aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-03main: RLIMIT_NOFILE: cap to 4096Jakob Unterwurzacher
We don't want to set the limit to unlimited if "Max" is unlimited. Hard-cap to 4096.
2017-05-02main: increase open file limit to 4096Jakob Unterwurzacher
Linux by default has a soft limit of 1024 and a hard limit of 4096 on open files. We can increase it so 4096 without root permissions. This should help reduce the risk of gocryptfs running out of file descriptors, as reported at https://github.com/rfjakob/gocryptfs/issues/82 .
2017-05-01tests: support encfs in the fsstress scriptJakob Unterwurzacher
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01openfiletable: rename WriteLock to ContentLockJakob Unterwurzacher
...and IDLock to HeaderLock. This matches what the locks actually protect.
2017-05-01fusefrontend: rely on nodefs.defaultFile for no-op functionsJakob Unterwurzacher
Now that we embed nodefs.NewDefaultFile(), we can drop our own no-ops.
2017-05-01contentenc: downgrade "interrupted write?" warning to debugJakob Unterwurzacher
This can happen during normal operation, and is harmless since 14038a1644f17f50b113a05d09a2a0a3b3e973b2 "fusefrontend: readFileID: reject files that consist only of a header" causes dormant header-only files to be rewritten on the next write.
2017-05-01tests: add TestXfs124Jakob Unterwurzacher
This test reproduces the problem xfstests generic/124 uncovered. The warning itself is harmless, but we should either (1) add locking so that this cannot happen anymore or (2) drop the warning. Currently fails: $ go test -v === RUN Test1980Tar --- PASS: Test1980Tar (0.00s) === RUN TestCtlSock --- PASS: TestCtlSock (0.10s) === RUN TestOpenTruncateRead --- PASS: TestOpenTruncateRead (0.00s) === RUN TestWORead --- PASS: TestWORead (0.00s) === RUN TestXfs124 cipherSize 18 == header size: interrupted write? -wpanic turns this warning into a panic: cipherSize 18 == header size: interrupted write?
2017-05-01fusefrontend: drop writeOnly flagJakob Unterwurzacher
We do not have to track the writeOnly status because the kernel will not forward read requests on a write-only FD to us anyway. I have verified this behavoir manually on a 4.10.8 kernel and also added a testcase.
2017-05-01fusefronted, openfiletable: move the open file table to its own packageJakob Unterwurzacher
The open file table code needs some room to grow for the upcoming FD multiplexing implementation.
2017-04-30travis: upgrade Go 1.8 to 1.8.1Jakob Unterwurzacher
Go 1.8.1. has been released recently. Use it for the Go 1.8 branch.
2017-04-30golint.bash: fix exit codesJakob Unterwurzacher
We want to exit with 1 only if we we have complaints left after the greps.
2017-04-29fusefrontend: rename write_lock.go -> open_file_table.goJakob Unterwurzacher
The data structure was originally called write lock table, but is now simply called the open file table. Rename the file to reflect that.
2017-04-29README: set release date for v1.3v1.3Jakob Unterwurzacher
2017-04-29fusefronted: drop unused file.String() functionJakob Unterwurzacher
This is a very old leftover.
2017-04-29readpassword: increase max password size to 2048Jakob Unterwurzacher
This is the value EncFS uses, so let's follow suit. Suggested at https://github.com/rfjakob/gocryptfs/issues/77 .
2017-04-29main: "--" should also block "-o" parsingJakob Unterwurzacher
Includes test cases.
2017-04-29fix golint complaintsJakob Unterwurzacher
2017-04-29nametransform: WriteDirIV: replace ioutil.WriteFileJakob Unterwurzacher
As reported at https://github.com/rfjakob/gocryptfs/issues/105 , the "ioutil.WriteFile(file, iv, 0400)" call causes "permissions denied" errors on an NFSv4 setup. "strace"ing diriv creation and gocryptfs.conf creation shows this: conf (works on the user's NFSv4 mount): openat(AT_FDCWD, "/tmp/a/gocryptfs.conf.tmp", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 diriv (fails): openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0400) = 3 This patch creates the diriv file with the same flags that are used for creating the conf: openat(AT_FDCWD, "/tmp/a/gocryptfs.diriv", O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0400) = 3 Closes https://github.com/rfjakob/gocryptfs/issues/105
2017-04-24forcedecode: tighten checksJakob Unterwurzacher
...and fix a few golint issues and print a scary warning message on mount. Also, force the fs to ro,noexec.
2017-04-23Add -forcedecodedanim7
Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted files are encountered. It can be useful to recover files from disks with bad sectors or other corrupted media. Closes https://github.com/rfjakob/gocryptfs/pull/102 .
2017-04-23Fix Flock build breakageJakob Unterwurzacher
go-fuse has added a new method to the nodefs.File interface that caused this build error: internal/fusefrontend/file.go:75: cannot use file literal (type *file) as type nodefs.File in return argument: *file does not implement nodefs.File (missing Flock method) Fixes https://github.com/rfjakob/gocryptfs/issues/104 and prevents the problem from happening again.
2017-04-01README: add 64-bit inode numbers to changelogJakob Unterwurzacher
2017-04-01fusefrontend_reverse: switch to stable inode numbersJakob Unterwurzacher
The volatile inode numbers that we used before cause "find" to complain and error out. Virtual inode numbers are derived from their parent file inode number by adding 10^19, which is hopefully large enough no never cause problems in practice. If the backing directory contains inode numbers higher than that, stat() on these files will return EOVERFLOW. Example directory lising after this change: $ ls -i 926473 gocryptfs.conf 1000000000000926466 gocryptfs.diriv 944878 gocryptfs.longname.hmZojMqC6ns47eyVxLlH2ailKjN9bxfosi3C-FR8mjA 1000000000000944878 gocryptfs.longname.hmZojMqC6ns47eyVxLlH2ailKjN9bxfosi3C-FR8mjA.name 934408 Tdfbf02CKsTaGVYnAsSypA
2017-04-01fusefrontend_reverse: drop unused dirIVAttr functionJakob Unterwurzacher
This has long been replaced by virtualFile.GetAttr().
2017-04-01fusefrontend_reverse: convert fmt.Printf calls to tlogJakob Unterwurzacher
The fmt.Printfs output would end up in the paniclog.
2017-04-01benchmark-reverse: add file readsJakob Unterwurzacher
Note: find currently complains like this: find: failed to read file names from file system at or below ‘/tmp/linux-3.0.reverse.mnt.vNI’: No such file or directory I have analyzed this and it is caused by the non-stable inode numbers that gocryptfs -reverse uses. Will be fixed in a later commit.
2017-04-01fusefrontend_reverse: add comment to newVirtualFileJakob Unterwurzacher
...and improve and comment variable naming in findLongnameParent. No semantic changes.
2017-04-01README: link to auditJakob Unterwurzacher
2017-03-28fusefrontend_reverse: consistent file owners for .diriv, .name filesdanim7
This PR addresses the Issue #95, about "Confusing file owner for longname files in reverse mode". It affects only the reverse mode, and introduces two modifications: 1) The "gocryptfs.longname.XXXX.name" files are assigned the owner and group of the underlying plaintext file. Therefore it is consistent with the file "gocryptfs.longname.XXXX" that has the encrypted contents of the plaintext file. 2) The two virtual files mentioned above are given -r--r--r-- permissions. This is consistent with the behavior described in function Access in internal/fusefrontend_reverse/rfs.go where all virtual files are always readable. Behavior also observed in point c) in #95 . Issue #95 URL: https://github.com/rfjakob/gocryptfs/issues/95 Pull request URL: https://github.com/rfjakob/gocryptfs/pull/97
2017-03-28README: mention OpenSSL header installJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/98
2017-03-28MANPAGE: reformat to GFM (github flavored markdown)Jakob Unterwurzacher
This makes it render properly on the github webinterface.
2017-03-25MANPAGE: fix alphabetical order and expand scryptn explainationJakob Unterwurzacher
2017-03-25configfile: always validate all scrypt parametersJakob Unterwurzacher
This makes sure we cannot get weak parameters passed through a rougue gocryptfs.conf.
2017-03-25Further explain the use of 'scryptn' parameter (#94)danim7
* Further explain the use of 'scryptn' parameter * Further explain the use of 'scryptn' parameter in MANPAGE * Use 28 as reasonable upper limit
2017-03-25README: use pre-rendered PNG logoJakob Unterwurzacher
This keeps the README working even if nuetzlich.net is unavailable. We use a PNG because github disallows embedding local SVGs.
2017-03-25README: call the website mirror "Markdown source"rfjakob
2017-03-25README: add link to website source coderfjakob
2017-03-20readpassword: increase max password length to 2000Jakob Unterwurzacher
1000 was too low as at least one user had a password that was longer. Fixes https://github.com/rfjakob/gocryptfs/issues/93
2017-03-19MANPAGE: document "-serialize_reads"Jakob Unterwurzacher
2017-03-19README: missing closing braceJakob Unterwurzacher
2017-03-19README: fix broken markdown listsJakob Unterwurzacher
Github seems to have changed its markdown parser. It now requires three spaces for sublists.
2017-03-19README: mention -serialize_readsJakob Unterwurzacher
...and v1.3-beta1
2017-03-18tests: add hkdf_sanity tests with broken example filesystemv1.3-beta1Jakob Unterwurzacher
These are deliberately corrupt.
2017-03-18fusefrontend: get rid of leftover debug outputJakob Unterwurzacher
2017-03-18benchmark: add md5sum read performance benchmarkJakob Unterwurzacher
2017-03-18serialize_reads: add read serialization logicJakob Unterwurzacher
Due to kernel readahead, we usually get multiple read requests at the same time. These get submitted to the backing storage in random order, which is a problem if seeking is very expensive. Details: https://github.com/rfjakob/gocryptfs/issues/92
2017-03-12fusefrontend: readFileID: reject files that consist only of a headerJakob Unterwurzacher
A header-only file will be considered empty (this is not supposed to happen). This makes File ID poisoning more difficult.
2017-03-12fusefrontend: truncateGrowFile: avoid createHeader() callJakob Unterwurzacher
...if doWrite() can do it for us. This avoids the situation that the file only consists of a file header when calling doWrite. A later patch will check for this condition and warn about it, as with this change it should no longer occour in normal operation.
2017-03-07configfile: HKDF feature flag should also be set for "-plaintextnames"Jakob Unterwurzacher
2017-03-07contentenc: catch integer underflow in file size calculationJakob Unterwurzacher
If you truncate a ciphertext file to 19 bytes, you could get the impression that the plaintext is 18446744073709551585 bytes long, as reported by "ls -l". Fix it by clamping the value to zero.