aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-06-04Remove obsolete TODO.mdJakob Unterwurzacher
This file has been obsolete for some time, TODOs are no longer tracked here but on github.
2017-06-01golint: get rid of underscore warnings for good.Jakob Unterwurzacher
We got another warning for force_other: cli_args.go:26:45: don't use underscores in Go names; struct field force_owner should be forceOwner Use a broader grep.
2017-06-01fusefrontend: write: consolidate and move encryption to contentencJakob Unterwurzacher
Collect all the plaintext and pass everything to contentenc in one call. This will allow easier parallization of the encryption. https://github.com/rfjakob/gocryptfs/issues/116
2017-06-01Don't cap GOMAXPROCS at 4.Jakob Unterwurzacher
Before Go 1.5, GOMAXPROCS defaulted to 1, hence it made sense to unconditionally increase it to 4. But since Go 1.5, GOMAXPROCS defaults to the number of cores, so don't keep it from increasing above 4. Also, update the performance numbers.
2017-06-01Fix two commentsJakob Unterwurzacher
One out-of-date and the other with a typo.
2017-06-01main: increase max write size to maximumJakob Unterwurzacher
Previously, it was at the go-fuse default of 64KiB. Getting bigger writes should increase throughput somewhat. Testing on tmpfs shows an improvement from 112MiB/s to 120MiB/s.
2017-06-01Implement force_owner option to display ownership as a specific user.Charles Duffy
2017-05-31pathiv: fix test failure on Go 1.6Jakob Unterwurzacher
Travis failed on Go 1.6.3 with this error: internal/pathiv/pathiv_test.go:20: no args in Error call This change should solve the problem and provides a better error message on (real) test failure.
2017-05-30main: add "-info" optionJakob Unterwurzacher
Pretty-prints the config while stripping out sensitive (and uninteresting) data https://github.com/rfjakob/gocryptfs/issues/111
2017-05-30README: update changelog with short help textJakob Unterwurzacher
2017-05-30main: add short help textJakob Unterwurzacher
We have accumulated so many options over time that they no longer fit on the screen. Display only a useful subset of options to the user unless they pass "-hh".
2017-05-30pathiv: move block IV algorithm into this packageJakob Unterwurzacher
This was implemented in fusefrontend_reverse, but we need it in fusefrontend as well. Move the algorithm into pathiv.BlockIV().
2017-05-30tests: add v1.3-reverse example filesystemJakob Unterwurzacher
We check the md5 sum of the encrypted version of a file to make sure we don't accidentially change the ciphertext generation.
2017-05-30pathiv: move derivedIVContainer into the packageJakob Unterwurzacher
...under the new name "FileIVs". This will also be used by forward mode.
2017-05-30fusefrontend_reverse: move pathiv to its own packageJakob Unterwurzacher
We will also need it in forward mode.
2017-05-29package.bash: RHEL: strip bracketsJakob Unterwurzacher
We now convert "CentOS release 5.11 (Final)" to "CentOS_release_5.11_Final" https://github.com/rfjakob/gocryptfs/issues/113
2017-05-28gocryptfs-xray: dumpmasterkey: disable "Reading password from stdin"Jakob Unterwurzacher
...and also exit with the proper exit code when we get an error.
2017-05-28gocryptfs-xray: add function to dump the master keyJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/83
2017-05-27package.bash: make it work somewhat on RHELJakob Unterwurzacher
RHEL and CentOS do not have /etc/os-release yet. Read from /etc/redhat-release instead. Fixes https://github.com/rfjakob/gocryptfs/issues/113
2017-05-27cryptocore: improve comments and add tests for hkdfDeriveJakob Unterwurzacher
These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag.
2017-05-25README: update changelogJakob Unterwurzacher
2017-05-25fusefrontend_reverse: store derived values for hard-linked filesJakob Unterwurzacher
With hard links, the path to a file is not unique. This means that the ciphertext data depends on the path that is used to access the files. Fix that by storing the derived values when we encounter a hard-linked file. This means that the first path wins.
2017-05-25doc: add performance numbers for 1.3-27Jakob Unterwurzacher
2017-05-25nametransform: reject all-zero dirIVJakob Unterwurzacher
This should never happen in normal operation and is a sign of data corruption. Catch it early.
2017-05-25contenenc: reject all-zero file IDJakob Unterwurzacher
This should never happen in normal operation and is a sign of data corruption. Catch it early.
2017-05-25contentenc: better error reporting in ParseHeaderJakob Unterwurzacher
Log the message ourselves and return EINVAL. Before: gocryptfs[26962]: go-fuse: can't convert error type: ParseHeader: invalid version: got 0, want 2 After: gocryptfs[617]: ParseHeader: invalid version: want 2, got 0. Returning EINVAL.
2017-05-24main: replace paniclog with logger(1)Jakob Unterwurzacher
Instead of redirecting stdout and stderr to /tmp/gocryptfs_paniclog, where it is hard to find, redirect them to a newly spawned logger(1) instance that forwards the messages to syslog. See https://github.com/rfjakob/gocryptfs/issues/109 for an example where the paniclog was lost due to a reboot. Also, instead of closing stdin, redirect it to /dev/null, like most daemons seem to do.
2017-05-23nametransform: harden name decryption against invalid inputJakob Unterwurzacher
This fixes a few issues I have found reviewing the code: 1) Limit the amount of data ReadLongName() will read. Previously, you could send gocryptfs into out-of-memory by symlinking gocryptfs.diriv to /dev/zero. 2) Handle the empty input case in unPad16() by returning an error. Previously, it would panic with an out-of-bounds array read. It is unclear to me if this could actually be triggered. 3) Reject empty names after base64-decoding in DecryptName(). An empty name crashes emeCipher.Decrypt(). It is unclear to me if B64.DecodeString() can actually return a non-error empty result, but let's guard against it anyway.
2017-05-23main: downgrade panic log create failure from fatal error to warningJakob Unterwurzacher
Exiting with a fatal error just pushes users to use "-nosyslog", which is even worse than not having a paniclog.
2017-05-22nametransform: diriv cache: fall back to the grandparentJakob Unterwurzacher
When a user calls into a deep directory hierarchy, we often get a sequence like this from the kernel: LOOKUP a LOOKUP a/b LOOKUP a/b/c LOOKUP a/b/c/d The diriv cache was not effective for this pattern, because it was designed for this: LOOKUP a/a LOOKUP a/b LOOKUP a/c LOOKUP a/d By also using the cached entry of the grandparent we can avoid lots of diriv reads. This benchmark is against a large encrypted directory hosted on NFS: Before: $ time ls -R nfs-backed-mount > /dev/null real 1m35.976s user 0m0.248s sys 0m0.281s After: $ time ls -R nfs-backed-mount > /dev/null real 1m3.670s user 0m0.217s sys 0m0.403s
2017-05-22README: v1.3.1 will be called v1.4Jakob Unterwurzacher
2017-05-15README: start changelog for v1.3.1Jakob Unterwurzacher
2017-05-14doc: CLI_ABI.md: fix exitcodes.go linkJakob Unterwurzacher
Needs a leading "..".
2017-05-14doc: update CLI_ABI.md with new exit codesJakob Unterwurzacher
All exit codes that are likely to occour are listed.
2017-05-14exitcodes: specific codes for failure to read or write gocryptfs.confJakob Unterwurzacher
New codes: * OpenConf = 23 * WriteConf = 24
2017-05-14exitcodes: add code 22 for "password is empty"Jakob Unterwurzacher
Empty passwords are not allowed. Let's give the error it's own exit code.
2017-05-14exitcodes: get rid of generic "Mount" exit codeJakob Unterwurzacher
Instead, create three new specific exit codes: * FuseNewServer = 19 * CtlSock = 20 * PanicLogCreate = 21
2017-05-14main: password change: exit with code 12 on wrong passwordJakob Unterwurzacher
We used to return code 8, now we return code 12 as documented in the man page. Also adds a test.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07fusefrontend: implement path decryption via ctlsockJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
2017-05-07nametranform, fusefrontend: better errors on invalid namesJakob Unterwurzacher
nametransform.DecryptName() now always returns syscall.EBADMSG if the name was invalid. fusefrontend.OpenDir error messages have been normalized.
2017-05-07Fix typos found by MisspellJakob Unterwurzacher
Misspell Finds commonly misspelled English words gocryptfs/internal/configfile/scrypt.go Line 41: warning: "paramter" is a misspelling of "parameter" (misspell) gocryptfs/internal/ctlsock/ctlsock_serve.go Line 1: warning: "implementes" is a misspelling of "implements" (misspell) gocryptfs/tests/test_helpers/helpers.go Line 27: warning: "compatability" is a misspelling of "compatibility" (misspell)
2017-05-06main: more specific default values for GitVersion etcJakob Unterwurzacher
Now looks like this: $ ./gocryptfs -version gocryptfs [GitVersion not set - please compile using ./build.bash]; go-fuse [GitVersionFuse not set - please compile using ./build.bash]; 0000-00-00 go1.8 Hopefully easier to grep for.
2017-05-06main: add "-race" to the version stringJakob Unterwurzacher
...if we were compiled with "-race".
2017-05-03fusefrontend: log "too many open files" errorsJakob Unterwurzacher
This usually indicates that the open file limit for gocryptfs is too low. We should report this to the user.
2017-05-03main: RLIMIT_NOFILE: cap to 4096Jakob Unterwurzacher
We don't want to set the limit to unlimited if "Max" is unlimited. Hard-cap to 4096.
2017-05-02main: increase open file limit to 4096Jakob Unterwurzacher
Linux by default has a soft limit of 1024 and a hard limit of 4096 on open files. We can increase it so 4096 without root permissions. This should help reduce the risk of gocryptfs running out of file descriptors, as reported at https://github.com/rfjakob/gocryptfs/issues/82 .
2017-05-01tests: support encfs in the fsstress scriptJakob Unterwurzacher
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01openfiletable: rename WriteLock to ContentLockJakob Unterwurzacher
...and IDLock to HeaderLock. This matches what the locks actually protect.
2017-05-01fusefrontend: rely on nodefs.defaultFile for no-op functionsJakob Unterwurzacher
Now that we embed nodefs.NewDefaultFile(), we can drop our own no-ops.