go @@ -1,6 +1,7 @@ package fusefrontend import ( + "context" "strings" "syscall" "testing" @@ -22,13 +23,13 @@ func TestPrepareAtSyscall(t *testing.T) { rn := newTestFS(args) out := &fuse.EntryOut{} - child, errno := rn.Mkdir(nil, "dir1", 0700, out) + child, errno := rn.Mkdir(context.TODO(), "dir1", 0700, out) if errno != 0 { t.Fatal(errno) } rn.AddChild("dir1", child, false) dir1 := toNode(child.Operations()) - _, errno = dir1.Mkdir(nil, "dir2", 0700, out) + _, errno = dir1.Mkdir(context.TODO(), "dir2", 0700, out) if errno != 0 { t.Fatal(errno) } @@ -43,7 +44,7 @@ func TestPrepareAtSyscall(t *testing.T) { syscall.Close(dirfd) // Again, but populate the cache for "" by looking up a non-existing file - rn.Lookup(nil, "xyz1234", &fuse.EntryOut{}) + rn.Lookup(context.TODO(), "xyz1234", &fuse.EntryOut{}) dirfd, cName, errno = rn.prepareAtSyscallMyself() if errno != 0 { t.Fatal(errno) @@ -89,7 +90,7 @@ func TestPrepareAtSyscall(t *testing.T) { syscall.Close(dirfd) n255 := strings.Repeat("n", 255) - dir1.Mkdir(nil, n255, 0700, out) + dir1.Mkdir(context.TODO(), n255, 0700, out) dirfd, cName, errno = dir1.prepareAtSyscall(n255) if errno != 0 { t.Fatal(errno) @@ -116,13 +117,13 @@ func TestPrepareAtSyscallPlaintextnames(t *testing.T) { rn := newTestFS(args) out := &fuse.EntryOut{} - child, errno := rn.Mkdir(nil, "dir1", 0700, out) + child, errno := rn.Mkdir(context.TODO(), "dir1", 0700, out) if errno != 0 { t.Fatal(errno) } rn.AddChild("dir1", child, false) dir1 := toNode(child.Operations()) - _, errno = dir1.Mkdir(nil, "dir2", 0700, out) + _, errno = dir1.Mkdir(context.TODO(), "dir2", 0700, out) if errno != 0 { t.Fatal(errno) } diff --git a/internal/fusefrontend/root_node.go b/internal/fusefrontend/root_node.go index ac814ad..8464c5f 100644 --- a/internal/fusefrontend/root_node.go +++ b/internal/fusefrontend/root_node.go @@ -4,6 +4,7 @@ import ( "os" "strings" "sync" + "sync/atomic" "syscall" "time" @@ -44,7 +45,7 @@ type RootNode struct { // (uint32 so that it can be reset with CompareAndSwapUint32). // When -idle was used when mounting, idleMonitor() sets it to 1 // periodically. - IsIdle uint32 + IsIdle atomic.Bool // dirCache caches directory fds dirCache dirCache // inoMap translates inode numbers from different devices to unique inode @@ -55,7 +56,7 @@ type RootNode struct { // This makes each directory entry unique (even hard links), // makes go-fuse hand out separate FUSE Node IDs for each, and prevents // bizarre problems when inode numbers are reused behind our back. - gen uint64 + gen atomic.Uint64 // quirks is a bitmap that enables workaround for quirks in the filesystem // backing the cipherdir quirks uint64 diff --git a/internal/fusefrontend/xattr_unit_test.go b/internal/fusefrontend/xattr_unit_test.go index 86c87a7..7d8e32e 100644 --- a/internal/fusefrontend/xattr_unit_test.go +++ b/internal/fusefrontend/xattr_unit_test.go @@ -21,10 +21,10 @@ func newTestFS(args Args) *RootNode { cEnc := contentenc.New(cCore, contentenc.DefaultBS) n := nametransform.New(cCore.EMECipher, true, 0, true, nil, false) rn := NewRootNode(args, cEnc, n) - oneSec := time.Second + oneSecond := time.Second options := &fs.Options{ - EntryTimeout: &oneSec, - AttrTimeout: &oneSec, + EntryTimeout: &oneSecond, + AttrTimeout: &oneSecond, } fs.NewNodeFS(rn, options) return rn diff --git a/internal/fusefrontend_reverse/excluder.go b/internal/fusefrontend_reverse/excluder.go index 0faadfa..1cb4b80 100644 --- a/internal/fusefrontend_reverse/excluder.go +++ b/internal/fusefrontend_reverse/excluder.go @@ -1,7 +1,6 @@ package fusefrontend_reverse import ( - "io/ioutil" "log" "os" "strings" @@ -50,7 +49,7 @@ func getExclusionPatterns(args fusefrontend.Args) []string { // getLines reads a file and splits it into lines func getLines(file string) ([]string, error) { - buffer, err := ioutil.ReadFile(file) + buffer, err := os.ReadFile(file) if err != nil { return nil, err } diff --git a/internal/fusefrontend_reverse/excluder_test.go b/internal/fusefrontend_reverse/excluder_test.go index bb041ce..b44ddce 100644 --- a/internal/fusefrontend_reverse/excluder_test.go +++ b/internal/fusefrontend_reverse/excluder_test.go @@ -1,7 +1,6 @@ package fusefrontend_reverse import ( - "io/ioutil" "os" "reflect" "testing" @@ -23,7 +22,7 @@ func TestShouldPrefixExcludeValuesWithSlash(t *testing.T) { } func TestShouldReadExcludePatternsFromFiles(t *testing.T) { - tmpfile1, err := ioutil.TempFile("", "excludetest") + tmpfile1, err := os.CreateTemp("", "excludetest") if err != nil { t.Fatal(err) } @@ -31,7 +30,7 @@ func TestShouldReadExcludePatternsFromFiles(t *testing.T) { defer os.Remove(exclude1) defer tmpfile1.Close() - tmpfile2, err := ioutil.TempFile("", "excludetest") + tmpfile2, err := os.CreateTemp("", "excludetest") if err != nil { t.Fatal(err) } diff --git a/internal/fusefrontend_reverse/node_helpers.go b/internal/fusefrontend_reverse/node_helpers.go index 898587b..3165db6 100644 --- a/internal/fusefrontend_reverse/node_helpers.go +++ b/internal/fusefrontend_reverse/node_helpers.go @@ -24,7 +24,6 @@ const ( // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. - shortNameMax = 175 ) // translateSize translates the ciphertext size in `out` into plaintext size. diff --git a/internal/fusefrontend_reverse/root_node.go b/internal/fusefrontend_reverse/root_node.go index c0ef814..9c2de28 100644 --- a/internal/fusefrontend_reverse/root_node.go +++ b/internal/fusefrontend_reverse/root_node.go @@ -50,7 +50,7 @@ type RootNode struct { // makes go-fuse hand out separate FUSE Node IDs for each, and prevents // bizarre problems when inode numbers are reused behind our back, // like this one: https://github.com/rfjakob/gocryptfs/issues/802 - gen uint64 + gen atomic.Uint64 // rootIno is the inode number that we report for the root node on mount rootIno uint64 } @@ -175,7 +175,7 @@ func (rn *RootNode) uniqueStableAttr(mode uint32, ino uint64) fs.StableAttr { Ino: ino, // Make each directory entry a unique node by using a unique generation // value. Also see the comment at RootNode.gen for details. - Gen: atomic.AddUint64(&rn.gen, 1), + Gen: rn.gen.Add(1), } } diff --git a/internal/inomap/inomap.go b/internal/inomap/inomap.go index b4dbf27..5749202 100644 --- a/internal/inomap/inomap.go +++ b/internal/inomap/inomap.go @@ -45,7 +45,7 @@ type InoMap struct { // spill is used once the namespaces map is full spillMap map[QIno]uint64 // spillNext is the next free inode number in the spill map - spillNext uint64 + spillNext atomic.Uint64 } // New returns a new InoMap. @@ -57,8 +57,9 @@ func New(rootDev uint64) *InoMap { namespaceMap: make(map[namespaceData]uint16), namespaceNext: 0, spillMap: make(map[QIno]uint64), - spillNext: spillSpaceStart, } + m.spillNext.Store(spillSpaceStart) + if rootDev > 0 { // Reserve namespace 0 for rootDev m.namespaceMap[namespaceData{rootDev, 0}] = 0 @@ -74,10 +75,10 @@ var spillWarn sync.Once // Reverse mode NextSpillIno() for gocryptfs.longname.*.name files where a stable // mapping is not needed. func (m *InoMap) NextSpillIno() (out uint64) { - if m.spillNext == math.MaxUint64 { - log.Panicf("spillMap overflow: spillNext = 0x%x", m.spillNext) + if m.spillNext.Load() == math.MaxUint64 { + log.Panicf("spillMap overflow: spillNext = 0x%x", m.spillNext.Load()) } - return atomic.AddUint64(&m.spillNext, 1) - 1 + return m.spillNext.Add(1) - 1 } func (m *InoMap) spill(in QIno) (out uint64) { diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go index 7929c40..5dd4940 100644 --- a/internal/nametransform/diriv.go +++ b/internal/nametransform/diriv.go @@ -67,7 +67,7 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) { func WriteDirIVAt(dirfd int) error { iv := cryptocore.RandBytes(DirIVLen) // 0400 permissions: gocryptfs.diriv should never be modified after creation. - // Don't use "ioutil.WriteFile", it causes trouble on NFS: + // Don't use "os.WriteFile", it causes trouble on NFS: // https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, dirivPerms) if err != nil { diff --git a/internal/nametransform/pad16.go b/internal/nametransform/pad16.go index 833be0e..2c2466a 100644 --- a/internal/nametransform/pad16.go +++ b/internal/nametransform/pad16.go @@ -32,10 +32,10 @@ func pad16(orig []byte) (padded []byte) { func unPad16(padded []byte) ([]byte, error) { oldLen := len(padded) if oldLen == 0 { - return nil, errors.New("Empty input") + return nil, errors.New("empty input") } if oldLen%aes.BlockSize != 0 { - return nil, errors.New("Unaligned size") + return nil, errors.New("unaligned size") } // The last byte is always a padding byte padByte := padded[oldLen-1] @@ -43,20 +43,20 @@ func unPad16(padded []byte) ([]byte, error) { padLen := int(padByte) // Padding must be at least 1 byte if padLen == 0 { - return nil, errors.New("Padding cannot be zero-length") + return nil, errors.New("padding cannot be zero-length") } // Padding more than 16 bytes make no sense if padLen > aes.BlockSize { - return nil, fmt.Errorf("Padding too long, padLen=%d > 16", padLen) + return nil, fmt.Errorf("padding too long, padLen=%d > 16", padLen) } // Padding cannot be as long as (or longer than) the whole string, if padLen >= oldLen { - return nil, fmt.Errorf("Padding too long, oldLen=%d >= padLen=%d", oldLen, padLen) + return nil, fmt.Errorf("padding too long, oldLen=%d >= padLen=%d", oldLen, padLen) } // All padding bytes must be identical for i := oldLen - padLen; i < oldLen; i++ { if padded[i] != padByte { - return nil, fmt.Errorf("Padding byte at i=%d is invalid", i) + return nil, fmt.Errorf("padding byte at i=%d is invalid", i) } } newLen := oldLen - padLen diff --git a/internal/openfiletable/open_file_table.go b/internal/openfiletable/open_file_table.go index ce8df76..420d070 100644 --- a/internal/openfiletable/open_file_table.go +++ b/internal/openfiletable/open_file_table.go @@ -29,7 +29,7 @@ type table struct { // The variable is accessed without holding any locks so atomic operations // must be used. It must be the first element of the struct to guarantee // 64-bit alignment. - writeOpCount uint64 + writeOpCount atomic.Uint64 // Protects map access sync.Mutex // Table entries @@ -85,13 +85,13 @@ type countingMutex struct { func (c *countingMutex) Lock() { c.RWMutex.Lock() - atomic.AddUint64(&t.writeOpCount, 1) + t.writeOpCount.Add(1) } // WriteOpCount returns the write lock counter value. This value is incremented // each time writeLock.Lock() on a file table entry is called. func WriteOpCount() uint64 { - return atomic.LoadUint64(&t.writeOpCount) + return t.writeOpCount.Load() } // CountOpenFiles returns how many entries are currently in the table diff --git a/internal/readpassword/read.go b/internal/readpassword/read.go index 582a104..9193ae8 100644 --- a/internal/readpassword/read.go +++ b/internal/readpassword/read.go @@ -58,7 +58,7 @@ func Twice(extpass []string, passfile []string) ([]byte, error) { return nil, err } if !bytes.Equal(p1, p2) { - return nil, fmt.Errorf("Passwords do not match") + return nil, fmt.Errorf("passwords do not match") } // Wipe the password duplicate from memory for i := range p2 { @@ -71,15 +71,15 @@ func Twice(extpass []string, passfile []string) ([]byte, error) { // Exits on read error or empty result. func readPasswordTerminal(prompt string) ([]byte, error) { fd := int(os.Stdin.Fd()) - fmt.Fprintf(os.Stderr, prompt) + fmt.Fprint(os.Stderr, prompt) // term.ReadPassword removes the trailing newline p, err := term.ReadPassword(fd) if err != nil { - return nil, fmt.Errorf("Could not read password from terminal: %v\n", err) + return nil, fmt.Errorf("could not read password from terminal: %v", err) } fmt.Fprintf(os.Stderr, "\n") if len(p) == 0 { - return nil, fmt.Errorf("Password is empty") + return nil, fmt.Errorf("password is empty") } return p, nil } @@ -100,7 +100,7 @@ func readPasswordStdin(prompt string) ([]byte, error) { return nil, err } if len(p) == 0 { - return nil, fmt.Errorf("Got empty %s from stdin", prompt) + return nil, fmt.Errorf("got empty %s from stdin", prompt) } return p, nil } diff --git a/internal/siv_aead/correctness_test.go b/internal/siv_aead/correctness_test.go index 0653e26..7be97bc 100644 --- a/internal/siv_aead/correctness_test.go +++ b/internal/siv_aead/correctness_test.go @@ -50,7 +50,7 @@ func TestK32(t *testing.T) { expectedResult, _ := hex.DecodeString( "02020202020202020202020202020202ad7a4010649a84d8c1dd5f752e935eed57d45b8b10008f3834") if !bytes.Equal(aResult, expectedResult) { - t.Errorf(hex.EncodeToString(aResult)) + t.Error(hex.EncodeToString(aResult)) } // Verify overhead overhead := len(aResult) - len(plaintext) - len(nonce) @@ -108,7 +108,7 @@ func TestK64(t *testing.T) { expectedResult, _ := hex.DecodeString( "02020202020202020202020202020202317b316f67c3ad336c01c9a01b4c5e552ba89e966bc4c1ade1") if !bytes.Equal(aResult, expectedResult) { - t.Errorf(hex.EncodeToString(aResult)) + t.Error(hex.EncodeToString(aResult)) } // Verify overhead overhead := len(aResult) - len(plaintext) - len(nonce) diff --git a/internal/speed/cpuinfo.go b/internal/speed/cpuinfo.go index df3177d..636a4f0 100644 --- a/internal/speed/cpuinfo.go +++ b/internal/speed/cpuinfo.go @@ -1,7 +1,7 @@ package speed import ( - "io/ioutil" + "io" "os" "runtime" "strings" @@ -33,7 +33,7 @@ func cpuModelName() string { if err != nil { return "" } - content, err := ioutil.ReadAll(f) + content, err := io.ReadAll(f) if err != nil { return "" } diff --git a/internal/stupidgcm/chacha.go b/internal/stupidgcm/chacha.go index de0c2e8..c500ea5 100644 --- a/internal/stupidgcm/chacha.go +++ b/internal/stupidgcm/chacha.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/chacha_test.go b/internal/stupidgcm/chacha_test.go index 542ff15..356c813 100644 --- a/internal/stupidgcm/chacha_test.go +++ b/internal/stupidgcm/chacha_test.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/common.go b/internal/stupidgcm/common.go index d88dc62..03698b9 100644 --- a/internal/stupidgcm/common.go +++ b/internal/stupidgcm/common.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/common_test.go b/internal/stupidgcm/common_test.go index 7f38e90..633f279 100644 --- a/internal/stupidgcm/common_test.go +++ b/internal/stupidgcm/common_test.go @@ -1,5 +1,4 @@ //go:build cgo && !without_openssl -// +build cgo,!without_openssl package stupidgcm diff --git a/internal/stupidgcm/gcm.go b/internal/stupidgcm/gcm.go index 2e5aac4..274d3df 100644 --- a/internal/stupidgcm/gcm.go +++ b/internal/stupidgcm/gcm.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/gcm_test.go b/internal/stupidgcm/gcm_test.go index c730a87..041dcab 100644 --- a/internal/stupidgcm/gcm_test.go +++ b/internal/stupidgcm/gcm_test.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl // We compare against Go's built-in GCM implementation. Since stupidgcm only // supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot diff --git a/internal/stupidgcm/locking.go b/internal/stupidgcm/locking.go index 04cf232..00cc361 100644 --- a/internal/stupidgcm/locking.go +++ b/internal/stupidgcm/locking.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/openssl.go b/internal/stupidgcm/openssl.go index 8c950f8..3a72f9c 100644 --- a/internal/stupidgcm/openssl.go +++ b/internal/stupidgcm/openssl.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/stupidgcm/openssl_aead.c b/internal/stupidgcm/openssl_aead.c index e02466f..a7f4f59 100644 --- a/internal/stupidgcm/openssl_aead.c +++ b/internal/stupidgcm/openssl_aead.c @@ -1,4 +1,4 @@ -// +build !without_openssl +//go:build cgo && !without_openssl #include "openssl_aead.h" #include <openssl/evp.h> diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go index fcef793..c59ebe6 100644 --- a/internal/stupidgcm/without_openssl.go +++ b/internal/stupidgcm/without_openssl.go @@ -1,5 +1,4 @@ -//go:build without_openssl -// +build without_openssl +//go:build !cgo || without_openssl package stupidgcm diff --git a/internal/stupidgcm/xchacha.go b/internal/stupidgcm/xchacha.go index 3c121ba..cfd69d7 100644 --- a/internal/stupidgcm/xchacha.go +++ b/internal/stupidgcm/xchacha.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl // Copyright 2018 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style @@ -7,7 +6,7 @@ // // Copied from // https://github.com/golang/crypto/blob/32db794688a5a24a23a43f2a984cecd5b3d8da58/chacha20poly1305/xchacha20poly1305.go -// and adapted for stupidgcm by @rfjakob. +// and adapted to use OpenSSL ChaCha20 (see chacha.go) instaed of stdlib by @rfjakob. package stupidgcm diff --git a/internal/stupidgcm/xchacha_test.go b/internal/stupidgcm/xchacha_test.go index 676a023..a448f20 100644 --- a/internal/stupidgcm/xchacha_test.go +++ b/internal/stupidgcm/xchacha_test.go @@ -1,5 +1,4 @@ -//go:build !without_openssl -// +build !without_openssl +//go:build cgo && !without_openssl package stupidgcm diff --git a/internal/syscallcompat/asuser_linux.go b/internal/syscallcompat/asuser_linux.go index 804a898..39e3ff2 100644 --- a/internal/syscallcompat/asuser_linux.go +++ b/internal/syscallcompat/asuser_linux.go @@ -2,7 +2,7 @@ package syscallcompat import ( "fmt" - "io/ioutil" + "os" "runtime" "strconv" "strings" @@ -55,7 +55,7 @@ func asUser(f func() (int, error), context *fuse.Context) (int, error) { func getSupplementaryGroups(pid uint32) (gids []int) { procPath := fmt.Sprintf("/proc/%d/task/%d/status", pid, pid) - blob, err := ioutil.ReadFile(procPath) + blob, err := os.ReadFile(procPath) if err != nil { return nil } diff --git a/internal/syscallcompat/getdents_test.go b/internal/syscallcompat/getdents_test.go index eb670d6..c9e6a99 100644 --- a/internal/syscallcompat/getdents_test.go +++ b/internal/syscallcompat/getdents_test.go @@ -4,7 +4,6 @@ package syscallcompat import ( - "io/ioutil" "os" "runtime" "strings" @@ -49,13 +48,13 @@ func testGetdents(t *testing.T) { getdentsUnderTest = emulateGetdents } // Fill a directory with filenames of length 1 ... 255 - testDir, err := ioutil.TempDir(tmpDir, "TestGetdents") + testDir, err := os.MkdirTemp(tmpDir, "TestGetdents") if err != nil { t.Fatal(err) } for i := 1; i <= unix.NAME_MAX; i++ { n := strings.Repeat("x", i) - err = ioutil.WriteFile(testDir+"/"+n, nil, 0600) + err = os.WriteFile(testDir+"/"+n, nil, 0600) if err != nil { t.Fatal(err) } diff --git a/internal/syscallcompat/main_test.go b/internal/syscallcompat/main_test.go index ddf6bc4..7183f5a 100644 --- a/internal/syscallcompat/main_test.go +++ b/internal/syscallcompat/main_test.go @@ -2,7 +2,6 @@ package syscallcompat import ( "fmt" - "io/ioutil" "os" "testing" ) @@ -23,7 +22,7 @@ func TestMain(m *testing.M) { fmt.Println(err) os.Exit(1) } - tmpDir, err = ioutil.TempDir(parent, "syscallcompat") + tmpDir, err = os.MkdirTemp(parent, "syscallcompat") if err != nil { fmt.Println(err) os.Exit(1) diff --git a/internal/syscallcompat/rename_exchange_test.go b/internal/syscallcompat/rename_exchange_test.go new file mode 100644 index 0000000..97a95f8 --- /dev/null +++ b/internal/syscallcompat/rename_exchange_test.go @@ -0,0 +1,58 @@ +package syscallcompat + +import ( + "os" + "path/filepath" + "testing" + + "golang.org/x/sys/unix" +) + +func TestRenameExchange(t *testing.T) { + // Create a temporary directory for testing + tmpDir, err := os.MkdirTemp("", "renameat2_test") + if err != nil { + t.Fatalf("Failed to create temp dir: %v", err) + } + defer os.RemoveAll(tmpDir) + + // Test basic exchange functionality + file1 := filepath.Join(tmpDir, "file1.txt") + file2 := filepath.Join(tmpDir, "file2.txt") + + content1 := []byte("content of file 1") + content2 := []byte("content of file 2") + + if err := os.WriteFile(file1, content1, 0644); err != nil { + t.Fatalf("Failed to create file1: %v", err) + } + + if err := os.WriteFile(file2, content2, 0644); err != nil { + t.Fatalf("Failed to create file2: %v", err) + } + + // Test RENAME_EXCHANGE - this is the core functionality for issue #914 + err = Renameat2(unix.AT_FDCWD, file1, unix.AT_FDCWD, file2, RENAME_EXCHANGE) + if err != nil { + t.Fatalf("RENAME_EXCHANGE failed: %v", err) + } + + // Verify that the files have been swapped + newContent1, err := os.ReadFile(file1) + if err != nil { + t.Fatalf("Failed to read file1 after exchange: %v", err) + } + + newContent2, err := os.ReadFile(file2) + if err != nil { + t.Fatalf("Failed to read file2 after exchange: %v", err) + } + + if string(newContent1) != string(content2) { + t.Errorf("file1 content after exchange. Expected: %s, Got: %s", content2, newContent1) + } + + if string(newContent2) != string(content1) { + t.Errorf("file2 content after exchange. Expected: %s, Got: %s", content1, newContent2) + } +} diff --git a/internal/syscallcompat/sys_darwin.go b/internal/syscallcompat/sys_darwin.go index cf2f3f0..0ebdd3b 100644 --- a/internal/syscallcompat/sys_darwin.go +++ b/internal/syscallcompat/sys_darwin.go @@ -20,11 +20,13 @@ const ( // O_PATH is only defined on Linux O_PATH = 0 + // Same meaning, different name + RENAME_NOREPLACE = unix.RENAME_EXCL + RENAME_EXCHANGE = unix.RENAME_SWAP + // Only exists on Linux. Define here to fix build failure, even though - // we will never see the flags. - RENAME_NOREPLACE = 1 - RENAME_EXCHANGE = 2 - RENAME_WHITEOUT = 4 + // we will never see this flag. + RENAME_WHITEOUT = 1 << 30 ) // Unfortunately fsetattrlist does not have a syscall wrapper yet. @@ -152,7 +154,12 @@ func GetdentsSpecial(fd int) (entries []fuse.DirEntry, entriesSpecial []fuse.Dir return emulateGetdents(fd) } -// Renameat2 does not exist on Darwin, so we call Renameat and ignore the flags. +// Renameat2 does not exist on Darwin, but RenameatxNp does. func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { - return unix.Renameat(olddirfd, oldpath, newdirfd, newpath) + // If no flags are set, use tried and true renameat + if flags == 0 { + return unix.Renameat(olddirfd, oldpath, newdirfd, newpath) + } + // Let RenameatxNp handle everything else + return unix.RenameatxNp(olddirfd, oldpath, newdirfd, newpath, uint32(flags)) } diff --git a/internal/syscallcompat/sys_linux.go b/internal/syscallcompat/sys_linux.go index 5a4a4ab..19d2c56 100644 --- a/internal/syscallcompat/sys_linux.go +++ b/internal/syscallcompat/sys_linux.go @@ -124,8 +124,16 @@ func LsetxattrUser(path string, attr string, data []byte, flags int, context *fu func timesToTimespec(a *time.Time, m *time.Time) []unix.Timespec { ts := make([]unix.Timespec, 2) - ts[0] = unix.Timespec(fuse.UtimeToTimespec(a)) - ts[1] = unix.Timespec(fuse.UtimeToTimespec(m)) + if a == nil { + ts[0] = unix.Timespec{Nsec: unix.UTIME_OMIT} + } else { + ts[0], _ = unix.TimeToTimespec(*a) + } + if m == nil { + ts[1] = unix.Timespec{Nsec: unix.UTIME_OMIT} + } else { + ts[1], _ = unix.TimeToTimespec(*m) + } return ts } @@ -13,7 +13,6 @@ import ( "runtime" "runtime/debug" "strings" - "sync/atomic" "syscall" "time" @@ -181,7 +180,7 @@ func idleMonitor(idleTimeout time.Duration, fs *fusefrontend.RootNode, srv *fuse } for { // Atomically check whether the flag is 0 and reset it to 1 if so. - isIdle := !atomic.CompareAndSwapUint32(&fs.IsIdle, 0, 1) + isIdle := !fs.IsIdle.CompareAndSwap(false, true) // Any form of current or recent access resets the idle counter. openFileCount := openfiletable.CountOpenFiles() if !isIdle || openFileCount > 0 { @@ -316,9 +315,13 @@ func initFuseFrontend(args *argContainer) (rootNode fs.InodeEmbedder, wipeKeys f } } } - // If allow_other is set and we run as root, try to give newly created files to - // the right user. - if args.allow_other && os.Getuid() == 0 { + // If allow_other is set and we run as root, create files as the accessing + // user. + // Except when -force_owner is set, because in this case the user may + // not have write permissions. And the point of -force_owner is to map uids, + // so we want the files on the backing dir to get the uid the gocryptfs process + // is running as. + if args.allow_other && os.Getuid() == 0 && args._forceOwner == nil { frontendArgs.PreserveOwner = true } diff --git a/test-without-openssl.bash b/test-without-openssl.bash index 3f9de9e..e596753 100755 --- a/test-without-openssl.bash +++ b/test-without-openssl.bash @@ -2,4 +2,4 @@ cd "$(dirname "$0")" -./test.bash -tags without_openssl "$@" +CGO_ENABLED=0 ./test.bash "$@" @@ -37,9 +37,9 @@ unmount_leftovers() { return $RET } -( # Prevent multiple parallel test.bash instances as this causes # all kinds of mayhem +exec 200> "$LOCKFILE" if ! command -v flock > /dev/null ; then echo "flock is not available, skipping" elif ! flock -n 200 ; then @@ -54,8 +54,8 @@ unmount_leftovers || true echo "$MYNAME: build-without-openssl.bash failed" exit 1 } -# Don't build with openssl if we were passed "-tags without_openssl" -if [[ "$*" != *without_openssl* ]] ; then +# Only build with openssl if cgo is enabled +if [[ $(go env CGO_ENABLED) -eq 1 ]] ; then ./build.bash fi @@ -67,15 +67,20 @@ else go vet ./... fi +if command -v staticcheck > /dev/null ; then + staticcheck ./... +else + echo "staticcheck not installed - skipping" +fi + if command -v shellcheck > /dev/null ; then - # SC2002 = useless cat. Does no harm, disable the check. - shellcheck -x -e SC2002 ./*.bash + shellcheck -x ./*.bash else echo "shellcheck not installed - skipping" fi echo -n "Testing on TMPDIR=$TMPDIR, filesystem: " -findmnt --noheadings --target "$TESTDIR" --output FSTYPE,OPTIONS || true +findmnt --noheadings --target "$TESTDIR" --output FSTYPE,OPTIONS || echo "?" EXTRA_ARGS="" if [[ $VERBOSE -eq 1 ]]; then @@ -112,18 +117,16 @@ fi # Both syscall.Setreuid etc (since 2020, https://github.com/golang/go/commit/d1b1145cace8b968307f9311ff611e4bb810710c) # and unix.Setreuid etc (since 2022, https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51) # affect the whole process, not only the current thread, which is what we do NOT want. -if find . -type f -name \*.go -print0 | xargs -0 grep -v -E '^//' | +if find . ! -path "./vendor/*" -type f -name \*.go -print0 | xargs -0 grep -v -E '^//' | grep -E '(syscall|unix).(Setegid|Seteuid|Setgroups|Setgid|Setregid|Setreuid|Setresgid|Setresuid|Setuid)\(' ; then echo "$MYNAME: This affects the whole process. Please use the syscallcompat wrappers instead." exit 1 fi -if find . -type f -name \*.go -print0 | xargs -0 grep '\.Creat('; then +if find . ! -path "./vendor/*" -type f -name \*.go -print0 | xargs -0 grep '\.Creat('; then # MacOS does not have syscall.Creat(). Creat() is equivalent to Open(..., O_CREAT|O_WRONLY|O_TRUNC, ...), # but usually you want O_EXCL instead of O_TRUNC because it is safer, so that's what we suggest # instead. echo "$MYNAME: Please use Open(..., O_CREAT|O_WRONLY|O_EXCL, ...) instead of Creat()! https://github.com/rfjakob/gocryptfs/issues/623" exit 1 fi - -) 200> "$LOCKFILE" diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go index fb09338..01cc3b7 100644 --- a/tests/cli/cli_test.go +++ b/tests/cli/cli_test.go @@ -6,7 +6,6 @@ import ( "encoding/hex" "errors" "fmt" - "io/ioutil" "os" "os/exec" "strconv" @@ -174,7 +173,7 @@ func TestPasswd(t *testing.T) { // Add content test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test") file1 := mnt + "/file1" - err := ioutil.WriteFile(file1, []byte("somecontent"), 0600) + err := os.WriteFile(file1, []byte("somecontent"), 0600) if err != nil { t.Fatal(err) } @@ -186,7 +185,7 @@ func TestPasswd(t *testing.T) { testPasswd(t, dir) // Mount and verify test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo newpasswd") - content, err := ioutil.ReadFile(file1) + content, err := os.ReadFile(file1) if err != nil { t.Error(err) } else if string(content) != "somecontent" { @@ -201,12 +200,12 @@ func TestPasswd(t *testing.T) { // cp copies file at `src` to `dst`, overwriting // `dst` if it already exists. Calls t.Fatal on failure. func cp(t *testing.T, src string, dst string) { - conf, err := ioutil.ReadFile(src) + conf, err := os.ReadFile(src) if err != nil { t.Fatal(err) } syscall.Unlink(dst) - err = ioutil.WriteFile(dst, conf, 0600) + err = os.WriteFile(dst, conf, 0600) if err != nil { t.Fatal(err) } @@ -222,7 +221,7 @@ func TestPasswdMasterkey(t *testing.T) { mnt := dir + ".mnt" test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test") file1 := mnt + "/file1" - err := ioutil.WriteFile(file1, []byte("somecontent"), 0600) + err := os.WriteFile(file1, []byte("somecontent"), 0600) if err != nil { t.Fatal(err) } @@ -251,7 +250,7 @@ func TestPasswdMasterkey(t *testing.T) { } // Mount and verify test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo newpasswd") - content, err := ioutil.ReadFile(file1) + content, err := os.ReadFile(file1) if err != nil { t.Error(err) } else if string(content) != "somecontent" { @@ -270,7 +269,7 @@ func TestPasswdMasterkeyStdin(t *testing.T) { mnt := dir + ".mnt" test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test") file1 := mnt + "/file1" - err := ioutil.WriteFile(file1, []byte("somecontent"), 0600) + err := os.WriteFile(file1, []byte("somecontent"), 0600) if err != nil { t.Fatal(err) } @@ -300,7 +299,7 @@ func TestPasswdMasterkeyStdin(t *testing.T) { } // Mount and verify test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo newpasswd") - content, err := ioutil.ReadFile(file1) + content, err := os.ReadFile(file1) if err != nil { t.Fatal(err) } else if string(content) != "somecontent" { @@ -392,7 +391,7 @@ func TestNonempty(t *testing.T) { if err != nil { t.Fatal(err) } - err = ioutil.WriteFile(mnt+"/somefile", []byte("xyz"), 0600) + err = os.WriteFile(mnt+"/somefile", []byte("xyz"), 0600) if err != nil { t.Fatal(err) } @@ -586,7 +585,7 @@ func TestNoexec(t *testing.T) { content := `#!/bin/bash echo hello ` - err := ioutil.WriteFile(sh, []byte(content), 0755) + err := os.WriteFile(sh, []byte(content), 0755) if err != nil { t.Fatal(err) } @@ -697,13 +696,13 @@ func TestNotIdle(t *testing.T) { if err != nil { t.Fatal(err) } - err = ioutil.WriteFile(mnt+"/foo", []byte("foo"), 0600) + err = os.WriteFile(mnt+"/foo", []byte("foo"), 0600) if err != nil { t.Fatal(err) } // Read every 10 milliseconds for a total of 1 second for i := 1; i < 100; i++ { - _, err = ioutil.ReadFile(mnt + "/foo") + _, err = os.ReadFile(mnt + "/foo") if err != nil { t.Fatalf("iteration %d failed: %v", i, err) } @@ -784,7 +783,7 @@ func TestBadname(t *testing.T) { file := mnt + "/" + validFileName // Case 1: write one valid filename (empty content) - err := ioutil.WriteFile(file, nil, 0600) + err := os.WriteFile(file, nil, 0600) if err != nil { t.Fatal(err) } @@ -809,26 +808,26 @@ func TestBadname(t *testing.T) { } //Generate valid cipherdata for all cases for i := 0; i < len(contentCipher); i++ { - err := ioutil.WriteFile(file, []byte(fmt.Sprintf("Content Case %d.", i+1)), 0600) + err := os.WriteFile(file, []byte(fmt.Sprintf("Content Case %d.", i+1)), 0600) if err != nil { t.Fatal(err) } //save the cipher data for file operations in cipher dir - contentCipher[i], err = ioutil.ReadFile(dir + "/" + encryptedfilename) + contentCipher[i], err = os.ReadFile(dir + "/" + encryptedfilename) if err != nil { t.Fatal(err) } } //re-write content for case 1 - err = ioutil.WriteFile(file, []byte("Content Case 1."), 0600) + err = os.WriteFile(file, []byte("Content Case 1."), 0600) if err != nil { t.Fatal(err) } // Case 2: File with invalid suffix in plain name but valid cipher file file = mnt + "/" + validFileName + nametransform.BadnameSuffix - err = ioutil.WriteFile(file, []byte("Content Case 2."), 0600) + err = os.WriteFile(file, []byte("Content Case 2."), 0600) if err != nil { t.Fatal(err) } @@ -842,29 +841,29 @@ func TestBadname(t *testing.T) { // Case 3 is impossible: only BadnameSuffix would mean the cipher name is valid // Case 4: write invalid file which should be decodable - err = ioutil.WriteFile(dir+"/"+encryptedfilename+invalidSuffix, contentCipher[3], 0600) + err = os.WriteFile(dir+"/"+encryptedfilename+invalidSuffix, contentCipher[3], 0600) if err != nil { t.Fatal(err) } //Case 5: write invalid file which is not decodable (replace last 2 bytes with percent sign) - err = ioutil.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+"%%"+invalidSuffix, contentCipher[4], 0600) + err = os.WriteFile(dir+"/"+encryptedfilename[:len(encryptedfilename)-2]+"%%"+invalidSuffix, contentCipher[4], 0600) if err != nil { t.Fatal(err) } // Case 6: Multiple possible matches // generate two files with invalid cipher names which can both match the badname pattern - err = ioutil.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wPC"+invalidSuffix, contentCipher[5], 0600) + err = os.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wPC"+invalidSuffix, contentCipher[5], 0600) if err != nil { t.Fatal(err) } - err = ioutil.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wP"+invalidSuffix, contentCipher[5], 0600) + err = os.WriteFile(dir+"/mzaZRF9_0IU-_5vv2wP"+invalidSuffix, contentCipher[5], 0600) if err != nil { t.Fatal(err) } // Case 7: Non-Matching badname pattern - err = ioutil.WriteFile(dir+"/"+encryptedfilename+"wrongPattern", contentCipher[6], 0600) + err = os.WriteFile(dir+"/"+encryptedfilename+"wrongPattern", contentCipher[6], 0600) if err != nil { t.Fatal(err) } @@ -894,7 +893,7 @@ func TestBadname(t *testing.T) { for _, name := range names { if name == searchstrings[0] { //Case 1: Test access - filebytes, err = ioutil.ReadFile(mnt + "/" + name) + filebytes, err = os.ReadFile(mnt + "/" + name) if err != nil { t.Fatal(err) } @@ -905,7 +904,7 @@ func TestBadname(t *testing.T) { } else if name == searchstrings[1] { //Case 2: Test Access - filebytes, err = ioutil.ReadFile(mnt + "/" + name) + filebytes, err = os.ReadFile(mnt + "/" + name) if err != nil { t.Fatal(err) } @@ -915,7 +914,7 @@ func TestBadname(t *testing.T) { } } else if name == searchstrings[3] { //Case 4: Test Access - filebytes, err = ioutil.ReadFile(mnt + "/" + name) + filebytes, err = os.ReadFile(mnt + "/" + name) if err != nil { t.Fatal(err) } @@ -925,7 +924,7 @@ func TestBadname(t *testing.T) { } } else if name == searchstrings[4] { //Case 5: Test Access - filebytes, err = ioutil.ReadFile(mnt + "/" + name) + filebytes, err = os.ReadFile(mnt + "/" + name) if err != nil { t.Fatal(err) } @@ -955,7 +954,7 @@ func TestPassfile(t *testing.T) { dir := test_helpers.InitFS(t) mnt := dir + ".mnt" passfile1 := mnt + ".1.txt" - ioutil.WriteFile(passfile1, []byte("test"), 0600) + os.WriteFile(passfile1, []byte("test"), 0600) test_helpers.MountOrFatal(t, dir, mnt, "-passfile="+passfile1) defer test_helpers.UnmountPanic(mnt) } @@ -966,8 +965,8 @@ func TestPassfileX2(t *testing.T) { mnt := dir + ".mnt" passfile1 := mnt + ".1.txt" passfile2 := mnt + ".2.txt" - ioutil.WriteFile(passfile1, []byte("te"), 0600) - ioutil.WriteFile(passfile2, []byte("st"), 0600) + os.WriteFile(passfile1, []byte("te"), 0600) + os.WriteFile(passfile2, []byte("st"), 0600) test_helpers.MountOrFatal(t, dir, mnt, "-passfile="+passfile1, "-passfile="+passfile2) defer test_helpers.UnmountPanic(mnt) } @@ -979,7 +978,7 @@ func TestInitNotEmpty(t *testing.T) { if err := os.Mkdir(dir, 0700); err != nil { t.Fatal(err) } - if err := ioutil.WriteFile(dir+"/foo", nil, 0700); err != nil { + if err := os.WriteFile(dir+"/foo", nil, 0700); err != nil { t.Fatal(err) } cmd := exec.Command(test_helpers.GocryptfsBinary, "-init", "-extpass", "echo test", dir) @@ -1001,7 +1000,7 @@ func TestSharedstorage(t *testing.T) { defer test_helpers.UnmountPanic(mnt) foo1 := mnt + "/foo1" foo2 := mnt + "/foo2" - if err := ioutil.WriteFile(foo1, nil, 0755); err != nil { + if err := os.WriteFile(foo1, nil, 0755); err != nil { t.Fatal(err) } if err := os.Link(foo1, foo2); err != nil { @@ -1020,7 +1019,7 @@ func TestSharedstorage(t *testing.T) { } // Check that we we don't have stat caching. New length should show up // on the hard link immediately. - if err := ioutil.WriteFile(foo1, []byte("xxxxxx"), 0755); err != nil { + if err := os.WriteFile(foo1, []byte("xxxxxx"), 0755); err != nil { t.Fatal(err) } if err := syscall.Stat(foo2, &st2); err != nil { diff --git a/tests/cli/longnamemax_test.go b/tests/cli/longnamemax_test.go index e44a84e..357ede6 100644 --- a/tests/cli/longnamemax_test.go +++ b/tests/cli/longnamemax_test.go @@ -2,7 +2,6 @@ package cli import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -38,7 +37,7 @@ func TestLongnamemax100(t *testing.T) { for l := 1; l <= 255; l++ { path := pDir + "/" + strings.Repeat("x", l) - if err := ioutil.WriteFile(path, nil, 0600); err != nil { + if err := os.WriteFile(path, nil, 0600); err != nil { t.Fatal(err) } matches, err := filepath.Glob(cDir + "/gocryptfs.longname.*") @@ -84,7 +83,7 @@ func TestLongnamemax100Reverse(t *testing.T) { for l := 1; l <= 255; l++ { path := backingDir + "/" + strings.Repeat("x", l) - if err := ioutil.WriteFile(path, nil, 0600); err != nil { + if err := os.WriteFile(path, nil, 0600); err != nil { t.Fatal(err) } matches, err := filepath.Glob(mntDir + "/gocryptfs.longname.*") diff --git a/tests/cli/xchacha_test.go b/tests/cli/xchacha_test.go index 7f24c8b..f0fe163 100644 --- a/tests/cli/xchacha_test.go +++ b/tests/cli/xchacha_test.go @@ -2,7 +2,6 @@ package cli import ( "fmt" - "io/ioutil" "os" "syscall" "testing" @@ -40,7 +39,7 @@ func TestXchacha(t *testing.T) { test_helpers.MountOrExit(cDir, pDir, "-extpass", "echo test") defer test_helpers.UnmountPanic(pDir) - if err := ioutil.WriteFile(pDir+"/1byte", []byte("x"), 0700); err != nil { + if err := os.WriteFile(pDir+"/1byte", []byte("x"), 0700); err != nil { t.Fatal(err) } var st syscall.Stat_t @@ -53,7 +52,7 @@ func TestXchacha(t *testing.T) { } // 1 MiB = 256 4kiB blocks - if err := ioutil.WriteFile(pDir+"/1MiB", make([]byte, 1024*1024), 0700); err != nil { + if err := os.WriteFile(pDir+"/1MiB", make([]byte, 1024*1024), 0700); err != nil { t.Fatal(err) } if err := syscall.Stat(cDir+"/1MiB", &st); err != nil { diff --git a/tests/cli/zerokey_test.go b/tests/cli/zerokey_test.go index e9b9c50..359651c 100644 --- a/tests/cli/zerokey_test.go +++ b/tests/cli/zerokey_test.go @@ -1,7 +1,6 @@ package cli import ( - "io/ioutil" "os" "os/exec" "testing" @@ -42,7 +41,7 @@ func TestZerokey(t *testing.T) { mnt := dir + ".mnt" test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test") file1 := mnt + "/file1" - err = ioutil.WriteFile(file1, []byte("somecontent"), 0600) + err = os.WriteFile(file1, []byte("somecontent"), 0600) if err != nil { t.Fatal(err) } @@ -50,7 +49,7 @@ func TestZerokey(t *testing.T) { // Mount using -zerokey and verify we get the same result test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test") - content, err := ioutil.ReadFile(file1) + content, err := os.ReadFile(file1) if err != nil { t.Error(err) } else if string(content) != "somecontent" { diff --git a/tests/defaults/acl_test.go b/tests/defaults/acl_test.go index 2ab5dc1..0dae018 100644 --- a/tests/defaults/acl_test.go +++ b/tests/defaults/acl_test.go @@ -1,7 +1,6 @@ package defaults import ( - "io/ioutil" "math/rand" "os" "os/exec" @@ -35,7 +34,7 @@ func TestCpA(t *testing.T) { var modeWant os.FileMode = os.FileMode(rand.Int31n(0777+1) | 0400) // Create file outside mount - err := ioutil.WriteFile(fn1, nil, modeWant) + err := os.WriteFile(fn1, nil, modeWant) if err != nil { t.Fatal(err) } @@ -45,7 +44,7 @@ func TestCpA(t *testing.T) { t.Fatal(err) } if fi.Mode() != modeWant { - t.Errorf("ioutil.WriteFile created wrong permissions: want %o have %o", modeWant, fi.Mode()) + t.Errorf("os.WriteFile created wrong permissions: want %o have %o", modeWant, fi.Mode()) } // "cp -a" from outside to inside mount @@ -93,7 +92,7 @@ func TestAcl543(t *testing.T) { } // Set acl on file outside gocryptfs mount - err := ioutil.WriteFile(fn1, nil, modeWant) + err := os.WriteFile(fn1, nil, modeWant) if err != nil { t.Fatal(err) } @@ -117,7 +116,7 @@ func TestAcl543(t *testing.T) { } // Set acl on file inside gocryptfs mount - err = ioutil.WriteFile(fn2, nil, modeWant) + err = os.WriteFile(fn2, nil, modeWant) if err != nil { t.Fatal(err) } @@ -164,7 +163,7 @@ func TestAcl543(t *testing.T) { // Check that we handle zero-sized and undersized buffers correctly func TestXattrOverflow(t *testing.T) { fn := filepath.Join(test_helpers.DefaultPlainDir, t.Name()) - ioutil.WriteFile(fn, nil, 0600) + os.WriteFile(fn, nil, 0600) attr := "user.foo123" val := []byte("12341234") diff --git a/tests/defaults/diriv_test.go b/tests/defaults/diriv_test.go index 639b33d..48ba39a 100644 --- a/tests/defaults/diriv_test.go +++ b/tests/defaults/diriv_test.go @@ -1,7 +1,6 @@ package defaults import ( - "io/ioutil" "os" "sync" "sync/atomic" @@ -19,7 +18,7 @@ func TestDirIVRace(t *testing.T) { if err != nil { t.Fatal(err) } - err = ioutil.WriteFile(dir1+"/file", nil, 0600) + err = os.WriteFile(dir1+"/file", nil, 0600) if err != nil { t.Fatal(err) } @@ -31,7 +30,7 @@ func TestDirIVRace(t *testing.T) { t.Fatal(err) } file2 := dir2 + "/file" - err = ioutil.WriteFile(file2, nil, 0600) + err = os.WriteFile(file2, nil, 0600) if err != nil { t.Fatal(err) } diff --git a/tests/defaults/main_test.go b/tests/defaults/main_test.go index 75a5dae..a19f079 100644 --- a/tests/defaults/main_test.go +++ b/tests/defaults/main_test.go @@ -5,7 +5,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -176,7 +175,7 @@ func TestXfs124(t *testing.T) { func TestWrite0200File(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestWrite0200File" - err := ioutil.WriteFile(fn, nil, 0200) + err := os.WriteFile(fn, nil, 0200) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -212,7 +211,7 @@ func TestWrite0200File(t *testing.T) { // Now we return EOPNOTSUPP and mv is happy. func TestMvWarnings(t *testing.T) { fn := test_helpers.TmpDir + "/TestMvWarnings" - err := ioutil.WriteFile(fn, nil, 0600) + err := os.WriteFile(fn, nil, 0600) if err != nil { t.Fatalf("creating file failed: %v", err) } @@ -257,7 +256,7 @@ func TestMvWarningSymlink(t *testing.T) { // See TestMvWarnings. func TestCpWarnings(t *testing.T) { fn := test_helpers.TmpDir + "/TestCpWarnings" - err := ioutil.WriteFile(fn, []byte("foo"), 0600) + err := os.WriteFile(fn, []byte("foo"), 0600) if err != nil { t.Fatalf("creating file failed: %v", err) } diff --git a/tests/defaults/overlayfs_test.go b/tests/defaults/overlayfs_test.go index 8cb773d..32c0a90 100644 --- a/tests/defaults/overlayfs_test.go +++ b/tests/defaults/overlayfs_test.go @@ -4,7 +4,6 @@ package defaults import ( - "io/ioutil" "os" "strings" "testing" @@ -43,7 +42,7 @@ func TestRenameWhiteout(t *testing.T) { for _, n := range names { pSrc := test_helpers.DefaultPlainDir + "/" + n[0] pDst := test_helpers.DefaultPlainDir + "/" + n[1] - if err := ioutil.WriteFile(pSrc, nil, 0200); err != nil { + if err := os.WriteFile(pSrc, nil, 0200); err != nil { t.Fatalf("creating empty file failed: %v", err) } err := unix.Renameat2(-1, pSrc, -1, pDst, flags) @@ -96,10 +95,10 @@ func TestRenameExchange(t *testing.T) { for _, n := range names { pSrc := test_helpers.DefaultPlainDir + "/" + n[0] pDst := test_helpers.DefaultPlainDir + "/" + n[1] - if err := ioutil.WriteFile(pSrc, nil, 0200); err != nil { + if err := os.WriteFile(pSrc, nil, 0200); err != nil { t.Fatalf("creating empty file failed: %v", err) } - if err := ioutil.WriteFile(pDst, nil, 0200); err != nil { + if err := os.WriteFile(pDst, nil, 0200); err != nil { t.Fatalf("creating empty file failed: %v", err) } err := unix.Renameat2(-1, pSrc, -1, pDst, unix.RENAME_EXCHANGE) @@ -119,7 +118,7 @@ func TestRenameExchange(t *testing.T) { } } -// Looks like the FUSE protocol does support O_TMPFILE yet +// Looks like the FUSE protocol does not support O_TMPFILE yet func TestOTmpfile(t *testing.T) { p := test_helpers.DefaultPlainDir + "/" + t.Name() fd, err := unix.Openat(-1, p, unix.O_TMPFILE, 0600) diff --git a/tests/defaults/performance_test.go b/tests/defaults/performance_test.go index 11d827f..8bae5c1 100644 --- a/tests/defaults/performance_test.go +++ b/tests/defaults/performance_test.go @@ -4,7 +4,6 @@ package defaults import ( "fmt" "io" - "io/ioutil" "os" "testing" @@ -96,7 +95,7 @@ func createFiles(t *testing.B, count int, size int) { for i = 0; i < count; i++ { file := fmt.Sprintf("%s/%d", dir, i) if size > 0 { - err = ioutil.WriteFile(file, buf, 0666) + err = os.WriteFile(file, buf, 0666) } else { var fh *os.File fh, err = os.Create(file) diff --git a/tests/deterministic_names/deterministic_names_test.go b/tests/deterministic_names/deterministic_names_test.go index 00d80fc..330cfc3 100644 --- a/tests/deterministic_names/deterministic_names_test.go +++ b/tests/deterministic_names/deterministic_names_test.go @@ -4,7 +4,6 @@ package deterministic_names import ( "fmt" - "io/ioutil" "os" "path/filepath" "testing" @@ -70,7 +69,7 @@ func TestDeterministicNames(t *testing.T) { if err := os.RemoveAll(pDir + "/foo"); err != nil { t.Fatal(err) } - if err := ioutil.WriteFile(pDir+"/foo", nil, 0700); err != nil { + if err := os.WriteFile(pDir+"/foo", nil, 0700); err != nil { t.Fatal(err) } _, err = os.Stat(cDir + "/" + fooEncrypted) diff --git a/tests/example_filesystems/example_test_helpers.go b/tests/example_filesystems/example_test_helpers.go index c56d75a..34e5786 100644 --- a/tests/example_filesystems/example_test_helpers.go +++ b/tests/example_filesystems/example_test_helpers.go @@ -1,7 +1,6 @@ package example_filesystems import ( - "io/ioutil" "os" "path/filepath" "testing" @@ -15,7 +14,7 @@ const statusTxtContent = "It works!\n" func checkExampleFS(t *testing.T, dir string, rw bool) { // Read regular file statusFile := filepath.Join(dir, "status.txt") - contentBytes, err := ioutil.ReadFile(statusFile) + contentBytes, err := os.ReadFile(statusFile) if err != nil { t.Error(err) return @@ -68,7 +67,7 @@ func checkExampleFSrw(t *testing.T, dir string, rw bool) { "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + "xxxxxxxxxxxxxxxxxxxxxxxx" - contentBytes, err := ioutil.ReadFile(filepath.Join(dir, longname)) + contentBytes, err := os.ReadFile(filepath.Join(dir, longname)) if err != nil { t.Error(err) return diff --git a/tests/hkdf_sanity/sanity_test.go b/tests/hkdf_sanity/sanity_test.go index f221439..27a1085 100644 --- a/tests/hkdf_sanity/sanity_test.go +++ b/tests/hkdf_sanity/sanity_test.go @@ -4,7 +4,6 @@ package hkdf_sanity import ( - "io/ioutil" "os" "testing" @@ -15,7 +14,7 @@ func TestBrokenContent(t *testing.T) { cDir := "broken_content" pDir := test_helpers.TmpDir + "/" + cDir test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", "-wpanic=false") - _, err := ioutil.ReadFile(pDir + "/status.txt") + _, err := os.ReadFile(pDir + "/status.txt") if err == nil { t.Error("this should fail") } diff --git a/tests/matrix/dir_test.go b/tests/matrix/dir_test.go index 13d6712..e2ecf46 100644 --- a/tests/matrix/dir_test.go +++ b/tests/matrix/dir_test.go @@ -70,3 +70,27 @@ func TestHaveDotdot(t *testing.T) { t.Errorf("have=%q want=%q", have, want) } } + +// mkdir used to report the wrong file mode when creating a read-only +// director. +// https://github.com/rfjakob/gocryptfs/issues/964 +func Test555Dir(t *testing.T) { + dir1 := test_helpers.DefaultPlainDir + "/" + t.Name() + err := os.Mkdir(dir1, 0555) + if err != nil { + t.Fatal(err) + } + + // Avoid permission errors when cleaning up the directory later + defer syscall.Chmod(dir1, 0700) + + var st syscall.Stat_t + err = syscall.Stat(dir1, &st) + if err != nil { + t.Fatal(err) + } + have := st.Mode & 0777 + if have != 0555 { + t.Errorf("wrong mode. want 0555 have %04o", have) + } +} diff --git a/tests/matrix/main_test.go b/tests/matrix/main_test.go new file mode 100644 index 0000000..cf0b6c4 --- /dev/null +++ b/tests/matrix/main_test.go @@ -0,0 +1,121 @@ +// Tests run for (almost all) combinations of openssl, aessiv, plaintextnames. +// +// File reading, writing, modification, truncate, ... +// +// Runs all tests N times, for the combinations of different flags specified +// in the `matrix` variable. + +package matrix + +import ( + "flag" + "fmt" + "os" + "testing" + "time" + + "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm" + "github.com/rfjakob/gocryptfs/v2/tests/test_helpers" +) + +// Several tests need to be aware if plaintextnames is active or not, so make this +// a global variable +var testcase testcaseMatrix + +var ctlsockPath string + +type testcaseMatrix struct { + plaintextnames bool + openssl string + aessiv bool + raw64 bool + extraArgs []string +} + +// isSet finds out if `extraArg` is set in `tc.extraArgs` +func (tc *testcaseMatrix) isSet(extraArg string) bool { + for _, v := range tc.extraArgs { + if v == extraArg { + return true + } + } + return false +} + +// This is the entry point for the tests +func TestMain(m *testing.M) { + var matrix = []testcaseMatrix{ + // Normal + {false, "auto", false, false, nil}, + {false, "true", false, false, nil}, + {false, "false", false, false, nil}, + // Plaintextnames + {true, "true", false, false, nil}, + {true, "false", false, false, nil}, + // AES-SIV (does not use openssl, no need to test permutations) + {false, "auto", true, false, nil}, + {true, "auto", true, false, nil}, + // Raw64 + {false, "auto", false, true, nil}, + // -serialize_reads + {false, "auto", false, false, []string{"-serialize_reads"}}, + {false, "auto", false, false, []string{"-sharedstorage"}}, + {false, "auto", false, false, []string{"-deterministic-names"}}, + // Test xchacha with and without openssl + {false, "true", false, true, []string{"-xchacha"}}, + {false, "false", false, true, []string{"-xchacha"}}, + } + + // Make "testing.Verbose()" return the correct value + flag.Parse() + var i int + for i, testcase = range matrix { + if testcase.openssl == "true" && stupidgcm.BuiltWithoutOpenssl { + continue + } + if testing.Verbose() { + fmt.Printf("matrix: testcase = %#v\n", testcase) + } + createDirIV := true + if testcase.plaintextnames { + createDirIV = false + } else if testcase.isSet("-deterministic-names") { + createDirIV = false + } + ctlsockPath = fmt.Sprintf("%s/ctlsock.%d", test_helpers.TmpDir, i) + test_helpers.ResetTmpDir(createDirIV) + opts := []string{"-zerokey", "-ctlsock", ctlsockPath} + //opts = append(opts, "-fusedebug") + opts = append(opts, fmt.Sprintf("-openssl=%v", testcase.openssl)) + opts = append(opts, fmt.Sprintf("-plaintextnames=%v", testcase.plaintextnames)) + opts = append(opts, fmt.Sprintf("-aessiv=%v", testcase.aessiv)) + opts = append(opts, fmt.Sprintf("-raw64=%v", testcase.raw64)) + opts = append(opts, testcase.extraArgs...) + test_helpers.MountOrExit(test_helpers.DefaultCipherDir, test_helpers.DefaultPlainDir, opts...) + before := test_helpers.ListFds(0, test_helpers.TmpDir) + t0 := time.Now() + r := m.Run() + if testing.Verbose() { + fmt.Printf("matrix[%d]: run took %v\n", i, time.Since(t0)) + } + // Catch fd leaks in the tests. NOTE: this does NOT catch leaks in + // the gocryptfs FUSE process, but only in the tests that access it! + // All fds that point outside TmpDir are not interesting (the Go test + // infrastucture creates temporary log files we don't care about). + after := test_helpers.ListFds(0, test_helpers.TmpDir) + if len(before) != len(after) { + fmt.Printf("fd leak in test process? before, after:\n%v\n%v\n", before, after) + os.Exit(1) + } + test_helpers.UnmountPanic(test_helpers.DefaultPlainDir) + if r != 0 { + fmt.Printf("TestMain: matrix[%d] = %#v failed\n", i, testcase) + os.Exit(r) + } + // The ctlsock file is deleted asynchronously after unmount. + // Ensure it is delete here so it does not race (and trip up) ResetTmpDir() of the next + // loop iteration. + os.Remove(ctlsockPath) + } + os.Exit(0) +} diff --git a/tests/matrix/matrix_test.go b/tests/matrix/matrix_test.go index 417e126..a2ec549 100644 --- a/tests/matrix/matrix_test.go +++ b/tests/matrix/matrix_test.go @@ -1,16 +1,8 @@ -// Tests run for (almost all) combinations of openssl, aessiv, plaintextnames. package matrix -// File reading, writing, modification, truncate, ... -// -// Runs all tests N times, for the combinations of different flags specified -// in the `matrix` variable. - import ( "bytes" - "flag" "fmt" - "io/ioutil" "math/rand" "os" "os/exec" @@ -20,109 +12,14 @@ import ( "sync" "syscall" "testing" - "time" "golang.org/x/sys/unix" - "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm" + "github.com/rfjakob/gocryptfs/v2/ctlsock" + "github.com/rfjakob/gocryptfs/v2/internal/syscallcompat" "github.com/rfjakob/gocryptfs/v2/tests/test_helpers" ) -// Several tests need to be aware if plaintextnames is active or not, so make this -// a global variable -var testcase testcaseMatrix - -type testcaseMatrix struct { - plaintextnames bool - openssl string - aessiv bool - raw64 bool - extraArgs []string -} - -// isSet finds out if `extraArg` is set in `tc.extraArgs` -func (tc *testcaseMatrix) isSet(extraArg string) bool { - for _, v := range tc.extraArgs { - if v == extraArg { - return true - } - } - return false -} - -var matrix = []testcaseMatrix{ - // Normal - {false, "auto", false, false, nil}, - {false, "true", false, false, nil}, - {false, "false", false, false, nil}, - // Plaintextnames - {true, "true", false, false, nil}, - {true, "false", false, false, nil}, - // AES-SIV (does not use openssl, no need to test permutations) - {false, "auto", true, false, nil}, - {true, "auto", true, false, nil}, - // Raw64 - {false, "auto", false, true, nil}, - // -serialize_reads - {false, "auto", false, false, []string{"-serialize_reads"}}, - {false, "auto", false, false, []string{"-sharedstorage"}}, - {false, "auto", false, false, []string{"-deterministic-names"}}, - // Test xchacha with and without openssl - {false, "true", false, true, []string{"-xchacha"}}, - {false, "false", false, true, []string{"-xchacha"}}, -} - -// This is the entry point for the tests -func TestMain(m *testing.M) { - // Make "testing.Verbose()" return the correct value - flag.Parse() - var i int - for i, testcase = range matrix { - if testcase.openssl == "true" && stupidgcm.BuiltWithoutOpenssl { - continue - } - if testing.Verbose() { - fmt.Printf("matrix: testcase = %#v\n", testcase) - } - createDirIV := true - if testcase.plaintextnames { - createDirIV = false - } else if testcase.isSet("-deterministic-names") { - createDirIV = false - } - test_helpers.ResetTmpDir(createDirIV) - opts := []string{"-zerokey"} - //opts = append(opts, "-fusedebug") - opts = append(opts, fmt.Sprintf("-openssl=%v", testcase.openssl)) - opts = append(opts, fmt.Sprintf("-plaintextnames=%v", testcase.plaintextnames)) - opts = append(opts, fmt.Sprintf("-aessiv=%v", testcase.aessiv)) - opts = append(opts, fmt.Sprintf("-raw64=%v", testcase.raw64)) - opts = append(opts, testcase.extraArgs...) - test_helpers.MountOrExit(test_helpers.DefaultCipherDir, test_helpers.DefaultPlainDir, opts...) - before := test_helpers.ListFds(0, test_helpers.TmpDir) - t0 := time.Now() - r := m.Run() - if testing.Verbose() { - fmt.Printf("matrix: run took %v\n", time.Since(t0)) - } - // Catch fd leaks in the tests. NOTE: this does NOT catch leaks in - // the gocryptfs FUSE process, but only in the tests that access it! - // All fds that point outside TmpDir are not interesting (the Go test - // infrastucture creates temporary log files we don't care about). - after := test_helpers.ListFds(0, test_helpers.TmpDir) - if len(before) != len(after) { - fmt.Printf("fd leak in test process? before, after:\n%v\n%v\n", before, after) - os.Exit(1) - } - test_helpers.UnmountPanic(test_helpers.DefaultPlainDir) - if r != 0 { - fmt.Printf("TestMain: matrix[%d] = %#v failed\n", i, testcase) - os.Exit(r) - } - } - os.Exit(0) -} - // Write `n` random bytes to filename `fn`, read again, compare hash func testWriteN(t *testing.T, fn string, n int) string { file, err := os.Create(test_helpers.DefaultPlainDir + "/" + fn) @@ -327,7 +224,7 @@ func TestFileHoles(t *testing.T) { foo := []byte("foo") file.Write(foo) file.WriteAt(foo, 4096) - _, err = ioutil.ReadFile(fn) + _, err = os.ReadFile(fn) if err != nil { t.Error(err) } @@ -391,7 +288,7 @@ func TestRmwRace(t *testing.T) { // but it must not be // [oooooossss] - buf, _ := ioutil.ReadFile(fn) + buf, _ := os.ReadFile(fn) m := test_helpers.Md5hex(buf) goodMd5[m] = goodMd5[m] + 1 @@ -495,7 +392,7 @@ func TestNameLengths(t *testing.T) { } func TestLongNames(t *testing.T) { - fi, err := ioutil.ReadDir(test_helpers.DefaultCipherDir) + fi, err := os.ReadDir(test_helpers.DefaultCipherDir) if err != nil { t.Fatal(err) } @@ -607,7 +504,7 @@ func TestLongNames(t *testing.T) { t.Error(err) } // Check for orphaned files - fi, err = ioutil.ReadDir(test_helpers.DefaultCipherDir) + fi, err = os.ReadDir(test_helpers.DefaultCipherDir) if err != nil { t.Fatal(err) } @@ -740,7 +637,7 @@ func doTestUtimesNano(t *testing.T, path string) { // Set nanoseconds by path, normal file func TestUtimesNano(t *testing.T) { path := test_helpers.DefaultPlainDir + "/utimesnano" - err := ioutil.WriteFile(path, []byte("foobar"), 0600) + err := os.WriteFile(path, []byte("foobar"), 0600) if err != nil { t.Fatal(err) } @@ -788,7 +685,7 @@ func TestMagicNames(t *testing.T) { t.Logf("Testing n=%q", n) p := test_helpers.DefaultPlainDir + "/" + n // Create file - err := ioutil.WriteFile(p, []byte("xxxxxxx"), 0200) + err := os.WriteFile(p, []byte("xxxxxxx"), 0200) if err != nil { t.Fatalf("creating file %q failed: %v", n, err) } @@ -825,7 +722,7 @@ func TestMagicNames(t *testing.T) { syscall.Unlink(p) // Link target := test_helpers.DefaultPlainDir + "/linktarget" - err = ioutil.WriteFile(target, []byte("yyyyy"), 0600) + err = os.WriteFile(target, []byte("yyyyy"), 0600) if err != nil { t.Fatal(err) } @@ -982,3 +879,117 @@ func TestRootIno(t *testing.T) { t.Errorf("inode number of root dir is zero") } } + +// TestDirSize checks that we report the correct size for directories. +// +// https://github.com/rfjakob/gocryptfs/issues/951: +// "cipherSize 30: incomplete last block" after upgrade to 2.6.0 +func TestDirSize(t *testing.T) { + pDir := test_helpers.DefaultPlainDir + "/" + t.Name() + err := os.Mkdir(pDir, 0700) + if err != nil { + t.Fatal(err) + } + req := ctlsock.RequestStruct{ + EncryptPath: t.Name(), + } + resp := test_helpers.QueryCtlSock(t, ctlsockPath, req) + if resp.Result == "" { + t.Fatal(resp) + } + cDir := test_helpers.DefaultCipherDir + "/" + resp.Result + if err != nil { + t.Fatal(err) + } + + fstat := func(path string) (st syscall.Stat_t) { + fd, err := syscall.Open(path, syscall.O_RDONLY, 0) + if err != nil { + t.Fatal(err) + } + defer syscall.Close(fd) + + err = syscall.Fstat(fd, &st) + if err != nil { + t.Fatal(err) + } + return st + } + + // Check that plaintext size is equal to ciphertext size and + // that stat and fstat gives the same result + compareSize := func() { + var pStat, cStat syscall.Stat_t + err = syscall.Stat(pDir, &pStat) + if err != nil { + t.Fatal(err) + } + pFstat := fstat(pDir) + + err = syscall.Stat(cDir, &cStat) + if err != nil { + t.Fatal(err) + } + cFstat := fstat(cDir) + + if pStat.Size != cStat.Size { + t.Errorf("stat size is different: pSt=%d cSt=%d", pStat.Size, cStat.Size) + } + if pStat.Size != pFstat.Size { + t.Errorf("stat size is different from fstat size: pStat=%d pFstat=%d", pStat.Size, pFstat.Size) + } + if pFstat.Size != cFstat.Size { + t.Errorf("fstat size is different: pSt=%d cSt=%d", pFstat.Size, cFstat.Size) + } + } + + for i := 0; i < 100; i++ { + // Grow the directory by creating new files with long names inside it + path := fmt.Sprintf("%s/%0100d", pDir, i) + err = os.WriteFile(path, nil, 0600) + if err != nil { + t.Fatal(err) + } + compareSize() + } +} + +// TestRenameExchangeOnGocryptfs tests the core RENAME_EXCHANGE functionality +// on a mounted gocryptfs filesystem +func TestRenameExchangeOnGocryptfs(t *testing.T) { + // Create two files with different content + file1 := filepath.Join(test_helpers.DefaultPlainDir, "file1.txt") + file2 := filepath.Join(test_helpers.DefaultPlainDir, "file2.txt") + content1 := []byte("Content of file 1") + content2 := []byte("Content of file 2") + + if err := os.WriteFile(file1, content1, 0644); err != nil { + t.Fatalf("Failed to create file1: %v", err) + } + if err := os.WriteFile(file2, content2, 0644); err != nil { + t.Fatalf("Failed to create file2: %v", err) + } + + // Use RENAME_EXCHANGE to atomically swap the files + err := syscallcompat.Renameat2(unix.AT_FDCWD, file1, unix.AT_FDCWD, file2, syscallcompat.RENAME_EXCHANGE) + if err != nil { + t.Fatalf("RENAME_EXCHANGE failed on gocryptfs: %v", err) + } + + // Verify the files were swapped + newContent1, err := os.ReadFile(file1) + if err != nil { + t.Fatalf("Failed to read file1 after exchange: %v", err) + } + newContent2, err := os.ReadFile(file2) + if err != nil { + t.Fatalf("Failed to read file2 after exchange: %v", err) + } + + if string(newContent1) != string(content2) { + t.Errorf("file1 content wrong after exchange. Expected: %s, Got: %s", content2, newContent1) + } + if string(newContent2) != string(content1) { + t.Errorf("file2 content wrong after exchange. Expected: %s, Got: %s", content1, newContent2) + } +} diff --git a/tests/plaintextnames/plaintextnames_test.go b/tests/plaintextnames/plaintextnames_test.go index 4de0730..a755deb 100644 --- a/tests/plaintextnames/plaintextnames_test.go +++ b/tests/plaintextnames/plaintextnames_test.go @@ -4,7 +4,6 @@ package plaintextnames import ( "fmt" - "io/ioutil" "os" "syscall" "testing" @@ -63,7 +62,7 @@ func TestDirIV(t *testing.T) { // else should work. func TestFiltered(t *testing.T) { filteredFile := pDir + "/gocryptfs.conf" - err := ioutil.WriteFile(filteredFile, []byte("foo"), 0777) + err := os.WriteFile(filteredFile, []byte("foo"), 0777) if err == nil { t.Errorf("should have failed but didn't") } @@ -71,11 +70,11 @@ func TestFiltered(t *testing.T) { if err == nil { t.Errorf("should have failed but didn't") } - err = ioutil.WriteFile(pDir+"/gocryptfs.diriv", []byte("foo"), 0777) + err = os.WriteFile(pDir+"/gocryptfs.diriv", []byte("foo"), 0777) if err != nil { t.Error(err) } - subDir, err := ioutil.TempDir(pDir, "") + subDir, err := os.MkdirTemp(pDir, "") if err != nil { t.Fatal(err) } diff --git a/tests/reverse/correctness_test.go b/tests/reverse/correctness_test.go index e4684df..4028ac3 100644 --- a/tests/reverse/correctness_test.go +++ b/tests/reverse/correctness_test.go @@ -3,7 +3,6 @@ package reverse_test import ( "bytes" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -72,7 +71,7 @@ func TestSymlinkDentrySize(t *testing.T) { } symlink := "a_symlink" - mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_") + mnt, err := os.MkdirTemp(test_helpers.TmpDir, "reverse_mnt_") if err != nil { t.Fatal(err) } @@ -111,7 +110,7 @@ func TestConfigMapping(t *testing.T) { if !test_helpers.VerifyExistence(t, c) { t.Errorf("%s missing", c) } - data, err := ioutil.ReadFile(c) + data, err := os.ReadFile(c) if err != nil { t.Fatal(err) } @@ -233,7 +232,7 @@ func Test0100Dir(t *testing.T) { t.Fatal(err) } file := dir + "/hello" - err = ioutil.WriteFile(file, []byte("hello"), 0600) + err = os.WriteFile(file, []byte("hello"), 0600) if err != nil { t.Fatal(err) } @@ -328,7 +327,7 @@ func TestHardlinkedLongname(t *testing.T) { workdirA, workdirB := newWorkdir(t) long1 := workdirA + "/" + strings.Repeat("x", 200) - if err := ioutil.WriteFile(long1, []byte("hello"), 0600); err != nil { + if err := os.WriteFile(long1, []byte("hello"), 0600); err != nil { t.Fatal(err) } var long1_stat syscall.Stat_t diff --git a/tests/reverse/ctlsock_test.go b/tests/reverse/ctlsock_test.go index f59fa45..8f9d843 100644 --- a/tests/reverse/ctlsock_test.go +++ b/tests/reverse/ctlsock_test.go @@ -1,7 +1,7 @@ package reverse_test import ( - "io/ioutil" + "os" "syscall" "testing" @@ -28,7 +28,7 @@ func TestCtlSockPathOps(t *testing.T) { if plaintextnames { t.Skip("this only tests encrypted names") } - mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_") + mnt, err := os.MkdirTemp(test_helpers.TmpDir, "reverse_mnt_") if err != nil { t.Fatal(err) } @@ -74,7 +74,7 @@ func TestCtlSockCrash(t *testing.T) { if plaintextnames { t.Skip("this only tests encrypted names") } - mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_") + mnt, err := os.MkdirTemp(test_helpers.TmpDir, "reverse_mnt_") if err != nil { t.Fatal(err) } diff --git a/tests/reverse/exclude_test.go b/tests/reverse/exclude_test.go index f24ff2c..645d267 100644 --- a/tests/reverse/exclude_test.go +++ b/tests/reverse/exclude_test.go @@ -1,7 +1,8 @@ package reverse_test import ( - "io/ioutil" + "log" + "os" "path/filepath" "testing" @@ -19,36 +20,29 @@ func ctlsockEncryptPath(t *testing.T, sock string, path string) string { return response.Result } -// doTestExcludeTestFs runs exclude tests against the exclude_test_fs folder -func doTestExcludeTestFs(t *testing.T, flag string, patterns, visible, hidden []string) { - // Mount reverse fs - mnt, err := ioutil.TempDir(test_helpers.TmpDir, t.Name()) - if err != nil { - t.Fatal(err) - } - sock := mnt + ".sock" - cliArgs := []string{"-reverse", "-extpass", "echo test", "-ctlsock", sock} +// doTestExcludeTestFs runs exclude tests against the exclude_test_fs folder. +// flag is either "--exclude-wildcard" or "--exclude" +func doTestExcludeTestFs(t *testing.T, flag string, patterns []string, tree directoryTree) { + var extraArgs []string for _, v := range patterns { - cliArgs = append(cliArgs, flag, v) - } - if plaintextnames { - cliArgs = append(cliArgs, "-config", "exclude_test_fs/.gocryptfs.reverse.conf.plaintextnames") + extraArgs = append(extraArgs, flag, v) } - test_helpers.MountOrFatal(t, "exclude_test_fs", mnt, cliArgs...) + // Mount reverse fs + backingDir, mnt, sock := newReverseFS(extraArgs) defer test_helpers.UnmountPanic(mnt) + tree.createOnDisk(backingDir) + // Get encrypted version of visible and hidden paths - cVisible := encryptExcludeTestPaths(t, sock, visible) - cHidden := encryptExcludeTestPaths(t, sock, hidden) + cVisible := encryptExcludeTestPaths(t, sock, tree.visible()) + cHidden := encryptExcludeTestPaths(t, sock, tree.hidden()) // Check that hidden paths are not there and visible paths are there for _, v := range cHidden { if test_helpers.VerifyExistence(t, mnt+"/"+v) { t.Errorf("File %q is visible, but should be hidden", v) } - if nametransform.IsLongContent(filepath.Base(v)) { - // TODO ??? - } + } for _, v := range cVisible { if !test_helpers.VerifyExistence(t, mnt+"/"+v) { @@ -74,6 +68,44 @@ func encryptExcludeTestPaths(t *testing.T, socket string, pRelPaths []string) (o return out } +type directoryTree struct { + visibleFiles []string + visibleDirs []string + hiddenFiles []string + hiddenDirs []string +} + +func (tr *directoryTree) visible() []string { + return append(tr.visibleDirs, tr.visibleFiles...) +} + +func (tr *directoryTree) hidden() []string { + return append(tr.hiddenDirs, tr.hiddenFiles...) +} + +func (tr *directoryTree) createOnDisk(baseDir string) { + dirs := append(tr.hiddenDirs, tr.visibleDirs...) + for _, d := range dirs { + err := os.MkdirAll(baseDir+"/"+d, 0700) + if err != nil { + log.Panic(err) + } + } + + files := append(tr.hiddenFiles, tr.visibleFiles...) + for _, f := range files { + d := filepath.Dir(f) + err := os.MkdirAll(baseDir+"/"+d, 0700) + if err != nil { + log.Panic(err) + } + err = os.WriteFile(baseDir+"/"+f, nil, 0600) + if err != nil { + log.Panic(err) + } + } +} + // TestExcludeTestFs runs exclude tests against the exclude_test_fs folder. func TestExcludeTestFs(t *testing.T) { // --exclude-wildcard patterns, gitignore syntax @@ -90,19 +122,22 @@ func TestExcludeTestFs(t *testing.T) { "dir1/**/exclude", // ** matches any number of directories "file3/", // pattern with trailing slash should not match a file } + var tree directoryTree // visible are plaintext paths that should be visible in the encrypted view - visible := []string{ + tree.visibleFiles = []string{ "file2", "dir1/longfile1" + x240, "dir1/longfile3" + x240, - "longdir1" + x240, "longdir1" + x240 + "/file1", "longdir2" + x240 + "/file", "longfile1" + x240, "file3", } + tree.visibleDirs = []string{ + "longdir1" + x240, + } // hidden are plaintext paths that should be hidden in the encrypted view - hidden := []string{ + tree.hiddenFiles = []string{ "bkp1~", "dir1/file1", "dir1/file2", @@ -111,20 +146,21 @@ func TestExcludeTestFs(t *testing.T) { "dir1/longfile2" + x240, "dir1/subdir1/exclude", "dir1/subdir1/subdir2/exclude", - "dir2", "dir2/file", "dir2/longdir1" + x240 + "/file", "dir2/longfile." + x240, - "dir2/subdir", "dir2/subdir/file", "file1", "longdir2" + x240 + "/bkp~", "longfile2" + x240, "longfile3" + x240, } - - doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden) - doTestExcludeTestFs(t, "-ew", patterns, visible, hidden) + tree.hiddenDirs = []string{ + "dir2", + "dir2/subdir", + } + doTestExcludeTestFs(t, "-exclude-wildcard", patterns, tree) + doTestExcludeTestFs(t, "-ew", patterns, tree) } // Exclude everything using "/*", then selectively include only dir1 using "!/dir1" @@ -135,23 +171,28 @@ func TestExcludeAllOnlyDir1(t *testing.T) { "*", "!/dir1", } + var tree directoryTree // visible are plaintext paths that should be visible in the encrypted view - visible := []string{ + tree.visibleDirs = []string{ "dir1", + } + tree.visibleFiles = []string{ "dir1/file1", } // hidden are plaintext paths that should be hidden in the encrypted view - hidden := []string{ + tree.hiddenDirs = []string{ "dir2", + "dir2/subdir", + } + tree.hiddenFiles = []string{ "dir2/file", "dir2/longdir1" + x240 + "/file", "dir2/longfile." + x240, - "dir2/subdir", "dir2/subdir/file", "file1", "longdir2" + x240 + "/bkp~", "longfile2" + x240, "longfile3" + x240, } - doTestExcludeTestFs(t, "-exclude-wildcard", patterns, visible, hidden) + doTestExcludeTestFs(t, "-exclude-wildcard", patterns, tree) } diff --git a/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf b/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf deleted file mode 100644 index 835d11c..0000000 --- a/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf +++ /dev/null @@ -1,21 +0,0 @@ -{ - "Creator": "gocryptfs v1.5-41-gf48b731-dirty", - "EncryptedKey": "FkACqloUeFZesem0UzRD3ezLXtPl8wIAxEHoIEfZxFdLMQeWOxqtw5xopJagDWE/GI1VFSUIrJIIIwwgMipmYA==", - "ScryptObject": { - "Salt": "UVfIgV31uj/voHWI4GqGwsTcbVKyYDOWvbleqJKhZbk=", - "N": 1024, - "R": 8, - "P": 1, - "KeyLen": 32 - }, - "Version": 2, - "FeatureFlags": [ - "GCMIV128", - "HKDF", - "DirIV", - "EMENames", - "LongNames", - "Raw64", - "AESSIV" - ] -} diff --git a/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf.plaintextnames b/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf.plaintextnames deleted file mode 100644 index 9cb762c..0000000 --- a/tests/reverse/exclude_test_fs/.gocryptfs.reverse.conf.plaintextnames +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Creator": "gocryptfs v1.5-41-gf48b731-dirty", - "EncryptedKey": "wAmckZb7QsIv/GCdkhb5ep8TwJa44qhnswn5tbER6Tifk8TbUmkwBTceaTtYfHAnTQ48q9mnIlcN9cfbNe5oPw==", - "ScryptObject": { - "Salt": "o5XJ78TgG85zZXRnU55ZqHhKLbPge6jsyDiqrLvSqe0=", - "N": 1024, - "R": 8, - "P": 1, - "KeyLen": 32 - }, - "Version": 2, - "FeatureFlags": [ - "GCMIV128", - "HKDF", - "PlaintextNames", - "AESSIV" - ] -} diff --git a/tests/reverse/exclude_test_fs/bkp1~ b/tests/reverse/exclude_test_fs/bkp1~ deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/bkp1~ +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/exclude b/tests/reverse/exclude_test_fs/dir1/exclude deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/exclude +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/file1 b/tests/reverse/exclude_test_fs/dir1/file1 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/file1 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/file2 b/tests/reverse/exclude_test_fs/dir1/file2 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/file2 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/longbkp1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx~ b/tests/reverse/exclude_test_fs/dir1/longbkp1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx~ deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/longbkp1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx~ +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/dir1/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/dir1/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/dir1/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/subdir1/exclude b/tests/reverse/exclude_test_fs/dir1/subdir1/exclude deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/subdir1/exclude +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir1/subdir1/subdir2/exclude b/tests/reverse/exclude_test_fs/dir1/subdir1/subdir2/exclude deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir1/subdir1/subdir2/exclude +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir2/file b/tests/reverse/exclude_test_fs/dir2/file deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir2/file +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir2/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file b/tests/reverse/exclude_test_fs/dir2/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir2/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir2/longfile.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/dir2/longfile.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir2/longfile.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/dir2/subdir/file b/tests/reverse/exclude_test_fs/dir2/subdir/file deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/dir2/subdir/file +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/file1 b/tests/reverse/exclude_test_fs/file1 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/file1 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/file2 b/tests/reverse/exclude_test_fs/file2 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/file2 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/file3 b/tests/reverse/exclude_test_fs/file3 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/file3 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file1 b/tests/reverse/exclude_test_fs/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file1 deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longdir1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file1 +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/bkp~ b/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/bkp~ deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/bkp~ +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file b/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longdir2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/file +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longfile1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longfile2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/exclude_test_fs/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx b/tests/reverse/exclude_test_fs/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx deleted file mode 100644 index e69de29..0000000 --- a/tests/reverse/exclude_test_fs/longfile3xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +++ /dev/null diff --git a/tests/reverse/force_owner_test.go b/tests/reverse/force_owner_test.go index 6e47b50..aeb0a4e 100644 --- a/tests/reverse/force_owner_test.go +++ b/tests/reverse/force_owner_test.go @@ -1,7 +1,6 @@ package reverse_test import ( - "io/ioutil" "net/url" "os" "syscall" @@ -13,7 +12,7 @@ import ( func TestForceOwner(t *testing.T) { // Let's not explode with "TempDir: pattern contains path separator" myEscapedName := url.PathEscape(t.Name()) - mnt, err := ioutil.TempDir(test_helpers.TmpDir, myEscapedName) + mnt, err := os.MkdirTemp(test_helpers.TmpDir, myEscapedName) if err != nil { t.Fatal(err) } diff --git a/tests/reverse/inomap_test.go b/tests/reverse/inomap_test.go index ff78f4c..fadf6a5 100644 --- a/tests/reverse/inomap_test.go +++ b/tests/reverse/inomap_test.go @@ -85,7 +85,7 @@ func TestVirtualFileIno(t *testing.T) { if err != nil { t.Fatal(err) } - dirents, err := fd.Readdirnames(0) + _, err = fd.Readdirnames(0) if err != nil { t.Fatal(err) } @@ -104,7 +104,7 @@ func TestVirtualFileIno(t *testing.T) { if err != nil { t.Fatal(err) } - dirents, err = fd.Readdirnames(0) + dirents, err := fd.Readdirnames(0) if err != nil { t.Fatal(err) } diff --git a/tests/reverse/main_test.go b/tests/reverse/main_test.go index 2fc9e5e..6a3ed9b 100644 --- a/tests/reverse/main_test.go +++ b/tests/reverse/main_test.go @@ -2,7 +2,9 @@ package reverse_test import ( "bytes" + "flag" "fmt" + "log" "os" "testing" @@ -31,6 +33,8 @@ var dirC string func TestMain(m *testing.M) { var r int + flag.Parse() + testcases := []struct { plaintextnames bool deterministic_names bool @@ -40,23 +44,17 @@ func TestMain(m *testing.M) { {false, true}, } for i, tc := range testcases { - argsA := []string{"-reverse"} + // Fill the global vars plaintextnames, deterministic_names = tc.plaintextnames, tc.deterministic_names - if tc.plaintextnames { - argsA = append(argsA, "-plaintextnames") - } else if tc.deterministic_names { - argsA = append(argsA, "-deterministic-names") + if testing.Verbose() { + log.Printf("TestMain: plaintextnames=%v deterministic_names=%v", plaintextnames, deterministic_names) } - dirA = test_helpers.InitFS(nil, argsA...) - dirB = test_helpers.TmpDir + "/b" + + dirA, dirB, _ = newReverseFS(nil) dirC = test_helpers.TmpDir + "/c" - if err := os.Mkdir(dirB, 0700); err != nil { - panic(err) - } if err := os.Mkdir(dirC, 0700); err != nil { panic(err) } - test_helpers.MountOrExit(dirA, dirB, "-reverse", "-extpass", "echo test") test_helpers.MountOrExit(dirB, dirC, "-extpass", "echo test") r = m.Run() test_helpers.UnmountPanic(dirC) @@ -73,3 +71,24 @@ func TestMain(m *testing.M) { } os.Exit(r) } + +// newReverseFS creates and mounts a new, empty reverse filesystem. +func newReverseFS(extraMountArgs []string) (backingDir, mntDir, ctlsockPath string) { + args := []string{"-reverse"} + if plaintextnames { + args = append(args, "-plaintextnames") + } else if deterministic_names { + args = append(args, "-deterministic-names") + } + backingDir = test_helpers.InitFS(nil, args...) + mntDir = backingDir + ".mnt" + ctlsockPath = mntDir + ".sock" + mountArgs := []string{"-reverse", "-extpass", "echo test", "-ctlsock", ctlsockPath} + mountArgs = append(mountArgs, extraMountArgs...) + test_helpers.MountOrExit(backingDir, mntDir, mountArgs...) + + if testing.Verbose() { + log.Printf("newReverseFS: mounted %q on %q", backingDir, mntDir) + } + return +} diff --git a/tests/reverse/one_file_system_test.go b/tests/reverse/one_file_system_test.go index 61190ea..823cf62 100644 --- a/tests/reverse/one_file_system_test.go +++ b/tests/reverse/one_file_system_test.go @@ -1,7 +1,6 @@ package reverse_test import ( - "io/ioutil" "net/url" "os" "runtime" @@ -17,7 +16,7 @@ func TestOneFileSystem(t *testing.T) { } // Let's not explode with "TempDir: pattern contains path separator" myEscapedName := url.PathEscape(t.Name()) - mnt, err := ioutil.TempDir(test_helpers.TmpDir, myEscapedName) + mnt, err := os.MkdirTemp(test_helpers.TmpDir, myEscapedName) if err != nil { t.Fatal(err) } @@ -33,7 +32,7 @@ func TestOneFileSystem(t *testing.T) { // Copied from inomap const maxPassthruIno = 1<<48 - 1 - entries, err := ioutil.ReadDir(mnt) + entries, err := os.ReadDir(mnt) if err != nil { t.Fatal(err) } @@ -43,7 +42,11 @@ func TestOneFileSystem(t *testing.T) { // We are only interested in directories continue } - st := e.Sys().(*syscall.Stat_t) + info, err := e.Info() + if err != nil { + continue + } + st := info.Sys().(*syscall.Stat_t) // The inode numbers of files with a different device number are remapped // to something above maxPassthruIno if st.Ino > maxPassthruIno { diff --git a/tests/reverse/xattr_test.go b/tests/reverse/xattr_test.go index 8002604..c70f623 100644 --- a/tests/reverse/xattr_test.go +++ b/tests/reverse/xattr_test.go @@ -2,7 +2,7 @@ package reverse_test import ( "fmt" - "io/ioutil" + "os" "path/filepath" "syscall" "testing" @@ -16,10 +16,7 @@ func xattrSupported(path string) bool { return true } err2 := err.(*xattr.Error) - if err2.Err == syscall.EOPNOTSUPP { - return false - } - return true + return err2.Err != syscall.EOPNOTSUPP } func TestXattrList(t *testing.T) { @@ -29,7 +26,7 @@ func TestXattrList(t *testing.T) { t.Skip() } fnA := filepath.Join(dirA, t.Name()) - err := ioutil.WriteFile(fnA, nil, 0700) + err := os.WriteFile(fnA, nil, 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } diff --git a/tests/root_test/btrfs_test.go b/tests/root_test/btrfs_test.go new file mode 100644 index 0000000..4f2527a --- /dev/null +++ b/tests/root_test/btrfs_test.go @@ -0,0 +1,65 @@ +package root_test + +import ( + "os" + "os/exec" + "path/filepath" + "syscall" + "testing" + + "github.com/rfjakob/gocryptfs/v2/internal/syscallcompat" + + "github.com/rfjakob/gocryptfs/v2/tests/test_helpers" +) + +// TestBtrfsQuirks needs root permissions because it creates a loop disk +func TestBtrfsQuirks(t *testing.T) { + if os.Getuid() != 0 { + t.Skip("must run as root") + } + + img := filepath.Join(test_helpers.TmpDir, t.Name()+".img") + f, err := os.Create(img) + if err != nil { + t.Fatal(err) + } + defer f.Close() + // minimum size for each btrfs device is 114294784 + err = f.Truncate(200 * 1024 * 1024) + if err != nil { + t.Fatal(err) + } + + // Format as Btrfs + _, err = exec.LookPath("mkfs.btrfs") + if err != nil { + t.Skip("mkfs.btrfs not found, skipping test") + } + cmd := exec.Command("mkfs.btrfs", img) + out, err := cmd.CombinedOutput() + if err != nil { + t.Logf("%q", cmd.Args) + t.Log(string(out)) + t.Fatal(err) + } + + // Mount + mnt := img + ".mnt" + err = os.Mkdir(mnt, 0600) + if err != nil { + t.Fatal(err) + } + cmd = exec.Command("mount", img, mnt) + out, err = cmd.CombinedOutput() + if err != nil { + t.Log(string(out)) + t.Fatal(err) + } + defer syscall.Unlink(img) + defer syscall.Unmount(mnt, 0) + + quirk := syscallcompat.DetectQuirks(mnt) + if quirk != syscallcompat.QuirkBrokenFalloc { + t.Errorf("wrong quirk: %v", quirk) + } +} diff --git a/tests/root_test/issue893_test.go b/tests/root_test/issue893_test.go index 6ad8e6d..2db0b19 100644 --- a/tests/root_test/issue893_test.go +++ b/tests/root_test/issue893_test.go @@ -4,7 +4,6 @@ package root_test import ( "fmt" - "io/ioutil" "os" "sync" "syscall" @@ -35,10 +34,10 @@ func TestConcurrentUserOps(t *testing.T) { if err = os.MkdirAll(d, 0700); err != nil { return } - if err = ioutil.WriteFile(d+"/foo", nil, 0400); err != nil { + if err = os.WriteFile(d+"/foo", nil, 0400); err != nil { return } - if err = ioutil.WriteFile(d+"/bar", []byte("aaaaaaaaaaaaaaaaaaaaa"), 0400); err != nil { + if err = os.WriteFile(d+"/bar", []byte("aaaaaaaaaaaaaaaaaaaaa"), 0400); err != nil { return } if err = syscall.Unlink(d + "/foo"); err != nil { diff --git a/tests/root_test/root_test.go b/tests/root_test/root_test.go index e432ce0..c531ebb 100644 --- a/tests/root_test/root_test.go +++ b/tests/root_test/root_test.go @@ -5,7 +5,6 @@ package root_test import ( - "io/ioutil" "os" "os/exec" "path/filepath" @@ -203,7 +202,7 @@ func TestDiskFull(t *testing.T) { } t.Logf("sz1=%d, sz2=%d", sz1, sz2) - foo1, err := ioutil.ReadFile(mnt + "/foo1") + foo1, err := os.ReadFile(mnt + "/foo1") if err != nil { t.Fatal(err) } @@ -211,7 +210,7 @@ func TestDiskFull(t *testing.T) { t.Fail() } - foo2, err := ioutil.ReadFile(mnt + "/foo2") + foo2, err := os.ReadFile(mnt + "/foo2") if err != nil { t.Fatal(err) } @@ -231,7 +230,7 @@ func TestAcl(t *testing.T) { defer test_helpers.UnmountPanic(pDir) f1 := pDir + "/f1" - if err := ioutil.WriteFile(f1, []byte("hello world\n"), 000); err != nil { + if err := os.WriteFile(f1, []byte("hello world\n"), 000); err != nil { t.Fatal(err) } @@ -301,54 +300,6 @@ func TestAcl(t *testing.T) { } } -// TestBtrfsQuirks needs root permissions because it creates a loop disk -func TestBtrfsQuirks(t *testing.T) { - if os.Getuid() != 0 { - t.Skip("must run as root") - } - - img := filepath.Join(test_helpers.TmpDir, t.Name()+".img") - f, err := os.Create(img) - if err != nil { - t.Fatal(err) - } - defer f.Close() - // minimum size for each btrfs device is 114294784 - err = f.Truncate(200 * 1024 * 1024) - if err != nil { - t.Fatal(err) - } - - // Format as Btrfs - cmd := exec.Command("mkfs.btrfs", img) - out, err := cmd.CombinedOutput() - if err != nil { - t.Logf("%q", cmd.Args) - t.Log(string(out)) - t.Fatal(err) - } - - // Mount - mnt := img + ".mnt" - err = os.Mkdir(mnt, 0600) - if err != nil { - t.Fatal(err) - } - cmd = exec.Command("mount", img, mnt) - out, err = cmd.CombinedOutput() - if err != nil { - t.Log(string(out)) - t.Fatal(err) - } - defer syscall.Unlink(img) - defer syscall.Unmount(mnt, 0) - - quirk := syscallcompat.DetectQuirks(mnt) - if quirk != syscallcompat.QuirkBrokenFalloc { - t.Errorf("wrong quirk: %v", quirk) - } -} - func TestOverlay(t *testing.T) { if os.Getuid() != 0 { t.Skip("must run as root") @@ -379,3 +330,39 @@ func TestOverlay(t *testing.T) { } defer syscall.Unmount(ovlMnt, 0) } + +// Check that mkdir and file create works with force_owner and runnung as root +// https://github.com/rfjakob/gocryptfs/issues/783 +func TestRootForceOwner(t *testing.T) { + if os.Getuid() != 0 { + t.Skip("must run as root") + } + cDir := test_helpers.InitFS(t) + pDir := cDir + ".mnt" + test_helpers.MountOrFatal(t, cDir, pDir, "-allow_other", "-extpass=echo test", "-force_owner=1234:1234") + defer test_helpers.UnmountPanic(pDir) + + err := asUser(1234, 1234, nil, func() error { + return os.Mkdir(pDir+"/dir1", 0700) + }) + if err != nil { + t.Error(err) + } + err = asUser(1234, 1234, nil, func() error { + f, err := os.Create(pDir + "/file1") + if err == nil { + f.Close() + } + return err + }) + if err != nil { + t.Error(err) + } + err = asUser(1234, 1234, nil, func() error { + sock := pDir + "/sock" + return syscall.Mknod(sock, syscall.S_IFSOCK|0600, 0) + }) + if err != nil { + t.Errorf("mknod: %v", err) + } +} diff --git a/tests/stress_tests/fsstress-gocryptfs.bash b/tests/stress_tests/fsstress-gocryptfs.bash index 43b4222..e6c3281 100755 --- a/tests/stress_tests/fsstress-gocryptfs.bash +++ b/tests/stress_tests/fsstress-gocryptfs.bash @@ -83,7 +83,7 @@ done echo " ok: $MNT" # Cleanup trap -trap "kill %1 ; cd / ; fuse-unmount -z $MNT ; rm -rf $DIR $MNT" EXIT +trap "echo ' cleaning up...' ; kill %1 ; cd / ; fuse-unmount -z $MNT ; rm -rf $DIR $MNT" EXIT echo "Starting fsstress loop" N=1 diff --git a/tests/test_helpers/helpers.go b/tests/test_helpers/helpers.go index 0d21548..c8cd151 100644 --- a/tests/test_helpers/helpers.go +++ b/tests/test_helpers/helpers.go @@ -5,7 +5,6 @@ import ( "crypto/md5" "encoding/hex" "fmt" - "io/ioutil" "log" "os" "os/exec" @@ -55,7 +54,7 @@ func doInit() { fmt.Printf("test_helpers: warning: testParentDir %q does not reside on ext4, we will miss failures caused by ino reuse\n", testParentDir) } var err error - TmpDir, err = ioutil.TempDir(testParentDir, "") + TmpDir, err = os.MkdirTemp(testParentDir, "") if err != nil { panic(err) } @@ -73,7 +72,7 @@ func doInit() { // *-- gocryptfs.diriv func ResetTmpDir(createDirIV bool) { // Try to unmount and delete everything - entries, err := ioutil.ReadDir(TmpDir) + entries, err := os.ReadDir(TmpDir) if err == nil { for _, e := range entries { d := filepath.Join(TmpDir, e.Name()) @@ -148,7 +147,7 @@ func InitFS(t *testing.T, extraArgs ...string) string { if t != nil { prefix = t.Name() + "." } - dir, err := ioutil.TempDir(TmpDir, prefix) + dir, err := os.MkdirTemp(TmpDir, prefix) if err != nil { if t != nil { t.Fatal(err) @@ -178,7 +177,7 @@ func InitFS(t *testing.T, extraArgs ...string) string { // Md5fn returns an md5 string for file "filename" func Md5fn(filename string) string { - buf, err := ioutil.ReadFile(filename) + buf, err := os.ReadFile(filename) if err != nil { fmt.Printf("ReadFile: %v\n", err) return "" @@ -199,7 +198,7 @@ func Md5hex(buf []byte) string { // 3) Size reported by Fstat() func VerifySize(t *testing.T, path string, want int) { // Read whole file - buf, err := ioutil.ReadFile(path) + buf, err := os.ReadFile(path) if err != nil { t.Errorf("ReadFile failed: %v", err) } else if len(buf) != want { @@ -299,7 +298,7 @@ func TestMkdirRmdir(t *testing.T, plainDir string) { func TestRename(t *testing.T, plainDir string) { file1 := plainDir + "/rename1" file2 := plainDir + "/rename2" - err := ioutil.WriteFile(file1, []byte("content"), 0777) + err := os.WriteFile(file1, []byte("content"), 0777) if err != nil { t.Error(err) return diff --git a/tests/test_helpers/mount_unmount.go b/tests/test_helpers/mount_unmount.go index 46c64c9..4abc432 100644 --- a/tests/test_helpers/mount_unmount.go +++ b/tests/test_helpers/mount_unmount.go @@ -187,7 +187,7 @@ func UnmountErr(dir string) (err error) { err = cmd.Run() if err == nil { if len(fdsNow) > len(fds)+maxCacheFds { - return fmt.Errorf("fd leak in gocryptfs process? pid=%d dir=%q, fds:\nold=%v \nnew=%v\n", pid, dir, fds, fdsNow) + return fmt.Errorf("fd leak in gocryptfs process? pid=%d dir=%q, fds:\nold=%v \nnew=%v", pid, dir, fds, fdsNow) } return nil } diff --git a/tests/xattr/xattr_fd_test.go b/tests/xattr/xattr_fd_test.go index f3586cf..ae53afc 100644 --- a/tests/xattr/xattr_fd_test.go +++ b/tests/xattr/xattr_fd_test.go @@ -6,7 +6,7 @@ package xattr_tests import ( - "io/ioutil" + "os" "syscall" "testing" @@ -18,7 +18,7 @@ import ( func TestFdXattr(t *testing.T) { attr := "user.foo" fn := test_helpers.DefaultPlainDir + "/TestFdXattr" - err := ioutil.WriteFile(fn, nil, 0700) + err := os.WriteFile(fn, nil, 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } diff --git a/tests/xattr/xattr_integration_test.go b/tests/xattr/xattr_integration_test.go index c968a47..e662828 100644 --- a/tests/xattr/xattr_integration_test.go +++ b/tests/xattr/xattr_integration_test.go @@ -10,7 +10,6 @@ import ( "bytes" "encoding/base64" "fmt" - "io/ioutil" "os" "strings" "syscall" @@ -31,7 +30,7 @@ func TestMain(m *testing.M) { // Write deterministic diriv so encrypted filenames are deterministic. os.Remove(test_helpers.DefaultCipherDir + "/gocryptfs.diriv") diriv := []byte("1234567890123456") - err := ioutil.WriteFile(test_helpers.DefaultCipherDir+"/gocryptfs.diriv", diriv, 0400) + err := os.WriteFile(test_helpers.DefaultCipherDir+"/gocryptfs.diriv", diriv, 0400) if err != nil { fmt.Println(err) os.Exit(1) @@ -92,7 +91,7 @@ func setGetRmList3(fn string, attr string, val []byte) error { // Test xattr set, get, rm on a regular file. func TestSetGetRmRegularFile(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestSetGetRmRegularFile" - err := ioutil.WriteFile(fn, []byte("12345"), 0700) + err := os.WriteFile(fn, []byte("12345"), 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -132,7 +131,7 @@ func TestSetGetRmDir(t *testing.T) { func TestXattrSetEmpty(t *testing.T) { attr := "user.foo" fn := test_helpers.DefaultPlainDir + "/TestXattrSetEmpty1" - err := ioutil.WriteFile(fn, nil, 0700) + err := os.WriteFile(fn, nil, 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -185,7 +184,7 @@ func TestXattrSetEmpty(t *testing.T) { func TestXattrList(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestXattrList" - err := ioutil.WriteFile(fn, nil, 0700) + err := os.WriteFile(fn, nil, 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -218,10 +217,7 @@ func xattrSupported(path string) bool { return true } err2 := err.(*xattr.Error) - if err2.Err == syscall.EOPNOTSUPP { - return false - } - return true + return err2.Err != syscall.EOPNOTSUPP } func TestBase64XattrRead(t *testing.T) { @@ -236,7 +232,7 @@ func TestBase64XattrRead(t *testing.T) { plainFn := test_helpers.DefaultPlainDir + "/" + fileName encryptedFn := test_helpers.DefaultCipherDir + "/" + encryptedFileName - err := ioutil.WriteFile(plainFn, nil, 0700) + err := os.WriteFile(plainFn, nil, 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -289,7 +285,7 @@ func TestBase64XattrRead(t *testing.T) { // Listing xattrs should work even when we don't have read access func TestList0000File(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestList0000File" - err := ioutil.WriteFile(fn, nil, 0000) + err := os.WriteFile(fn, nil, 0000) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -302,7 +298,7 @@ func TestList0000File(t *testing.T) { // Setting xattrs should work even when we don't have read access func TestSet0200File(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestSet0200File" - err := ioutil.WriteFile(fn, nil, 0200) + err := os.WriteFile(fn, nil, 0200) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -342,7 +338,7 @@ func TestSet0200Dir(t *testing.T) { func TestAcl(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/TestAcl" - err := ioutil.WriteFile(fn, nil, 0600) + err := os.WriteFile(fn, nil, 0600) if err != nil { t.Fatalf("creating empty file failed: %v", err) } @@ -374,7 +370,7 @@ func TestAcl(t *testing.T) { // https://github.com/rfjakob/gocryptfs/issues/627 func TestSlashInName(t *testing.T) { fn := test_helpers.DefaultPlainDir + "/" + t.Name() - err := ioutil.WriteFile(fn, []byte("12345"), 0700) + err := os.WriteFile(fn, []byte("12345"), 0700) if err != nil { t.Fatalf("creating empty file failed: %v", err) } |