| Age | Commit message (Collapse) | Author |
|
|
|
|
|
...and one typo.
|
|
|
|
|
|
|
|
Prevent reads and writes concurrent with the truncate operation. It's
racy on tmpfs and ext4 ( https://lore.kernel.org/all/18e9fa0f-ec31-9107-459c-ae1694503f87@gmail.com/t/ )
as evident by TestOpenTruncate test failures:
=== RUN TestOpenTruncate
cluster_test.go:209: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 16384215: corrupt block #0: cipher: message authentication failed
ino16384215 fh8: RMW read failed: errno=5
cluster_test.go:214: iteration 1: WriteAt: write /tmp/gocryptfs-test-parent-1026/1358464214/TestOpenTruncate.1788296708.mnt2/foo: input/output error
--- FAIL: TestOpenTruncate (0.06s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 7.880s
Relates-to: https://github.com/rfjakob/gocryptfs/issues/56
|
|
Complain loudly when the underlying storage does not support
byte-range locks.
https://github.com/rfjakob/gocryptfs/issues/754
|
|
With -sharedstorage, when we get a decryption error, we lock the
byte range and try again.
This makes concurrent R/W safe agains torn writes.
https://github.com/rfjakob/gocryptfs/issues/754
|
|
Add the -sharedstorage flag to the mounts and make it more
severe by adjusting the I/O and file sizes to arbitrary unaligned
values.
It passes *most of the time*.
If it fails, it's like this, and the reason is that there is no
fcntl locks in the READ path yet.
gocryptfs/tests/cluster$ go test -run TestClusterConcurrentRW -v
=== RUN TestClusterConcurrentRW
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
doRead 2895433: corrupt block #0: cipher: message authentication failed
cluster_test.go:98: readThread iteration 9165: ReadAt failed: read /var/tmp/gocryptfs-test-parent-1026/3021427391/TestClusterConcurrentRW.366469887.mnt1/foo: input/output error
--- FAIL: TestClusterConcurrentRW (0.40s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.406s
|
|
As we must write complete ciphertext blocks (except at EOF), non-overlapping
plaintext writes can overlap in the ciphertext.
And because overlapping writes can turn the data into data soup (see
TestPoCTornWrite) we serialize them using fcntl locking.
|
|
|
|
|
|
Scary. But explains why TestConcurrentCreate fails.
gocryptfs/tests/cluster$ go test -run TestPoCTornWrite
--- FAIL: TestPoCTornWrite (0.00s)
poc_test.go:210: iteration 214: inconsistent block: d6d6d6d6d6d6d6d6d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1
FAIL
|
|
With -sharedstorage, we keep the on-disk file header.
Other mounts may have the file ID cached so we cannot mess with it.
This makes TestOpenTruncate pass.
|
|
This fails right now:
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doWrite 2898550: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
cluster_test.go:240: iteration 1: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/1896094179/TestOpenTruncate.4202105280.mnt2/foo: input/output error
--- FAIL: TestOpenTruncate (0.10s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.099s
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 2898565: corrupt block #0: cipher: message authentication failed
ino2898565 fh9: RMW read failed: errno=5
cluster_test.go:240: iteration 8: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/652691834/TestOpenTruncate.281532388.mnt1/foo: input/output error
--- FAIL: TestOpenTruncate (0.09s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.095s
|
|
|
|
This exercises the byte-range locks we just added.
|
|
Multiple host writing to the same empty file at the same time
could have overwritten each other's newly created file header,
leading to data corruption.
Fix the race by placing a byte-range lock on the file when
creating the file header.
|
|
pjdfstest results
|
|
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.45.0 to 0.52.0.
- [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.52.0)
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.52.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
In reverse mode, a custom config file passed via -config that lives inside
CIPHERDIR was presented as an ordinary encrypted file in the encrypted view,
which is useless and confusing. By default the config is mapped to a virtual
gocryptfs.conf, but ConfigCustom skips that mapping, so an in-CIPHERDIR custom
config was neither mapped nor hidden.
Plumb the config path into the reverse RootNode and treat a custom config file
located inside CIPHERDIR as excluded in isExcludedPlain, hiding it from both
readdir and lookup. Also document the -config reverse-mode behaviour in
MANPAGE.md and add a regression test.
Fixes #1009
|
|
|
|
use maps and slices instead of explicit for loop
|
|
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
Freebsd-support: Change bash shebang to use /usr/bin/env
Freebsd-support: Fix go vet "undefined" fixes when running make ci
freebsd: stub xattr functions
/proc/PID/fd does not exist on freebsd.
freebsd-support: modify FchmodatNofollow for FreeBSD
FreeBSD supports the Fchmodat system call, with the AT_SYMLINK_NOFOLLOW
flag. FchmodatNofollow has been modified to use this system call and
flag.
freebsd-support: PR changes and fixes
* Functions in fusefrontend_reverse/node_xattr_freebsd.go have been
stubbed for now.
* asuser_freebsd.go updated to only run f() when context is nil;
otherwise log a warning and return an error.
* emulate.go build flags updated, and FreeBSD specific version added.
* sys_freebsd.go bug in Renameat2 with RENAME_EXCHANGE flag fixed.
FreeBSD does not support atomic file swapping, so this flag now
returns an error.
* unix2syscall and atime is identical between FreeBSD and Darwin,
updated filenames so Go will build the file for FreeBSD and Mac OS.
freebsd-support: Addressed more PR comments and fixed build tags
|
|
|
|
|
|
This fixes #686. Now the `gocryptfs.longname.*.name` are present and readable in the
reverse mount, regardless of the complexity of the exclusion patterns.
The main issue was a `cPath` instead of `dPath` for the exclude check in
`fusefrontend_reverse/node_helpers.go`. Also added a check to avoid the exclusion of
`gocryptfs.conf` in the root directory.
The test run results are in line with the main branch.
Fixes https://github.com/rfjakob/gocryptfs/issues/686
|
|
|
|
Fixes: ab4c0446d3db0665fc2e9a05c0319541d21811eb
|
|
|
|
No need to attach it to the root node. Also rename it
to mangleOpenCreateFlags.
|
|
Also add tests that opening a symlink (using unix.O_PATH | unix.O_NOFOLLOW)
works.
https://github.com/rfjakob/gocryptfs/issues/993
|
|
With O_NOFOLLOW we error out with ELOOP when the user tries
to manipulate symlinks.
https://github.com/rfjakob/gocryptfs/issues/993
|
|
Fails right now:
gocryptfs/tests/reverse$ go test -run TestXattrGetMountpoint
--- FAIL: TestXattrGetMountpoint (0.00s)
xattr_test.go:78: LGet: xattr.get /var/tmp/gocryptfs-test-parent-1026/3269496664/x.3903415542.mnt user.foo453465324: invalid argument
xattr_test.go:82: LList: err=<nil>
FAIL
testcases[0] = struct { plaintextnames bool; deterministic_names bool }{plaintextnames:false, deterministic_names:false} failed
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/reverse 0.091s
|
|
https://github.com/rfjakob/gocryptfs/issues/965
|
|
Much better
|
|
|
|
|
|
|
|
The LS numbers regressed quite a bit
|
|
Error: internal/syscallcompat/quirks_darwin.go:36:3: undefined: logQuirk
|
|
been passed
Reported by @Tunoac, https://github.com/rfjakob/gocryptfs/issues/395#issuecomment-3828507487
|
|
|
|
Summary: Store as NFC, read as NFD.
This commit resolves https://github.com/rfjakob/gocryptfs/issues/850
by addressing Unicode normalization mismatches on macOS between NFC
(used by CLI tools) and NFD (used by GUI apps). The solution is inspired
by Cryptomator's approach ( https://github.com/cryptomator/cryptomator/issues/264 ).
Forward mode on MacOS now enforces NFC for storage but presents NFD
as recommended by https://developer.apple.com/library/archive/qa/qa1173/_index.html
and https://github.com/macfuse/macfuse/wiki/File-Names-(Unicode-Normalization-Forms) .
See https://github.com/rfjakob/gocryptfs/pull/949 for more info.
This commit does nothing for reverse mode as it is not clear if
anything can be done. Reverse mode can not influence how the
file names are stored, hence mapping normalized names back to
what is actually on disk seems difficult.
|
|
* added -noxattr flag which ignores all xattr operations
|
|
Use hkdf from stable api instead of eXperimental
|