summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-04-19cli: mount: add -context optionJakob Unterwurzacher
Set the SELinux context. See mount(8) for details.
2025-04-13README: update changelogv2.5.4Jakob Unterwurzacher
2025-04-13stress_tests/pingpong.bash: better commentJakob Unterwurzacher
2025-04-13Revert "Build with v2 extensions" / GOAMD64=v2Jakob Unterwurzacher
As seen in https://github.com/rfjakob/gocryptfs/issues/908, there are users still running x86-64-v1 cpus. They get This program can only be run on AMD64 processors with v2 microarchitecture support. and cannot read their encrypted files. Build for AMD64v1 again an accept the XChaCha20 performance hit for for some cpus ( https://github.com/golang/go/issues/67240 ). This reverts commit f5007b28c366d1a9671146710975679a154f30f8. Related: https://github.com/rfjakob/gocryptfs/issues/828 https://github.com/rfjakob/gocryptfs/pull/833 https://github.com/apptainer/apptainer/issues/2873 https://github.com/golang/go/issues/67240
2025-04-07stress_tests: fsstress-gocryptfs.bash: don't try to recompileJakob Unterwurzacher
The days of GOPATH are over. Also, use the fsstress path that "sudo make install" in xfstests uses per default.
2025-04-07stress_tests/parallel_cp.sh: note that problem is fixedJakob Unterwurzacher
2025-04-06syscallcompat: fix build contraints on thread_credentials_linux_368_arm.goJakob Unterwurzacher
This file was only compiled for arm because ( https://pkg.go.dev/cmd/go#hdr-Build_constraints ): If a file's name, after stripping the extension and a possible _test suffix, matches any of the following patterns: *_GOOS *_GOARCH *_GOOS_GOARCH (example: source_windows_amd64.go) where GOOS and GOARCH represent any known operating system and architecture values respectively, then the file is considered to have an implicit build constraint requiring those terms (in addition to any explicit constraints in the file). Error was: + GOOS=linux + GOARCH=386 + build + go build -tags without_openssl -o /dev/null # github.com/rfjakob/gocryptfs/v2/internal/syscallcompat Error: internal/syscallcompat/asuser_linux.go:41:8: undefined: Setregid Error: internal/syscallcompat/asuser_linux.go:47:8: undefined: Setreuid Error: internal/syscallcompat/thread_credentials_linux.go:29:10: undefined: setgroups Error: internal/syscallcompat/thread_credentials_linux.go:36:9: undefined: setgroups Error: internal/syscallcompat/thread_credentials_linux.go:49:9: undefined: Setregid Error: internal/syscallcompat/thread_credentials_linux.go:57:9: undefined: Setreuid Rename the file to fix the problem. And add a comment about why this file exists. Fixes https://github.com/rfjakob/gocryptfs/issues/907
2025-04-06crossbuild.sh: also build on intel 32 bit (386)Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/907
2025-04-06crossbuild.sh: update broken GoArm linkJakob Unterwurzacher
The old link says: > The Go wiki on GitHub has moved to go.dev (#61940). > > Try https://go.dev/wiki/GoArm
2025-04-05Update changelogv2.5.3Jakob Unterwurzacher
2025-04-05tests: fsck: generate evil files with "\r" and "\n" on the flyJakob Unterwurzacher
Because if we have them in git, we get this: $ go install github.com/rfjakob/gocryptfs/v2@latest go: downloading github.com/rfjakob/gocryptfs/v2 v2.5.2 go: github.com/rfjakob/gocryptfs/v2@latest: create zip: tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z g: malformed file path "tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z\ng": invalid char '\n' g: malformed file path "tests/fsck/malleable_base64/27AG8t-XZH7G9ou2OSD_z\rg": invalid char '\r' Fixes: https://github.com/rfjakob/gocryptfs/issues/904 Relates-to: https://github.com/golang/go/issues/28001
2025-03-26fusefrontend: fix unconditional FileGetattrer castJakob Unterwurzacher
Essentially a port of https://github.com/hanwen/go-fuse/commit/531a68551e40e7303e94b53fb3792e6dfb28d15a . This fixes panic: interface conversion: *fs.dirStreamAsFile is not fs.FileGetattrer: missing method Getattr goroutine 20 [running]: github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).Getattr(0x55a7ac9d9090?, {0x55a7ac85a4d8, 0xc0013401c8}, {0x55a7ac80eb40?, 0xc0013401b0}, 0xc000586938) github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node.go:74 +0x22c github.com/hanwen/go-fuse/v2/fs.(*rawBridge).getattr(0xc0000b6180, {0x55a7ac85a4d8, 0xc0013401c8}, 0xc0010ea160, {0x55a7ac80eb40?, 0xc0013401b0}, 0xc000586938) github.com/hanwen/go-fuse/v2@v2.7.2/fs/bridge.go:569 +0x9b [...] which is a bug exposed by a go-fuse update. Fixes https://github.com/rfjakob/gocryptfs/issues/897
2025-03-19test.bash, crossbuild.bash: drop old Go version kludgesv2.5.2Jakob Unterwurzacher
GO111MODULE is default on with Go 1.16, same version that gained darwin/arm64 support. We only support Go 1.19 and up, so drop the kludges.
2025-03-19README: update changelogJakob Unterwurzacher
2025-03-19test.bash: catch calls to unix.Seteuid and friendsJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/893
2025-03-11github ci: clean up Go versionsJakob Unterwurzacher
go-libaegis does not support Go 1.18, Ubuntu 22.04 is old, drop it.
2025-03-11github ci: bump nmount_max and print resulting fuse.confJakob Unterwurzacher
We have been getting /usr/bin/fusermount3: too many FUSE filesystems mounted; mount_max=N can be set in /etc/fuse.conf fs.Mount failed: fusermount exited with code 256 every now and then. I wonder why that is.
2025-03-01go.mod: upgrade to golang.org/x/crypto@v0.33.0Jakob Unterwurzacher
I did NOT upgrade to x/crypto@v0.35.0 yet because this requires go 1.23.0 (https://go.googlesource.com/crypto/+/89ff08d67c4d79f9ac619aaf1f7388888798651f) and our github workflow tests go 1.18.x and newer.
2025-02-26go.mod: upgrade golang.org/x/sysJakob Unterwurzacher
Now that we have our own wrappers for Setreuid and friends, we can upgrade. $ go get golang.org/x/sys go: upgraded golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a => v0.30.0 $ go mod tidy
2025-02-26tests/root_test: use our own Setgroups/Setregid/Setreuid wrappersJakob Unterwurzacher
2025-02-26syscallcompat: use our own Setgroups/Setregid/Setreuid wrappersJakob Unterwurzacher
x/sys v0.1.0 (https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51) breaks our usecase. Switch to our own wrappers. Relates-to: https://github.com/rfjakob/gocryptfs/issues/892 Relates-to: https://github.com/rfjakob/gocryptfs/issues/893
2025-02-26syscallcompat: add docs for Setreuid/Setregid/SetgroupsJakob Unterwurzacher
2025-02-26syscallcompat: move getSupplementaryGroups to suser_linux.goJakob Unterwurzacher
It's only used there, so move it.
2025-02-26syscallcompat: rename thread_credentials files to include "linux"Jakob Unterwurzacher
As with the other files, include "linux" because the code only builds on linux renamed: internal/syscallcompat/thread_credentials.go -> internal/syscallcompat/thread_credentials_linux.go renamed: internal/syscallcompat/thread_credentials_368_arm.go -> internal/syscallcompat/thread_credentials_linux_368_arm.go renamed: internal/syscallcompat/thread_credentials_other.go -> internal/syscallcompat/thread_credentials_linux_other.go
2025-02-26syscallcompat: add asUser for darwin and make OpenatUser and friends sharedJakob Unterwurzacher
2025-02-26syscallcompat: move asUser to its own fileJakob Unterwurzacher
2025-02-23tests/root_test: add TestConcurrentUserOps and TestAsUserSleepJakob Unterwurzacher
Both work with golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a but break with golang.org/x/sys v0.30.0 https://github.com/rfjakob/gocryptfs/issues/893 https://github.com/rfjakob/gocryptfs/issues/892
2025-02-17tests: root_test: add TestMainJakob Unterwurzacher
I will add more tests for https://github.com/rfjakob/gocryptfs/issues/893 soon, these will also use DefaultPlainDir.
2025-02-17syscallcompat: add SetgroupsPanic,SetregidPanic,SetreuidPanicJakob Unterwurzacher
Will use those later.
2025-02-09github ci: also run on arm64Jakob Unterwurzacher
2025-02-06syscallcompat: add thread_credentials.go & friendsJakob Unterwurzacher
Private copies of per-thread Setreuid/Setegid/Setgroups. https://github.com/rfjakob/gocryptfs/issues/893 https://github.com/rfjakob/gocryptfs/issues/892
2025-02-02github ci: unbreak upload-artifactJakob Unterwurzacher
Error: This request has been automatically failed because it uses a deprecated version of `actions/upload-artifact: v3`. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
2025-01-23README: add links for v2.5.1 issuesrfjakob
2025-01-23README: v2.5.1v2.5.1Jakob Unterwurzacher
2025-01-23go.mod: downgrade golang.org/x/sysJakob Unterwurzacher
The commit https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51 unix: support all Setuid/Setgid and related syscalls on Linux" changed the behavoir of Setreuid() and Setregid() to affect the whole process instead of just the current thread. This broke syscallcompat.asUser() which uses runtime.LockOSThread() plus Setreuid(). Partially revert 08b6ed16919b27a12a3228b17689d5d6d69eb10e bringing us back to a golang.org/x/sys version with the old behavoir. Fixes https://github.com/rfjakob/gocryptfs/issues/893
2025-01-23tests: add issue893.sh, a reproducer for #893 "mariadb crashing since 2.5.0"Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/893
2025-01-21README: mention known issue #893Jakob Unterwurzacher
2025-01-19README: mention go-fuse updateJakob Unterwurzacher
2025-01-18README: fix outdated go report card linkJakob Unterwurzacher
2025-01-18reverse: lookupDiriv: use deriveDirIV helperJakob Unterwurzacher
2025-01-18README: changelog for v2.5.0v2.5.0Jakob Unterwurzacher
2025-01-18tests: reverse: TestMtimePlus10: fix darwin buildJakob Unterwurzacher
Darwin does not have Stat_t.mtim: + go test -c -tags without_openssl -o /dev/null github.com/rfjakob/gocryptfs/v2/tests/reverse Error: tests/reverse/correctness_test.go:407:15: name_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim) Error: tests/reverse/correctness_test.go:407:37: long_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim) Error: tests/reverse/correctness_test.go:410:15: name_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim) Error: tests/reverse/correctness_test.go:410:37: long_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim) Error: tests/reverse/correctness_test.go:424:16: diriv_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim) Error: tests/reverse/correctness_test.go:424:42: workdirA_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim) Error: tests/reverse/correctness_test.go:427:16: diriv_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim) Error: tests/reverse/correctness_test.go:427:42: workdirA_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim) Switch to os.Stat.
2025-01-18tests: skip TestFileHoleCopy for nowJakob Unterwurzacher
This problem potentially causes extra disk usage for sparse files but is otherwise harmless. Skip the test for now.
2025-01-18go.mod: update golang.org/x/cryptoJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/pull/883 Closes https://github.com/rfjakob/gocryptfs/security/dependabot/10
2025-01-18reverse: advance mtime & ctime for virtual files by 10 secondsJakob Unterwurzacher
With inode number reuse and hard links, we could have returned wrong data for gocryptfs.diriv and gocryptfs.xyz.longname files, respectively (https://github.com/rfjakob/gocryptfs/issues/802). Now that this is fixed, ensure that rsync and similar tools pick up the new correct files by advancing mtime and ctime by 10 seconds, which should be more than any filesytems' timestamp granularity (FAT32 has 2 seconds).
2025-01-18tests: reverse: factor out newWorkdirJakob Unterwurzacher
Will be used in a new test in the next commit.
2024-12-30manpage: fix typo in -passfile examplePaul Pazderski
2024-12-05ci: allow manual executionJakob Unterwurzacher
https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_dispatch
2024-12-04tests: ignore pidfd in fd leak testJakob Unterwurzacher
This is not a real leak: fd leak in test process? before, after: [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])] [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])] Ignore pidfd.
2024-12-04gocryptfs -passwd: fix the tests I just brokeJakob Unterwurzacher
Turns out at least the tests depended on the old behavoir. Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1