aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-07-24Create codeql-analysis.ymlcodeqlrfjakob
2022-06-26Fix typosYuta Hayashibe
2022-04-02Fix reverse gocryptfs.conf access on macOSVal
Unlike the FUSE implementation on Linux, macFUSE doesn't cache the file attributes from the `LOOKUP` call, so it calls `GETATTR` prior to accessing a file. In the case of the `VirtualConfNode` (reverse config file passthrough), this resulted in the default `GETATTR` implementation returning an empty result, ultimately resulting in a "permission denied" error. 14:44:14.095207 rx 3: GETATTR n2 14:44:14.095229 tx 3: OK, {tA=1s {M0100000 SZ=0 L=0 0:0 0 0:8954996 A 0.000000 M 0.000000 C 0.000000}} 14:44:14.099943 rx 4: ACCESS n2 {u=501 g=20 r} 14:44:14.099990 tx 4: 13=permission denied By impementing `Getattr` (from `fs.NodeGetattrer`) on `VirtualConfNode` this solves the issue.
2022-03-19MANPAGE: document that -scryptn also applies to -passwdJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/646
2022-01-27root_test: fix leftover loop mountJakob Unterwurzacher
After running "make root_test" a few times df would look like this, no good: $ df Filesystem 1K-blocks Used Available Use% Mounted on [...] /dev/loop11 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/4081611019/TestDiskFull.ext4.mnt /dev/loop12 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/1959939106/TestDiskFull.ext4.mnt /dev/loop13 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2455888382/TestDiskFull.ext4.mnt /dev/loop14 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2002998275/TestDiskFull.ext4.mnt /dev/loop15 8729 8525 0 100% /var/tmp/gocryptfs-test-parent-0/806736609/TestDiskFull.ext4.mnt /dev/loop16 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/4050106930/TestDiskFull.ext4.mnt /dev/loop17 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/1661931756/TestDiskFull.ext4.mnt /dev/loop18 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/617990718/TestDiskFull.ext4.mnt /dev/loop19 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/3194420338/TestDiskFull.ext4.mnt /dev/loop20 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2180745159/TestDiskFull.ext4.mnt Turns out the unmount failed with EBUSY, so use lazy unmount.
2022-01-27root_test: add TestOverlay ; syscallcompat: add QuirkNoUserXattrJakob Unterwurzacher
2022-01-22MANPAGE: add missing -acl sectionJakob Unterwurzacher
Looks like https://github.com/rfjakob/gocryptfs/commit/86d8336b43418c028c34c37f06fcbd43ab0d44a1 forgot to add the option to the manpage.
2022-01-22tests: fix build failure on Go 1.15 and olderJakob Unterwurzacher
These don't have os.ReadDir yet. Error was: Error: vet: tests/defaults/overlayfs_test.go:104:15: ReadDir not declared by package os
2022-01-22tests: add skipped O_TMPFILE testJakob Unterwurzacher
Looks like the FUSE protocol does support O_TMPFILE yet. https://github.com/rfjakob/gocryptfs/issues/641
2022-01-22fusefrontend: fix "duplicate case" darwin build failureJakob Unterwurzacher
$ ./crossbuild.bash [...] + GOOS=darwin + GOARCH=amd64 + build + go build -tags without_openssl -o /dev/null internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_EXCHANGE (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_WHITEOUT (value 0) in switch previous case at internal/fusefrontend/node.go:397:7 internal/fusefrontend/node.go:399:38: duplicate case syscallcompat.RENAME_NOREPLACE | syscallcompat.RENAME_WHITEOUT (value 0) in switch previous case at internal/fusefrontend/node.go:397:7
2022-01-22tests: add TestRenameWhiteout, TestRenameExchangeJakob Unterwurzacher
f
2022-01-22fusefrontend: support RENAME_WHITEOUT, RENAME_EXCHANGEJakob Unterwurzacher
Both new internal test and xfstests generic/013 are happy. https://github.com/rfjakob/gocryptfs/issues/641
2022-01-22tests: enable -fusedebug if FUSEDEBUG env is setJakob Unterwurzacher
2022-01-10fusefrontend: fix -force_owner not affecting MKNODJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/629
2022-01-04test.bash: disable parallelism in verbose modeJakob Unterwurzacher
This way we get live output, and hopefully see clearer where things hang if they do. Also, don't pass on flags to "go vet", the verbose output is pretty useless. https://github.com/rfjakob/gocryptfs/issues/625
2022-01-04tests: improve SEEK_DATA test for MacOSJakob Unterwurzacher
(1) Create a 1 GiB file instead of 1 TiB, because apparently, on MacOS, the file (sometimes?) is not created sparse, and fills up users' disks: https://github.com/rfjakob/gocryptfs/issues/625 (2) On darwin, SEEK_DATA is not the same as on Linux ( https://github.com/golang/go/commit/2f8b555de27198775f9606e001ef19b76efdb415 ) so use the value provided by the unix package.
2022-01-03readpassword: bubble up errors instead of exiting the processJakob Unterwurzacher
This allows cleanups to happen in the caller, like removing the control socket. Fixes https://github.com/rfjakob/gocryptfs/issues/634
2022-01-03tests/cli: Check for leftover socket fileJakob Unterwurzacher
This fails at the moment: $ go test ./tests/cli/ --- FAIL: TestMountPasswordEmpty (0.01s) cli_test.go:430: socket file "/tmp/gocryptfs-test-parent-1026/3413782690/TestMountPasswordEmpty.753166857.sock" left behind https://github.com/rfjakob/gocryptfs/issues/634
2021-12-19nametransform: fix oversight in commentJakob Unterwurzacher
2021-12-19go.mod: upgrade go-fuseJakob Unterwurzacher
We want https://github.com/hanwen/go-fuse/commit/934a183ed91446d218b5471c4df9f93db039f6e "fuse: prefer fusermount3 over fusermount; add debug output" Fixes https://github.com/rfjakob/gocryptfs/issues/626
2021-12-19fusefrontend: allow slashes in xattr namesJakob Unterwurzacher
xattr names have fewer restrictions than file names, relax the validation. Fixes https://github.com/rfjakob/gocryptfs/issues/627
2021-12-11tlog: only enable color if both stderr and stdout are a terminalJakob Unterwurzacher
This gocryptfs -init /does/not/exist 2> err.log used to write escape codes into err.log. Stop doing that.
2021-12-11tlog: respect NO_COLORJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/617
2021-12-09darwin: use O_NOFOLLOW for xattr opensJakob Unterwurzacher
Running the tests we have lots of these: Openat: O_NOFOLLOW missing: flags = 0x4 -wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4 panic: -wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4 goroutine 114 [running]: log.(*Logger).Panic(0x14000118280, {0x14000313ca8, 0x1, 0x1}) log/log.go:224 +0x90 github.com/rfjakob/gocryptfs/v2/internal/tlog.(*toggledLogger).Printf(0x14000076780, {0x1009dc2e8, 0x27}, {0x14000313d18, 0x1, 0x1}) github.com/rfjakob/gocryptfs/v2/internal/tlog/log.go:78 +0x168 github.com/rfjakob/gocryptfs/v2/internal/syscallcompat.Openat(0x9, {0x1009d0747, 0x1}, 0x4, 0x0) github.com/rfjakob/gocryptfs/v2/internal/syscallcompat/sys_common.go:59 +0xf0 github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).getXAttr(0x14000142000, {0x1400001c140, 0x3a}) github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr_darwin.go:30 +0x8c github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).Getxattr(0x14000142000, {0x100a7eba0, 0x1400000c2e8}, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000}) github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr.go:65 +0x1ac github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetXAttr(0x1400008e140, 0x140001901e0, 0x140001133c0, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000}) github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fs/bridge.go:685 +0x114 github.com/hanwen/go-fuse/v2/fuse.doGetXAttr(0x14000144000, 0x14000113200) github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/opcode.go:270 +0x224 github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0x14000144000, 0x14000113200) github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:499 +0x214 created by github.com/hanwen/go-fuse/v2/fuse.(*Server).loop github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:470 +0xac https://github.com/rfjakob/gocryptfs/issues/625
2021-12-08test.bash, crossbuild: catch MacOS test build failuresJakob Unterwurzacher
Regression test for https://github.com/rfjakob/gocryptfs/issues/623 Fixes https://github.com/rfjakob/gocryptfs/issues/623
2021-12-08root_test, getdents-debug: restrict to linuxJakob Unterwurzacher
This does not work neither make sense on MacOS.
2021-12-08tests: convert Creat() calls to Open()Jakob Unterwurzacher
Creat() is equivalent to Open(..., O_CREAT|O_WRONLY|O_TRUNC, ...) and MacOS does not have syscall.Creat(). https://github.com/rfjakob/gocryptfs/issues/623
2021-12-08crossbuild.bash: use shell function instead of variableJakob Unterwurzacher
This will allow easy expansion of build steps.
2021-12-04MANPAGE: fix typoJakob Unterwurzacher
2021-12-04MANPAGE: -extpass: document dash duplication bugJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/621
2021-11-01docs: names longer than 175 bytes (not 176) are stored in longnamesJakob Unterwurzacher
Quoting fusefrontend_reverse/node_helpers.go : // File names are padded to 16-byte multiples, encrypted and // base64-encoded. We can encode at most 176 bytes to stay below the 255 // bytes limit: // * base64(176 bytes) = 235 bytes // * base64(192 bytes) = 256 bytes (over 255!) // But the PKCS#7 padding is at least one byte. This means we can only use // 175 bytes for the file name. Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
2021-10-21nametransform: fix math.MaxInt build failure on older GoJakob Unterwurzacher
Failure is: # github.com/rfjakob/gocryptfs/v2/internal/nametransform internal/nametransform/names.go:47:33: undefined: math.MaxInt math.MaxInt was only introduced in Go 1.17. Use MaxInt32 instead, which is good enough, even on amd64. It only has to be larger than any name we might encounter.
2021-10-21cli: add -longnamemaxJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21configfile: add LongNameMax supportJakob Unterwurzacher
Feature flag + numeric paramater https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21nametransform: add longNameMax parameterJakob Unterwurzacher
Determines when to start hashing long names instead of hardcoded 255. Will be used to alleviate "name too long" issues some users see on cloud storage. https://github.com/rfjakob/gocryptfs/issues/499
2021-10-21configfile: replace broken switch/case logic with ifJakob Unterwurzacher
Because switch only matches once, we could have missed invalid cases. Replace the switch statements with a straight if rake.
2021-10-20README: update changelog for v2.2.1v2.2.1Jakob Unterwurzacher
2021-10-15github actions: fix allow_other failureallow_otherJakob Unterwurzacher
Jobs currently fail like this: /usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf fs.Mount failed: fusermount exited with code 256 --- FAIL: TestForceOwner (0.05s) main_test.go:438: mount failed: exit status 19 FAIL FAIL github.com/rfjakob/gocryptfs/v2/tests/defaults 1.584s
2021-10-15fusefrontend: honor ForceOwner for LOOKUP and CREATE operationsCharles Duffy
2021-10-15tests: add TestForceOwnerJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/609 https://github.com/rfjakob/gocryptfs/pull/610
2021-09-28cryptocore: simplify declarationsJakob Unterwurzacher
Reported by codacity: internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendAESSIV; it will be inferred from the right-hand side var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305; it will be inferred from the right-hand side var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305OpenSSL; it will be inferred from the right-hand side var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} Found 2 possible new issues internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendOpenSSL; it will be inferred from the right-hand side var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendGoGCM; it will be inferred from the right-hand side var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16}
2021-09-28build.bash: also try BSD date syntax for converting SOURCE_DATE_EPOCHJakob Unterwurzacher
GNU date syntax does not work on macos. Fixes https://github.com/rfjakob/gocryptfs/issues/570
2021-09-28-init: suggest xchacha if we don't have AES accelJakob Unterwurzacher
Example on Raspberry Pi 4: $ ./gocryptfs/gocryptfs -init $(mktemp -d) Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance. Choose a password for protecting your files. Password: https://github.com/rfjakob/gocryptfs/issues/607
2021-09-28-info: add contentEncryptionJakob Unterwurzacher
Example: $ ./gocryptfs -info ./tests/example_filesystems/v2.2-xchacha/ Creator: gocryptfs v2.1-27-gabaa129-dirty.xchacha FeatureFlags: HKDF XChaCha20Poly1305 DirIV EMENames LongNames Raw64 EncryptedKey: 64B ScryptObject: Salt=32B N=1024 R=8 P=1 KeyLen=32 contentEncryption: XChaCha20-Poly1305
2021-09-28cryptocore: disentangle algorithm / library implementation nameJakob Unterwurzacher
Used in gocryptfs-xray, and will also be used in -info.
2021-09-25README: set v2.2.0 release datev2.2.0Jakob Unterwurzacher
2021-09-25README: make changelog entries subheadingsJakob Unterwurzacher
This allows to anchor-link in to each release.
2021-09-15README: release will be called v2.2.0 instead of v2.2v2.2.0-beta2Jakob Unterwurzacher
pkg.go.dev really wants that we want to comply with https://golang.org/doc/modules/version-numbers . Trying v2.2-beta1 as in https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2@v2.2-beta1 said "v2.2-beta1 is not a valid semantic version.".
2021-09-14-speed: print cpu modelJakob Unterwurzacher
When somebody posts "gocryptfs -speed" results, they are most helpful together with the CPU model. Add the cpu model to the output. Example: $ ./gocryptfs -speed gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64 cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration AES-GCM-256-OpenSSL 862.79 MB/s AES-GCM-256-Go 997.71 MB/s (selected in auto mode) AES-SIV-512-Go 159.58 MB/s XChaCha20-Poly1305-OpenSSL 729.65 MB/s XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
2021-09-14stupidgcm: add CpuHasAES()Jakob Unterwurzacher
Makes the code clearer, and will be used in the next commit.