Age | Commit message (Collapse) | Author |
|
Small tool to try to debug unix.Getdents problems on CIFS mounts
https://github.com/rfjakob/gocryptfs/issues/483
|
|
And also, stop using the wrong directory for sshfs git init.
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 4.35 7.82
rsync 7.72 11.66
rm -R 2.71 11.04
mkdir 1.33 4.15
rmdir 0.47 3.97
touch 2.32 2.85
rm 0.45 0.45
|
|
When filename encryption is on, we do know when we
overwrite a directory, and can clear only in this case.
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.74 7.80
rsync 6.19 11.63
|
|
Mkdir can not cause existing entries in the cache to go
stale. So don't clear it. Benchmark results:
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.65 8.74
rsync 6.09 17.54
|
|
Let's get some reproducible numbers for
https://github.com/rfjakob/gocryptfs/issues/481
and
https://github.com/rfjakob/gocryptfs/issues/410
Example run:
$ ./sshfs-benchmark.bash nuetzlich.net
working directory: /tmp/sshfs-benchmark.bash.vu4
sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt
gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.KM9/gocryptfs.crypt -> gocryptfs.mnt
sshfs gocryptfs-on-sshfs
git init 1.68 11.23
rsync 6.07 20.35
|
|
Fixes: https://github.com/rfjakob/gocryptfs/issues/483
Related: https://github.com/golang/go/issues/38836
|
|
Looking at the dircache debug output, we see
that a "git status" workload has a very bad
cache hit rate because the entries expire or
get evicted before they can be reused.
Increase both cache size and lifetime for
a 4x speedup:
Before: 75s
After: 17s
https://github.com/rfjakob/gocryptfs/issues/410
|
|
Before:
Lookup "errno.html/1/2/3/4/5": miss
Store: "errno.html/1/2/3/4/5" fd=26 iv=21be6e083d60dcabfe7368264d5082b7
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
Lookup "errno.html/1": hit 25 932a464c299b3430c5e55c924f98ac4d
Lookup "errno.html/1/2": hit 25 7d53348b1692d537f017bf86b3cf5feb
Lookup "errno.html/1/2/3": hit 25 2aef1c9d1ab2b55b163215053fefe703
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
After:
Lookup "earlyoom/.git/refs" hit fd=10 dup=17 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/remotes" hit fd=19 dup=17 iv=f04c2d2a5bcc33ebdeaca664859c980d
Lookup "earlyoom/.git/refs/remotes/origin" miss
Store "earlyoom/.git/refs/remotes/origin" fd=17 iv=834a64a1697c9f5705455ba6dbed22b5
Lookup "earlyoom" hit fd=7 dup=25 iv=2303a892d6e2357c483574a8070b7679
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git/refs" hit fd=10 dup=25 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/heads" hit fd=13 dup=25 iv=f9245e7c066b9adc768a1a666da9fbc8
|
|
|
|
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
|
|
The go-fuse v1 dependency is spurious. Will be fixed by
https://github.com/hanwen/go-fuse/pull/360
|
|
We need
https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :
2019/10/30 17:14:16 Unknown opcode 2016
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]
This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.
Running
git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2
to check for forgotten references comes back clean.
|
|
https://github.com/client9/misspell
|
|
Closes https://github.com/rfjakob/gocryptfs/issues/416
|
|
|
|
The -0 flags works like xargs -0.
|
|
Should show up on https://pkg.go.dev/github.com/rfjakob/gocryptfs?tab=doc
which currently reads "No documentation available for this package!"
|
|
Implementation seems to work ok, but is missing tests and
documentation for now.
I will only delete ctlsock-encrypt.bash when both are
done.
https://github.com/rfjakob/gocryptfs/issues/416
|
|
|
|
|
|
lsof may get stuck when gocryptfs itself is stuck.
|
|
The former interal ctlsock server package is renamed
to ctlsocksrv.
|
|
Tests that `gocryptfs -passwd -masterkey=stdin` works.
This was fixed by ff04b1d83ab1201.
Fixes https://github.com/rfjakob/gocryptfs/issues/461
|
|
This was handled both in getMasterKey(). Split it apart.
|
|
Make it clear that function does NOT parse the "-masterkey"
command line argument, it just unhexes the payload.
|
|
We did not use t.Name() as it was not available
before Go 1.8. Now the oldest Go version we support is
Go 1.11, so we can use it.
|
|
The command line option is now called `-badname`,
so adjust the test name to match.
|
|
|
|
Bisecting shows that the performance drop is caused by
this commit:
commit ca9e912a28b901387e1dbb85f6c531119f2d5ef2 (refs/bisect/bad)
Author: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Sat Feb 29 19:58:08 2020 +0100
fusefrontend: drop xattr user namespace restriction
|
|
Updated using
go get -t -u ./...
|
|
We redirected the wrong ldd fd to /dev/null. Fix it.
|
|
Wrong bit operator was used.
|
|
Also add a test for this.
Thanks @slackner for the comment.
|
|
This was committed by accident.
|
|
Gets rid of static inode number value limitations.
Fixes https://github.com/rfjakob/gocryptfs/issues/457
|
|
Verify that virtual files get assigned inode numbers
we expect.
|
|
|
|
Adding flags allows to use inomap in reverse mode,
replacing the clunky inoBaseDirIV/inoBaseNameFile
logic that causes problems with high underlying
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 )
Microbenchmarks (values below) show that the "SingleDev"
case is now much slower due to an extra map lookup,
but this has no visible effects in ./test.bash results,
so there was no time spent optimizing the case further.
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 18757510 61.5 ns/op
BenchmarkTranslateManyDevs-4 18061515 64.5 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 2.467s
|
|
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 202479382 5.88 ns/op
BenchmarkTranslateManyDevs-4 16095795 71.9 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 3.039s
|
|
The case of a git repo without any tags used to fail
with:
fatal: No names found, cannot describe anything.
Now we continue, using "[no_tags_found]" as the
version string.
|
|
Causes warnings:
$ ./build-without-openssl.bash
# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo
gocryptfs v1.7.1-48-gf6b1c68 without_openssl; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-18 go1.13.6 linux/amd64
https://github.com/golang/go/issues/30986
|
|
The comment still mentioned CBC, which has been removed
a long time ago.
The test definition can be rewritten using slice literals,
saving sume stuttering.
|
|
We used to prefer openssl in this situation, which
used to make sense, but now Go gained an optimized
assembly implementation for aes-gcm on arm64 with
aes instructions:
root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed
gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64
AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode)
AES-GCM-256-Go 452.30 MB/s
AES-SIV-512-Go 100.25 MB/s
XChaCha20-Poly1305-Go 137.35 MB/s
https://github.com/rfjakob/gocryptfs/issues/452
|
|
|
|
GOFLAGS exists since Go 1.11: https://golang.org/doc/go1.11
https://github.com/rfjakob/gocryptfs/pull/460
|
|
|
|
Following https://blog.golang.org/migrating-to-go-modules
|
|
And run shellcheck in test.bash.
|
|
|
|
Output now looks like this
$ gocryptfs -speed
gocryptfs v1.7.1-38-gbe3b9df-dirty; go-fuse v2.0.2-57-gd1cfa17; 2020-04-13 go1.13.6 linux/amd64
AES-GCM-256-OpenSSL 607.90 MB/s
AES-GCM-256-Go 920.75 MB/s (selected in auto mode)
AES-SIV-512-Go 169.85 MB/s
XChaCha20-Poly1305-Go 794.30 MB/s
and has go version and arch information, which is important
when comparing results.
|