Age | Commit message (Collapse) | Author |
|
|
|
|
|
Unlike the FUSE implementation on Linux, macFUSE doesn't cache the file
attributes from the `LOOKUP` call, so it calls `GETATTR` prior to
accessing a file.
In the case of the `VirtualConfNode` (reverse config file passthrough),
this resulted in the default `GETATTR` implementation returning an empty
result, ultimately resulting in a "permission denied" error.
14:44:14.095207 rx 3: GETATTR n2
14:44:14.095229 tx 3: OK, {tA=1s {M0100000 SZ=0 L=0 0:0 0 0:8954996 A 0.000000 M 0.000000 C 0.000000}}
14:44:14.099943 rx 4: ACCESS n2 {u=501 g=20 r}
14:44:14.099990 tx 4: 13=permission denied
By impementing `Getattr` (from `fs.NodeGetattrer`) on `VirtualConfNode`
this solves the issue.
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/646
|
|
After running "make root_test" a few times df would look like this,
no good:
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
[...]
/dev/loop11 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/4081611019/TestDiskFull.ext4.mnt
/dev/loop12 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/1959939106/TestDiskFull.ext4.mnt
/dev/loop13 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2455888382/TestDiskFull.ext4.mnt
/dev/loop14 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2002998275/TestDiskFull.ext4.mnt
/dev/loop15 8729 8525 0 100% /var/tmp/gocryptfs-test-parent-0/806736609/TestDiskFull.ext4.mnt
/dev/loop16 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/4050106930/TestDiskFull.ext4.mnt
/dev/loop17 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/1661931756/TestDiskFull.ext4.mnt
/dev/loop18 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/617990718/TestDiskFull.ext4.mnt
/dev/loop19 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/3194420338/TestDiskFull.ext4.mnt
/dev/loop20 8729 8525 0 100% /tmp/gocryptfs-test-parent-0/2180745159/TestDiskFull.ext4.mnt
Turns out the unmount failed with EBUSY, so use lazy
unmount.
|
|
|
|
Looks like https://github.com/rfjakob/gocryptfs/commit/86d8336b43418c028c34c37f06fcbd43ab0d44a1
forgot to add the option to the manpage.
|
|
These don't have os.ReadDir yet.
Error was:
Error: vet: tests/defaults/overlayfs_test.go:104:15: ReadDir not declared by package os
|
|
Looks like the FUSE protocol does support O_TMPFILE yet.
https://github.com/rfjakob/gocryptfs/issues/641
|
|
$ ./crossbuild.bash
[...]
+ GOOS=darwin
+ GOARCH=amd64
+ build
+ go build -tags without_openssl -o /dev/null
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_EXCHANGE (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:397:2: duplicate case syscallcompat.RENAME_WHITEOUT (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
internal/fusefrontend/node.go:399:38: duplicate case syscallcompat.RENAME_NOREPLACE | syscallcompat.RENAME_WHITEOUT (value 0) in switch
previous case at internal/fusefrontend/node.go:397:7
|
|
f
|
|
Both new internal test and xfstests generic/013 are happy.
https://github.com/rfjakob/gocryptfs/issues/641
|
|
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/629
|
|
This way we get live output, and hopefully see clearer
where things hang if they do.
Also, don't pass on flags to "go vet", the verbose output
is pretty useless.
https://github.com/rfjakob/gocryptfs/issues/625
|
|
(1)
Create a 1 GiB file instead of 1 TiB, because
apparently, on MacOS, the file (sometimes?) is not
created sparse, and fills up users' disks:
https://github.com/rfjakob/gocryptfs/issues/625
(2)
On darwin, SEEK_DATA is not the same as on Linux
( https://github.com/golang/go/commit/2f8b555de27198775f9606e001ef19b76efdb415 )
so use the value provided by the unix package.
|
|
This allows cleanups to happen in the caller, like removing
the control socket.
Fixes https://github.com/rfjakob/gocryptfs/issues/634
|
|
This fails at the moment:
$ go test ./tests/cli/
--- FAIL: TestMountPasswordEmpty (0.01s)
cli_test.go:430: socket file "/tmp/gocryptfs-test-parent-1026/3413782690/TestMountPasswordEmpty.753166857.sock" left behind
https://github.com/rfjakob/gocryptfs/issues/634
|
|
|
|
We want
https://github.com/hanwen/go-fuse/commit/934a183ed91446d218b5471c4df9f93db039f6e
"fuse: prefer fusermount3 over fusermount; add debug output"
Fixes https://github.com/rfjakob/gocryptfs/issues/626
|
|
xattr names have fewer restrictions than file names,
relax the validation.
Fixes https://github.com/rfjakob/gocryptfs/issues/627
|
|
This
gocryptfs -init /does/not/exist 2> err.log
used to write escape codes into err.log. Stop doing that.
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/617
|
|
Running the tests we have lots of these:
Openat: O_NOFOLLOW missing: flags = 0x4
-wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4
panic: -wpanic turns this warning into a panic: Openat: O_NOFOLLOW missing: flags = 0x4
goroutine 114 [running]:
log.(*Logger).Panic(0x14000118280, {0x14000313ca8, 0x1, 0x1})
log/log.go:224 +0x90
github.com/rfjakob/gocryptfs/v2/internal/tlog.(*toggledLogger).Printf(0x14000076780, {0x1009dc2e8, 0x27}, {0x14000313d18, 0x1, 0x1})
github.com/rfjakob/gocryptfs/v2/internal/tlog/log.go:78 +0x168
github.com/rfjakob/gocryptfs/v2/internal/syscallcompat.Openat(0x9, {0x1009d0747, 0x1}, 0x4, 0x0)
github.com/rfjakob/gocryptfs/v2/internal/syscallcompat/sys_common.go:59 +0xf0
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).getXAttr(0x14000142000, {0x1400001c140, 0x3a})
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr_darwin.go:30 +0x8c
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).Getxattr(0x14000142000, {0x100a7eba0, 0x1400000c2e8}, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000})
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node_xattr.go:65 +0x1ac
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetXAttr(0x1400008e140, 0x140001901e0, 0x140001133c0, {0x14000016348, 0x14}, {0x14000326000, 0x20, 0x4000})
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fs/bridge.go:685 +0x114
github.com/hanwen/go-fuse/v2/fuse.doGetXAttr(0x14000144000, 0x14000113200)
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/opcode.go:270 +0x224
github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0x14000144000, 0x14000113200)
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:499 +0x214
created by github.com/hanwen/go-fuse/v2/fuse.(*Server).loop
github.com/hanwen/go-fuse/v2@v2.1.1-0.20210825171523-3ab5d95a30ae/fuse/server.go:470 +0xac
https://github.com/rfjakob/gocryptfs/issues/625
|
|
Regression test for https://github.com/rfjakob/gocryptfs/issues/623
Fixes https://github.com/rfjakob/gocryptfs/issues/623
|
|
This does not work neither make sense on MacOS.
|
|
Creat() is equivalent to Open(..., O_CREAT|O_WRONLY|O_TRUNC, ...)
and MacOS does not have syscall.Creat().
https://github.com/rfjakob/gocryptfs/issues/623
|
|
This will allow easy expansion of build steps.
|
|
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/621
|
|
Quoting fusefrontend_reverse/node_helpers.go :
// File names are padded to 16-byte multiples, encrypted and
// base64-encoded. We can encode at most 176 bytes to stay below the 255
// bytes limit:
// * base64(176 bytes) = 235 bytes
// * base64(192 bytes) = 256 bytes (over 255!)
// But the PKCS#7 padding is at least one byte. This means we can only use
// 175 bytes for the file name.
Noticed by @bailey27 at https://github.com/rfjakob/gocryptfs/issues/499#issuecomment-955790427
|
|
Failure is:
# github.com/rfjakob/gocryptfs/v2/internal/nametransform
internal/nametransform/names.go:47:33: undefined: math.MaxInt
math.MaxInt was only introduced in Go 1.17. Use MaxInt32 instead,
which is good enough, even on amd64. It only has to be larger than
any name we might encounter.
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/499
|
|
Feature flag + numeric paramater
https://github.com/rfjakob/gocryptfs/issues/499
|
|
Determines when to start hashing long names instead
of hardcoded 255. Will be used to alleviate "name too long"
issues some users see on cloud storage.
https://github.com/rfjakob/gocryptfs/issues/499
|
|
Because switch only matches once, we could have missed invalid
cases.
Replace the switch statements with a straight if rake.
|
|
|
|
Jobs currently fail like this:
/usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf
fs.Mount failed: fusermount exited with code 256
--- FAIL: TestForceOwner (0.05s)
main_test.go:438: mount failed: exit status 19
FAIL
FAIL github.com/rfjakob/gocryptfs/v2/tests/defaults 1.584s
|
|
|
|
https://github.com/rfjakob/gocryptfs/issues/609
https://github.com/rfjakob/gocryptfs/pull/610
|
|
Reported by codacity:
internal/cryptocore/cryptocore.go
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendAESSIV; it will be inferred from the right-hand side
var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305; it will be inferred from the right-hand side
var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305OpenSSL; it will be inferred from the right-hand side
var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX}
Found 2 possible new issues
internal/cryptocore/cryptocore.go
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendOpenSSL; it will be inferred from the right-hand side
var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16}
Minor icon MINOR
Code Style
should omit type AEADTypeEnum from declaration of var BackendGoGCM; it will be inferred from the right-hand side
var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16}
|
|
GNU date syntax does not work on macos.
Fixes https://github.com/rfjakob/gocryptfs/issues/570
|
|
Example on Raspberry Pi 4:
$ ./gocryptfs/gocryptfs -init $(mktemp -d)
Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance.
Choose a password for protecting your files.
Password:
https://github.com/rfjakob/gocryptfs/issues/607
|
|
Example:
$ ./gocryptfs -info ./tests/example_filesystems/v2.2-xchacha/
Creator: gocryptfs v2.1-27-gabaa129-dirty.xchacha
FeatureFlags: HKDF XChaCha20Poly1305 DirIV EMENames LongNames Raw64
EncryptedKey: 64B
ScryptObject: Salt=32B N=1024 R=8 P=1 KeyLen=32
contentEncryption: XChaCha20-Poly1305
|
|
Used in gocryptfs-xray, and will also be used in -info.
|
|
|
|
This allows to anchor-link in to each release.
|
|
pkg.go.dev really wants that we want to comply with
https://golang.org/doc/modules/version-numbers .
Trying v2.2-beta1 as in
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2@v2.2-beta1
said "v2.2-beta1 is not a valid semantic version.".
|
|
When somebody posts "gocryptfs -speed" results, they are
most helpful together with the CPU model. Add the cpu model
to the output.
Example:
$ ./gocryptfs -speed
gocryptfs v2.2.0-beta1-5-g52b0444-dirty; go-fuse v2.1.1-0.20210825171523-3ab5d95a30ae; 2021-09-14 go1.17.1 linux/amd64
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL 862.79 MB/s
AES-GCM-256-Go 997.71 MB/s (selected in auto mode)
AES-SIV-512-Go 159.58 MB/s
XChaCha20-Poly1305-OpenSSL 729.65 MB/s
XChaCha20-Poly1305-Go 843.97 MB/s (selected in auto mode)
|
|
Makes the code clearer, and will be used in the next commit.
|