Age | Commit message (Collapse) | Author |
|
Prevent reads and writes concurrent with the truncate operation. It's
racy on tmpfs and ext4 ( https://lore.kernel.org/all/18e9fa0f-ec31-9107-459c-ae1694503f87@gmail.com/t/ )
as evident by TestOpenTruncate test failures:
=== RUN TestOpenTruncate
cluster_test.go:209: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 16384215: corrupt block #0: cipher: message authentication failed
ino16384215 fh8: RMW read failed: errno=5
cluster_test.go:214: iteration 1: WriteAt: write /tmp/gocryptfs-test-parent-1026/1358464214/TestOpenTruncate.1788296708.mnt2/foo: input/output error
--- FAIL: TestOpenTruncate (0.06s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 7.880s
Relates-to: https://github.com/rfjakob/gocryptfs/issues/56
|
|
Complain loudly when the underlying storage does not support
byte-range locks.
https://github.com/rfjakob/gocryptfs/issues/754
|
|
With -sharedstorage, when we get a decryption error, we lock the
byte range and try again.
This makes concurrent R/W safe agains torn writes.
https://github.com/rfjakob/gocryptfs/issues/754
|
|
Add the -sharedstorage flag to the mounts and make it more
severe by adjusting the I/O and file sizes to arbitrary unaligned
values.
It passes *most of the time*.
If it fails, it's like this, and the reason is that there is no
fcntl locks in the READ path yet.
gocryptfs/tests/cluster$ go test -run TestClusterConcurrentRW -v
=== RUN TestClusterConcurrentRW
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
cluster_test.go:98: readThread iteration 9165: ReadAt failed: read /var/tmp/gocryptfs-test-parent-1026/3021427391/TestClusterConcurrentRW.366469887.mnt1/foo: input/output error
--- FAIL: TestClusterConcurrentRW (0.40s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.406s
|
|
As we must write complete ciphertext blocks (except at EOF), non-overlapping
plaintext writes can overlap in the ciphertext.
And because overlapping writes can turn the data into data soup (see
TestPoCTornWrite) we serialize them using fcntl locking.
|
|
|
|
|
|
Scary. But explains why TestConcurrentCreate fails.
gocryptfs/tests/cluster$ go test -run TestPoCTornWrite
--- FAIL: TestPoCTornWrite (0.00s)
poc_test.go:210: iteration 214: inconsistent block: d6d6d6d6d6d6d6d6d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1
FAIL
|
|
With -sharedstorage, we keep the on-disk file header.
Other mounts may have the file ID cached so we cannot mess with it.
This makes TestOpenTruncate pass.
|
|
This fails right now:
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doWrite 2898550: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
cluster_test.go:240: iteration 1: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/1896094179/TestOpenTruncate.4202105280.mnt2/foo: input/output error
--- FAIL: TestOpenTruncate (0.10s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.099s
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 2898565: corrupt block #0: cipher: message authentication failed
ino2898565 fh9: RMW read failed: errno=5
cluster_test.go:240: iteration 8: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/652691834/TestOpenTruncate.281532388.mnt1/foo: input/output error
--- FAIL: TestOpenTruncate (0.09s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.095s
|
|
|
|
This exercises the byte-range locks we just added.
|
|
Multiple host writing to the same empty file at the same time
could have overwritten each other's newly created file header,
leading to data corruption.
Fix the race by placing a byte-range lock on the file when
creating the file header.
|
|
This is not a real leak:
fd leak in test process? before, after:
[0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])]
[0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])]
Ignore pidfd.
|
|
Turns out at least the tests depended on the old
behavoir.
Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1
|
|
Using the same "-extpass" or "-passfile" for both old
and new password makes little sense, and it causes real
problems as seen here: https://github.com/rfjakob/gocryptfs/discussions/882
I hope nobody depends on this or I'll have to revert.
Fixes https://github.com/rfjakob/gocryptfs/issues/287
Fixes https://github.com/rfjakob/gocryptfs/discussions/882
|
|
|
|
We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
|
|
Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580
|
|
|
|
The `--reverse` section of the manual has a reference to an `INIT FLAGS` section, but no such section exists. Change the reference to refer to the `INIT OPTIONS` section, which does exist.
|
|
Looks like wget does not support it anymore
$ wget --version
GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64
/tmp/benchmark.bash.bmt.mnt is a mountpoint
Downloading linux-3.0.tar.gz
Unknown option 'show-progress'
|
|
Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776
|
|
Prep for solving https://github.com/rfjakob/gocryptfs/issues/776
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/809
|
|
https://github.com/rfjakob/gocryptfs/issues/809
|
|
Should make debugging situations like
https://github.com/rfjakob/gocryptfs/issues/852
Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
4e45a317-595d8a2d-46493a30-97de86ef-
540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
|
|
Merge stock kernel options with user-provided ones before passing to go-fuse.
Before: `-ko volname=custom` would result in `-o volname=mountpoint,volname=custom` to macFUSE.
After: `-ko volname=custom` would produce `-o volname=custom` with no duplicates.
Fixes #854 and #557
|
|
Instead of just looking for AES, also look for PCLMULQDQ,
like crypto/tls does.
Fixes: https://github.com/rfjakob/gocryptfs/issues/822
|
|
Let's not leak fds to logger.
Before:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 146410 jakob cwd DIR 253,0 4096 2 /
logger 146410 jakob rtd DIR 253,0 4096 2 /
logger 146410 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 146410 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 146410 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 146410 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 146410 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 146410 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 146410 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 146410 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 146410 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 146410 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 146410 jakob 0r FIFO 0,14 0t0 607727 pipe
logger 146410 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 3u unix 0x0000000046d9c96b 0t0 607729 type=DGRAM (CONNECTED)
logger 146410 jakob 10u DIR 0,33 80 7758 /tmp/tmp.lbUiEw9P6W/a
After:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 147982 jakob cwd DIR 253,0 4096 2 /
logger 147982 jakob rtd DIR 253,0 4096 2 /
logger 147982 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 147982 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 147982 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 147982 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 147982 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 147982 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 147982 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 147982 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 147982 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 147982 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 147982 jakob 0r FIFO 0,14 0t0 609636 pipe
logger 147982 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 3u unix 0x00000000bc46d033 0t0 610344 type=DGRAM (CONNECTED)
Fixes https://github.com/rfjakob/gocryptfs/issues/846
|
|
|
|
This package is a failed experiment and should not
have been committed.
Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343
|
|
Fix error in the examples for `-fido2-assert-option`
|
|
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
|
|
|
|
This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper.
|
|
This avoids the manual "| spillBit" logic.
|
|
We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802
|
|
Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment.
|
|
|
|
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
|
|
Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators.
Closes #828
|
|
with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841
|
|
|
|
|
|
|
|
|
|
Report that exit code is wrong when the
exit code is wrong.
|
|
|
|
Removed repeated "conflicts"
|