| Age | Commit message (Collapse) | Author | 
|---|
|  | Add the -sharedstorage flag to the mounts and make it more
severe by adjusting the I/O and file sizes to arbitrary unaligned
values.
It passes *most of the time*.
If it fails, it's like this, and the reason is that there is no
fcntl locks in the READ path yet.
gocryptfs/tests/cluster$ go test -run TestClusterConcurrentRW -v
=== RUN   TestClusterConcurrentRW
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
    cluster_test.go:98: readThread iteration 9165: ReadAt failed: read /var/tmp/gocryptfs-test-parent-1026/3021427391/TestClusterConcurrentRW.366469887.mnt1/foo: input/output error
 --- FAIL: TestClusterConcurrentRW (0.40s)
FAIL
exit status 1
FAIL	github.com/rfjakob/gocryptfs/v2/tests/cluster	0.406s | 
|  | As we must write complete ciphertext blocks (except at EOF), non-overlapping
plaintext writes can overlap in the ciphertext.
And because overlapping writes can turn the data into data soup (see
TestPoCTornWrite) we serialize them using fcntl locking. | 
|  |  | 
|  |  | 
|  | Scary. But explains why TestConcurrentCreate fails.
gocryptfs/tests/cluster$ go test -run TestPoCTornWrite
 --- FAIL: TestPoCTornWrite (0.00s)
    poc_test.go:210: iteration 214: inconsistent block: d6d6d6d6d6d6d6d6d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1
FAIL | 
|  | With -sharedstorage, we keep the on-disk file header.
Other mounts may have the file ID cached so we cannot mess with it.
This makes TestOpenTruncate pass. | 
|  | This fails right now:
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN   TestOpenTruncate
    cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doWrite 2898550: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
    cluster_test.go:240: iteration 1: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/1896094179/TestOpenTruncate.4202105280.mnt2/foo: input/output error
 --- FAIL: TestOpenTruncate (0.10s)
FAIL
exit status 1
FAIL	github.com/rfjakob/gocryptfs/v2/tests/cluster	0.099s
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN   TestOpenTruncate
    cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 2898565: corrupt block #0: cipher: message authentication failed
ino2898565 fh9: RMW read failed: errno=5
    cluster_test.go:240: iteration 8: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/652691834/TestOpenTruncate.281532388.mnt1/foo: input/output error
 --- FAIL: TestOpenTruncate (0.09s)
FAIL
exit status 1
FAIL	github.com/rfjakob/gocryptfs/v2/tests/cluster	0.095s | 
|  |  | 
|  | This exercises the byte-range locks we just added. | 
|  | Multiple host writing to the same empty file at the same time
could have overwritten each other's newly created file header,
leading to data corruption.
Fix the race by placing a byte-range lock on the file when
creating the file header. | 
|  | This is not a real leak:
  fd leak in test process? before, after:
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])]
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])]
Ignore pidfd. | 
|  | Turns out at least the tests depended on the old
behavoir.
Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1 | 
|  | Using the same "-extpass" or "-passfile" for both old
and new password makes little sense, and it causes real
problems as seen here: https://github.com/rfjakob/gocryptfs/discussions/882
I hope nobody depends on this or I'll have to revert.
Fixes https://github.com/rfjakob/gocryptfs/issues/287
Fixes https://github.com/rfjakob/gocryptfs/discussions/882 | 
|  |  | 
|  | We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882 | 
|  | Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580 | 
|  |  | 
|  | The `--reverse` section of the manual has a reference to an `INIT FLAGS` section, but no such section exists. Change the reference to refer to the `INIT OPTIONS` section, which does exist. | 
|  | Looks like wget does not support it anymore
$ wget --version
GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader
$ ./benchmark.bash
Testing gocryptfs   at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64
/tmp/benchmark.bash.bmt.mnt is a mountpoint
Downloading linux-3.0.tar.gz
Unknown option 'show-progress' | 
|  | Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776 | 
|  | Prep for solving https://github.com/rfjakob/gocryptfs/issues/776 | 
|  | Fixes https://github.com/rfjakob/gocryptfs/issues/809 | 
|  | https://github.com/rfjakob/gocryptfs/issues/809 | 
|  | Should make debugging situations like
	https://github.com/rfjakob/gocryptfs/issues/852
	Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
    4e45a317-595d8a2d-46493a30-97de86ef-
    540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT | 
|  | Merge stock kernel options with user-provided ones before passing to go-fuse.
Before: `-ko volname=custom` would result in `-o volname=mountpoint,volname=custom` to macFUSE.
After: `-ko volname=custom` would produce `-o volname=custom` with no duplicates.
Fixes #854 and #557 | 
|  | Instead of just looking for AES, also look for PCLMULQDQ,
like crypto/tls does.
Fixes: https://github.com/rfjakob/gocryptfs/issues/822 | 
|  | Let's not leak fds to logger.
Before:
	$ lsof -p $(pgrep logger)
	COMMAND    PID  USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
	logger  146410 jakob  cwd    DIR              253,0      4096       2 /
	logger  146410 jakob  rtd    DIR              253,0      4096       2 /
	logger  146410 jakob  txt    REG              253,0     41560 6293858 /usr/bin/logger
	logger  146410 jakob  mem    REG              253,0 229754784 6292695 /usr/lib/locale/locale-archive
	logger  146410 jakob  mem    REG              253,0    186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
	logger  146410 jakob  mem    REG              253,0    787128 6294119 /usr/lib64/libzstd.so.1.5.6
	logger  146410 jakob  mem    REG              253,0    211424 6294587 /usr/lib64/liblzma.so.5.4.6
	logger  146410 jakob  mem    REG              253,0    131128 6302636 /usr/lib64/liblz4.so.1.9.4
	logger  146410 jakob  mem    REG              253,0     49184 6302330 /usr/lib64/libcap.so.2.69
	logger  146410 jakob  mem    REG              253,0   2476880 6295299 /usr/lib64/libc.so.6
	logger  146410 jakob  mem    REG              253,0    987256 6292058 /usr/lib64/libsystemd.so.0.38.0
	logger  146410 jakob  mem    REG              253,0    906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
	logger  146410 jakob    0r  FIFO               0,14       0t0  607727 pipe
	logger  146410 jakob    1w   CHR                1,3       0t0       4 /dev/null
	logger  146410 jakob    2w   CHR                1,3       0t0       4 /dev/null
	logger  146410 jakob    3u  unix 0x0000000046d9c96b       0t0  607729 type=DGRAM (CONNECTED)
	logger  146410 jakob   10u   DIR               0,33        80    7758 /tmp/tmp.lbUiEw9P6W/a
After:
	$ lsof -p $(pgrep logger)
	COMMAND    PID  USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
	logger  147982 jakob  cwd    DIR              253,0      4096       2 /
	logger  147982 jakob  rtd    DIR              253,0      4096       2 /
	logger  147982 jakob  txt    REG              253,0     41560 6293858 /usr/bin/logger
	logger  147982 jakob  mem    REG              253,0 229754784 6292695 /usr/lib/locale/locale-archive
	logger  147982 jakob  mem    REG              253,0    186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
	logger  147982 jakob  mem    REG              253,0    787128 6294119 /usr/lib64/libzstd.so.1.5.6
	logger  147982 jakob  mem    REG              253,0    211424 6294587 /usr/lib64/liblzma.so.5.4.6
	logger  147982 jakob  mem    REG              253,0    131128 6302636 /usr/lib64/liblz4.so.1.9.4
	logger  147982 jakob  mem    REG              253,0     49184 6302330 /usr/lib64/libcap.so.2.69
	logger  147982 jakob  mem    REG              253,0   2476880 6295299 /usr/lib64/libc.so.6
	logger  147982 jakob  mem    REG              253,0    987256 6292058 /usr/lib64/libsystemd.so.0.38.0
	logger  147982 jakob  mem    REG              253,0    906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
	logger  147982 jakob    0r  FIFO               0,14       0t0  609636 pipe
	logger  147982 jakob    1w   CHR                1,3       0t0       4 /dev/null
	logger  147982 jakob    2w   CHR                1,3       0t0       4 /dev/null
	logger  147982 jakob    3u  unix 0x00000000bc46d033       0t0  610344 type=DGRAM (CONNECTED)
Fixes https://github.com/rfjakob/gocryptfs/issues/846 | 
|  |  | 
|  | This package is a failed experiment and should not
have been committed.
Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343 | 
|  | Fix error in the examples for `-fido2-assert-option` | 
|  | ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802 | 
|  |  | 
|  | This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper. | 
|  | This avoids the manual "| spillBit" logic. | 
|  | We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802 | 
|  | Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment. | 
|  |  | 
|  | Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702 | 
|  | Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators.
Closes #828 | 
|  | with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841 | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Report that exit code is wrong when the
exit code is wrong. | 
|  |  | 
|  | Removed repeated "conflicts" | 
|  | Seems to build fine and has a big userbase due to
Debian and Ubuntu. | 
|  | Signed-off-by: Christian Stewart <christian@aperture.us> | 
|  | Signed-off-by: Christian Stewart <christian@aperture.us> |