aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
11 hourssharedstorage: fix darwin & freebsd build failureLockSharedStorage_rebase2Jakob Unterwurzacher
11 hoursfusefrontend: sharedstorage: truncate: error out on failed file lockJakob Unterwurzacher
11 hourstests/cluster: fix possible fd exhaustionJakob Unterwurzacher
...and one typo.
11 hoursfusefrontend: LockSharedStorage: loop on EINTR, add debug outputJakob Unterwurzacher
11 hoursfusefrontend: sharedstorage: add two missing unlocksJakob Unterwurzacher
11 hoursfusefrontend: sharedstorage: introduce UnlockSharedStorage helperJakob Unterwurzacher
12 hoursfusefrontend: sharedstorage: lock truncate agains concurrent accessJakob Unterwurzacher
Prevent reads and writes concurrent with the truncate operation. It's racy on tmpfs and ext4 ( https://lore.kernel.org/all/18e9fa0f-ec31-9107-459c-ae1694503f87@gmail.com/t/ ) as evident by TestOpenTruncate test failures: === RUN TestOpenTruncate cluster_test.go:209: POSIX compliance issue: non-exlusive create failed with err=file exists doRead 16384215: corrupt block #0: cipher: message authentication failed ino16384215 fh8: RMW read failed: errno=5 cluster_test.go:214: iteration 1: WriteAt: write /tmp/gocryptfs-test-parent-1026/1358464214/TestOpenTruncate.1788296708.mnt2/foo: input/output error --- FAIL: TestOpenTruncate (0.06s) FAIL exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 7.880s Relates-to: https://github.com/rfjakob/gocryptfs/issues/56
12 hoursfusefrontend: sharedstorage: add warnings for lock failureJakob Unterwurzacher
Complain loudly when the underlying storage does not support byte-range locks. https://github.com/rfjakob/gocryptfs/issues/754
12 hoursfusefrontend: sharedstorage: retry read-path on EIO errorJakob Unterwurzacher
With -sharedstorage, when we get a decryption error, we lock the byte range and try again. This makes concurrent R/W safe agains torn writes. https://github.com/rfjakob/gocryptfs/issues/754
12 hourstests/cluster: enable TestClusterConcurrentRW per defaultJakob Unterwurzacher
Add the -sharedstorage flag to the mounts and make it more severe by adjusting the I/O and file sizes to arbitrary unaligned values. It passes *most of the time*. If it fails, it's like this, and the reason is that there is no fcntl locks in the READ path yet. gocryptfs/tests/cluster$ go test -run TestClusterConcurrentRW -v === RUN TestClusterConcurrentRW doRead 2895433: corrupt block #0: cipher: message authentication failed doRead 2895433: corrupt block #0: cipher: message authentication failed doRead 2895433: corrupt block #0: cipher: message authentication failed cluster_test.go:98: readThread iteration 9165: ReadAt failed: read /var/tmp/gocryptfs-test-parent-1026/3021427391/TestClusterConcurrentRW.366469887.mnt1/foo: input/output error --- FAIL: TestClusterConcurrentRW (0.40s) FAIL exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.406s
12 hoursfusefrontend: sharedstorage: add file content byte-range locksJakob Unterwurzacher
As we must write complete ciphertext blocks (except at EOF), non-overlapping plaintext writes can overlap in the ciphertext. And because overlapping writes can turn the data into data soup (see TestPoCTornWrite) we serialize them using fcntl locking.
12 hourstests/cluster: add TestPoCTornWriteLockedJakob Unterwurzacher
12 hourstests/cluster: note that ext4 provides no atomicityJakob Unterwurzacher
12 hourstests/cluster: add TestPoCTornWriteJakob Unterwurzacher
Scary. But explains why TestConcurrentCreate fails. gocryptfs/tests/cluster$ go test -run TestPoCTornWrite --- FAIL: TestPoCTornWrite (0.00s) poc_test.go:210: iteration 214: inconsistent block: d6d6d6d6d6d6d6d6d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1 FAIL
12 hoursfusefrontend: sharedstorage: keep file header on truncateJakob Unterwurzacher
With -sharedstorage, we keep the on-disk file header. Other mounts may have the file ID cached so we cannot mess with it. This makes TestOpenTruncate pass.
12 hourstests/cluster: add TestOpenTruncateJakob Unterwurzacher
This fails right now: 1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v === RUN TestOpenTruncate cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists doWrite 2898550: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000 cluster_test.go:240: iteration 1: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/1896094179/TestOpenTruncate.4202105280.mnt2/foo: input/output error --- FAIL: TestOpenTruncate (0.10s) FAIL exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.099s 1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v === RUN TestOpenTruncate cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists doRead 2898565: corrupt block #0: cipher: message authentication failed ino2898565 fh9: RMW read failed: errno=5 cluster_test.go:240: iteration 8: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/652691834/TestOpenTruncate.281532388.mnt1/foo: input/output error --- FAIL: TestOpenTruncate (0.09s) FAIL exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.095s
12 hourstests/cluster: add TestPoCHeaderCreationJakob Unterwurzacher
12 hourstests/cluster: add TestConcurrentCreateJakob Unterwurzacher
This exercises the byte-range locks we just added.
12 hoursfusefrontend: sharedstorage: use byte-range lock on file header creationJakob Unterwurzacher
Multiple host writing to the same empty file at the same time could have overwritten each other's newly created file header, leading to data corruption. Fix the race by placing a byte-range lock on the file when creating the file header.
34 hoursnew file: Documentation/pjdfstest.mdJakob Unterwurzacher
pjdfstest results
4 daysbuild(deps): bump golang.org/x/crypto from 0.45.0 to 0.52.0dependabot[bot]
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.45.0 to 0.52.0. - [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.52.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
4 daysbuild(deps): bump actions/checkout from 6 to 7dependabot[bot]
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
4 daysreverse: hide custom -config file located inside CIPHERDIRmaximilize
In reverse mode, a custom config file passed via -config that lives inside CIPHERDIR was presented as an ordinary encrypted file in the encrypted view, which is useless and confusing. By default the config is mapped to a virtual gocryptfs.conf, but ConfigCustom skips that mapping, so an in-CIPHERDIR custom config was neither mapped nor hidden. Plumb the config path into the reverse RootNode and treat a custom config file located inside CIPHERDIR as excluded in isExcludedPlain, hiding it from both readdir and lookup. Also document the -config reverse-mode behaviour in MANPAGE.md and add a regression test. Fixes #1009
2026-05-07mount: mount ro if cipherdir is on a ro filesystem (don't allow rw)Simon Pilkington
2026-04-26Update feature_flags.goDMyachin
use maps and slices instead of explicit for loop
2026-03-08build(deps): bump actions/upload-artifact from 6 to 7dependabot[bot]
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-03-08make formatfreebsd-supportJakob Unterwurzacher
2026-03-08Added basic support for FreeBSD.Ankush Patel
Freebsd-support: Change bash shebang to use /usr/bin/env Freebsd-support: Fix go vet "undefined" fixes when running make ci freebsd: stub xattr functions /proc/PID/fd does not exist on freebsd. freebsd-support: modify FchmodatNofollow for FreeBSD FreeBSD supports the Fchmodat system call, with the AT_SYMLINK_NOFOLLOW flag. FchmodatNofollow has been modified to use this system call and flag. freebsd-support: PR changes and fixes * Functions in fusefrontend_reverse/node_xattr_freebsd.go have been stubbed for now. * asuser_freebsd.go updated to only run f() when context is nil; otherwise log a warning and return an error. * emulate.go build flags updated, and FreeBSD specific version added. * sys_freebsd.go bug in Renameat2 with RENAME_EXCHANGE flag fixed. FreeBSD does not support atomic file swapping, so this flag now returns an error. * unix2syscall and atime is identical between FreeBSD and Darwin, updated filenames so Go will build the file for FreeBSD and Mac OS. freebsd-support: Addressed more PR comments and fixed build tags
2026-03-08tests: example_filesystems: more detailed errorsJakob Unterwurzacher
2026-03-08tests: only add -wpanic on linuxJakob Unterwurzacher
2026-02-10Fix issue with reverse mode and excluded virtual filesm4rc0d1
This fixes #686. Now the `gocryptfs.longname.*.name` are present and readable in the reverse mount, regardless of the complexity of the exclusion patterns. The main issue was a `cPath` instead of `dPath` for the exclude check in `fusefrontend_reverse/node_helpers.go`. Also added a check to avoid the exclusion of `gocryptfs.conf` in the root directory. The test run results are in line with the main branch. Fixes https://github.com/rfjakob/gocryptfs/issues/686
2026-02-10enable falloc on btrfs if CoW is disabledJared Van Bortel
2026-02-10syscallcompat: delete accidentially-commited debug outputJakob Unterwurzacher
Fixes: ab4c0446d3db0665fc2e9a05c0319541d21811eb
2026-02-10reverse: return ENOTTR when xattr name is not decryptableJakob Unterwurzacher
2026-02-09fusefrontend: convert mangleOpenFlags method to a functionJakob Unterwurzacher
No need to attach it to the root node. Also rename it to mangleOpenCreateFlags.
2026-02-09darwin: syscallcompat: Openat: use O_SYMLINKJakob Unterwurzacher
Also add tests that opening a symlink (using unix.O_PATH | unix.O_NOFOLLOW) works. https://github.com/rfjakob/gocryptfs/issues/993
2026-02-09darwin: fusefrontend: use O_SYMLINK for get,set,remove,listxattrJakob Unterwurzacher
With O_NOFOLLOW we error out with ELOOP when the user tries to manipulate symlinks. https://github.com/rfjakob/gocryptfs/issues/993
2026-02-08tests/reverse: add TestXattrGetMountpointJakob Unterwurzacher
Fails right now: gocryptfs/tests/reverse$ go test -run TestXattrGetMountpoint --- FAIL: TestXattrGetMountpoint (0.00s) xattr_test.go:78: LGet: xattr.get /var/tmp/gocryptfs-test-parent-1026/3269496664/x.3903415542.mnt user.foo453465324: invalid argument xattr_test.go:82: LList: err=<nil> FAIL testcases[0] = struct { plaintextnames bool; deterministic_names bool }{plaintextnames:false, deterministic_names:false} failed exit status 1 FAIL github.com/rfjakob/gocryptfs/v2/tests/reverse 0.091s
2026-02-08Add profiling/tinyfiles.bashJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/965
2026-02-03performance.txt: add latest numbersJakob Unterwurzacher
Much better
2026-02-03syscallcompat: Listxattr: smart buffer sizingJakob Unterwurzacher
2026-02-03performance.txt: add latest numbersJakob Unterwurzacher
2026-02-03go.mod: bump go-fuse to v2.9.0Jakob Unterwurzacher
2026-02-03performance.txt: fill in missing versionsJakob Unterwurzacher
The LS numbers regressed quite a bit
2026-02-01syscallcompat: DetectQuirks: unbreak darwinJakob Unterwurzacher
Error: internal/syscallcompat/quirks_darwin.go:36:3: undefined: logQuirk
2026-02-01syscallcompat: DetectQuirks: suppress Btrfs message when -noprealloc has ↵Jakob Unterwurzacher
been passed Reported by @Tunoac, https://github.com/rfjakob/gocryptfs/issues/395#issuecomment-3828507487
2026-01-29go.mod: bump emeJakob Unterwurzacher
2026-01-24macos: normalize unicode file names in forward mode (#992)rfjakob
Summary: Store as NFC, read as NFD. This commit resolves https://github.com/rfjakob/gocryptfs/issues/850 by addressing Unicode normalization mismatches on macOS between NFC (used by CLI tools) and NFD (used by GUI apps). The solution is inspired by Cryptomator's approach ( https://github.com/cryptomator/cryptomator/issues/264 ). Forward mode on MacOS now enforces NFC for storage but presents NFD as recommended by https://developer.apple.com/library/archive/qa/qa1173/_index.html and https://github.com/macfuse/macfuse/wiki/File-Names-(Unicode-Normalization-Forms) . See https://github.com/rfjakob/gocryptfs/pull/949 for more info. This commit does nothing for reverse mode as it is not clear if anything can be done. Reverse mode can not influence how the file names are stored, hence mapping normalized names back to what is actually on disk seems difficult.
2026-01-18added -noxattr flag which ignores all xattr operations (#987)Jarek Kowalski
* added -noxattr flag which ignores all xattr operations
2026-01-07Update hkdf.goDMyachin
Use hkdf from stable api instead of eXperimental