Age | Commit message (Collapse) | Author |
|
On CIFS mounts, unix.Getdents can return sudden ENOENT
in the middle of data. This will not be reported as an error
by user space tools, so return EIO instead.
Also log it as a warning.
https://github.com/rfjakob/gocryptfs/issues/483
|
|
Same thing like contrib/getdents, but written in C.
|
|
Small tool to try to debug unix.Getdents problems on CIFS mounts
https://github.com/rfjakob/gocryptfs/issues/483
|
|
And also, stop using the wrong directory for sshfs git init.
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 4.35 7.82
rsync 7.72 11.66
rm -R 2.71 11.04
mkdir 1.33 4.15
rmdir 0.47 3.97
touch 2.32 2.85
rm 0.45 0.45
|
|
When filename encryption is on, we do know when we
overwrite a directory, and can clear only in this case.
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.74 7.80
rsync 6.19 11.63
|
|
Mkdir can not cause existing entries in the cache to go
stale. So don't clear it. Benchmark results:
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.65 8.74
rsync 6.09 17.54
|
|
Let's get some reproducible numbers for
https://github.com/rfjakob/gocryptfs/issues/481
and
https://github.com/rfjakob/gocryptfs/issues/410
Example run:
$ ./sshfs-benchmark.bash nuetzlich.net
working directory: /tmp/sshfs-benchmark.bash.vu4
sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt
gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.KM9/gocryptfs.crypt -> gocryptfs.mnt
sshfs gocryptfs-on-sshfs
git init 1.68 11.23
rsync 6.07 20.35
|
|
Fixes: https://github.com/rfjakob/gocryptfs/issues/483
Related: https://github.com/golang/go/issues/38836
|
|
Looking at the dircache debug output, we see
that a "git status" workload has a very bad
cache hit rate because the entries expire or
get evicted before they can be reused.
Increase both cache size and lifetime for
a 4x speedup:
Before: 75s
After: 17s
https://github.com/rfjakob/gocryptfs/issues/410
|
|
Before:
Lookup "errno.html/1/2/3/4/5": miss
Store: "errno.html/1/2/3/4/5" fd=26 iv=21be6e083d60dcabfe7368264d5082b7
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
Lookup "errno.html/1": hit 25 932a464c299b3430c5e55c924f98ac4d
Lookup "errno.html/1/2": hit 25 7d53348b1692d537f017bf86b3cf5feb
Lookup "errno.html/1/2/3": hit 25 2aef1c9d1ab2b55b163215053fefe703
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
After:
Lookup "earlyoom/.git/refs" hit fd=10 dup=17 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/remotes" hit fd=19 dup=17 iv=f04c2d2a5bcc33ebdeaca664859c980d
Lookup "earlyoom/.git/refs/remotes/origin" miss
Store "earlyoom/.git/refs/remotes/origin" fd=17 iv=834a64a1697c9f5705455ba6dbed22b5
Lookup "earlyoom" hit fd=7 dup=25 iv=2303a892d6e2357c483574a8070b7679
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git/refs" hit fd=10 dup=25 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/heads" hit fd=13 dup=25 iv=f9245e7c066b9adc768a1a666da9fbc8
|
|
|
|
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
|
|
The go-fuse v1 dependency is spurious. Will be fixed by
https://github.com/hanwen/go-fuse/pull/360
|
|
We need
https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :
2019/10/30 17:14:16 Unknown opcode 2016
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]
This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.
Running
git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2
to check for forgotten references comes back clean.
|
|
https://github.com/client9/misspell
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/416
|
|
|
|
The -0 flags works like xargs -0.
|
|
Should show up on https://pkg.go.dev/github.com/rfjakob/gocryptfs?tab=doc
which currently reads "No documentation available for this package!"
|
|
Implementation seems to work ok, but is missing tests and
documentation for now.
I will only delete ctlsock-encrypt.bash when both are
done.
https://github.com/rfjakob/gocryptfs/issues/416
|
|
|
|
|
|
lsof may get stuck when gocryptfs itself is stuck.
|
|
The former interal ctlsock server package is renamed
to ctlsocksrv.
|
|
Tests that `gocryptfs -passwd -masterkey=stdin` works.
This was fixed by ff04b1d83ab1201.
Fixes https://github.com/rfjakob/gocryptfs/issues/461
|
|
This was handled both in getMasterKey(). Split it apart.
|
|
Make it clear that function does NOT parse the "-masterkey"
command line argument, it just unhexes the payload.
|
|
We did not use t.Name() as it was not available
before Go 1.8. Now the oldest Go version we support is
Go 1.11, so we can use it.
|
|
The command line option is now called `-badname`,
so adjust the test name to match.
|
|
|
|
Bisecting shows that the performance drop is caused by
this commit:
commit ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat Feb 29 19:58:08 2020 +0100
fusefrontend: drop xattr user namespace restriction
|
|
Updated using
go get -t -u ./...
|
|
We redirected the wrong ldd fd to /dev/null. Fix it.
|
|
Wrong bit operator was used.
|
|
Also add a test for this.
Thanks @slackner for the comment.
|
|
This was committed by accident.
|
|
Gets rid of static inode number value limitations.
Fixes https://github.com/rfjakob/gocryptfs/issues/457
|
|
Verify that virtual files get assigned inode numbers
we expect.
|
|
|
|
Adding flags allows to use inomap in reverse mode,
replacing the clunky inoBaseDirIV/inoBaseNameFile
logic that causes problems with high underlying
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 )
Microbenchmarks (values below) show that the "SingleDev"
case is now much slower due to an extra map lookup,
but this has no visible effects in ./test.bash results,
so there was no time spent optimizing the case further.
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 18757510 61.5 ns/op
BenchmarkTranslateManyDevs-4 18061515 64.5 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 2.467s
|
|
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 202479382 5.88 ns/op
BenchmarkTranslateManyDevs-4 16095795 71.9 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 3.039s
|
|
The case of a git repo without any tags used to fail
with:
fatal: No names found, cannot describe anything.
Now we continue, using "[no_tags_found]" as the
version string.
|
|
Causes warnings:
$ ./build-without-openssl.bash
# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo
gocryptfs v1.7.1-48-gf6b1c68 without_openssl; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-18 go1.13.6 linux/amd64
https://github.com/golang/go/issues/30986
|
|
The comment still mentioned CBC, which has been removed
a long time ago.
The test definition can be rewritten using slice literals,
saving sume stuttering.
|
|
We used to prefer openssl in this situation, which
used to make sense, but now Go gained an optimized
assembly implementation for aes-gcm on arm64 with
aes instructions:
root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed
gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64
AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode)
AES-GCM-256-Go 452.30 MB/s
AES-SIV-512-Go 100.25 MB/s
XChaCha20-Poly1305-Go 137.35 MB/s
https://github.com/rfjakob/gocryptfs/issues/452
|
|
|
|
GOFLAGS exists since Go 1.11: https://golang.org/doc/go1.11
https://github.com/rfjakob/gocryptfs/pull/460
|
|
|
|
Following https://blog.golang.org/migrating-to-go-modules
|
|
And run shellcheck in test.bash.
|