| Age | Commit message (Collapse) | Author | 
|---|
|  |  | 
|  | Private copies of per-thread Setreuid/Setegid/Setgroups.
https://github.com/rfjakob/gocryptfs/issues/893
https://github.com/rfjakob/gocryptfs/issues/892 | 
|  | Error: This request has been automatically failed because it uses a deprecated version of `actions/upload-artifact: v3`. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/ | 
|  |  | 
|  |  | 
|  | The commit
  https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51
  unix: support all Setuid/Setgid and related syscalls on Linux"
changed the behavoir of Setreuid() and Setregid() to affect the whole
process instead of just the current thread.
This broke syscallcompat.asUser() which uses runtime.LockOSThread()
plus Setreuid().
Partially revert 08b6ed16919b27a12a3228b17689d5d6d69eb10e bringing
us back to a golang.org/x/sys version with the old behavoir.
Fixes https://github.com/rfjakob/gocryptfs/issues/893 | 
|  | https://github.com/rfjakob/gocryptfs/issues/893 | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | Darwin does not have Stat_t.mtim:
+ go test -c -tags without_openssl -o /dev/null github.com/rfjakob/gocryptfs/v2/tests/reverse
Error: tests/reverse/correctness_test.go:407:15: name_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:407:37: long_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:410:15: name_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:410:37: long_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:424:16: diriv_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:424:42: workdirA_stat.Mtim undefined (type syscall.Stat_t has no field or method Mtim)
Error: tests/reverse/correctness_test.go:427:16: diriv_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Error: tests/reverse/correctness_test.go:427:42: workdirA_stat.Ctim undefined (type syscall.Stat_t has no field or method Ctim)
Switch to os.Stat. | 
|  | This problem potentially causes extra disk usage for sparse files
but is otherwise harmless.
Skip the test for now. | 
|  | Closes https://github.com/rfjakob/gocryptfs/pull/883
Closes https://github.com/rfjakob/gocryptfs/security/dependabot/10 | 
|  | With inode number reuse and hard links, we could have returned
wrong data for gocryptfs.diriv and gocryptfs.xyz.longname files, respectively
(https://github.com/rfjakob/gocryptfs/issues/802).
Now that this is fixed, ensure that rsync and similar tools pick up the new
correct files by advancing mtime and ctime by 10 seconds, which should be more
than any filesytems' timestamp granularity (FAT32 has 2 seconds). | 
|  | Will be used in a new test in the next commit. | 
|  |  | 
|  | https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_dispatch | 
|  | This is not a real leak:
  fd leak in test process? before, after:
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])]
  [0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])]
Ignore pidfd. | 
|  | Turns out at least the tests depended on the old
behavoir.
Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1 | 
|  | Using the same "-extpass" or "-passfile" for both old
and new password makes little sense, and it causes real
problems as seen here: https://github.com/rfjakob/gocryptfs/discussions/882
I hope nobody depends on this or I'll have to revert.
Fixes https://github.com/rfjakob/gocryptfs/issues/287
Fixes https://github.com/rfjakob/gocryptfs/discussions/882 | 
|  |  | 
|  | We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882 | 
|  | Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580 | 
|  |  | 
|  | The `--reverse` section of the manual has a reference to an `INIT FLAGS` section, but no such section exists. Change the reference to refer to the `INIT OPTIONS` section, which does exist. | 
|  | Looks like wget does not support it anymore
$ wget --version
GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader
$ ./benchmark.bash
Testing gocryptfs   at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64
/tmp/benchmark.bash.bmt.mnt is a mountpoint
Downloading linux-3.0.tar.gz
Unknown option 'show-progress' | 
|  | Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776 | 
|  | Prep for solving https://github.com/rfjakob/gocryptfs/issues/776 | 
|  | Fixes https://github.com/rfjakob/gocryptfs/issues/809 | 
|  | https://github.com/rfjakob/gocryptfs/issues/809 | 
|  | Should make debugging situations like
	https://github.com/rfjakob/gocryptfs/issues/852
	Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
    4e45a317-595d8a2d-46493a30-97de86ef-
    540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT | 
|  | Merge stock kernel options with user-provided ones before passing to go-fuse.
Before: `-ko volname=custom` would result in `-o volname=mountpoint,volname=custom` to macFUSE.
After: `-ko volname=custom` would produce `-o volname=custom` with no duplicates.
Fixes #854 and #557 | 
|  | Instead of just looking for AES, also look for PCLMULQDQ,
like crypto/tls does.
Fixes: https://github.com/rfjakob/gocryptfs/issues/822 | 
|  | Let's not leak fds to logger.
Before:
	$ lsof -p $(pgrep logger)
	COMMAND    PID  USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
	logger  146410 jakob  cwd    DIR              253,0      4096       2 /
	logger  146410 jakob  rtd    DIR              253,0      4096       2 /
	logger  146410 jakob  txt    REG              253,0     41560 6293858 /usr/bin/logger
	logger  146410 jakob  mem    REG              253,0 229754784 6292695 /usr/lib/locale/locale-archive
	logger  146410 jakob  mem    REG              253,0    186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
	logger  146410 jakob  mem    REG              253,0    787128 6294119 /usr/lib64/libzstd.so.1.5.6
	logger  146410 jakob  mem    REG              253,0    211424 6294587 /usr/lib64/liblzma.so.5.4.6
	logger  146410 jakob  mem    REG              253,0    131128 6302636 /usr/lib64/liblz4.so.1.9.4
	logger  146410 jakob  mem    REG              253,0     49184 6302330 /usr/lib64/libcap.so.2.69
	logger  146410 jakob  mem    REG              253,0   2476880 6295299 /usr/lib64/libc.so.6
	logger  146410 jakob  mem    REG              253,0    987256 6292058 /usr/lib64/libsystemd.so.0.38.0
	logger  146410 jakob  mem    REG              253,0    906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
	logger  146410 jakob    0r  FIFO               0,14       0t0  607727 pipe
	logger  146410 jakob    1w   CHR                1,3       0t0       4 /dev/null
	logger  146410 jakob    2w   CHR                1,3       0t0       4 /dev/null
	logger  146410 jakob    3u  unix 0x0000000046d9c96b       0t0  607729 type=DGRAM (CONNECTED)
	logger  146410 jakob   10u   DIR               0,33        80    7758 /tmp/tmp.lbUiEw9P6W/a
After:
	$ lsof -p $(pgrep logger)
	COMMAND    PID  USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
	logger  147982 jakob  cwd    DIR              253,0      4096       2 /
	logger  147982 jakob  rtd    DIR              253,0      4096       2 /
	logger  147982 jakob  txt    REG              253,0     41560 6293858 /usr/bin/logger
	logger  147982 jakob  mem    REG              253,0 229754784 6292695 /usr/lib/locale/locale-archive
	logger  147982 jakob  mem    REG              253,0    186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
	logger  147982 jakob  mem    REG              253,0    787128 6294119 /usr/lib64/libzstd.so.1.5.6
	logger  147982 jakob  mem    REG              253,0    211424 6294587 /usr/lib64/liblzma.so.5.4.6
	logger  147982 jakob  mem    REG              253,0    131128 6302636 /usr/lib64/liblz4.so.1.9.4
	logger  147982 jakob  mem    REG              253,0     49184 6302330 /usr/lib64/libcap.so.2.69
	logger  147982 jakob  mem    REG              253,0   2476880 6295299 /usr/lib64/libc.so.6
	logger  147982 jakob  mem    REG              253,0    987256 6292058 /usr/lib64/libsystemd.so.0.38.0
	logger  147982 jakob  mem    REG              253,0    906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
	logger  147982 jakob    0r  FIFO               0,14       0t0  609636 pipe
	logger  147982 jakob    1w   CHR                1,3       0t0       4 /dev/null
	logger  147982 jakob    2w   CHR                1,3       0t0       4 /dev/null
	logger  147982 jakob    3u  unix 0x00000000bc46d033       0t0  610344 type=DGRAM (CONNECTED)
Fixes https://github.com/rfjakob/gocryptfs/issues/846 | 
|  |  | 
|  | This package is a failed experiment and should not
have been committed.
Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343 | 
|  | Fix error in the examples for `-fido2-assert-option` | 
|  | ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802 | 
|  |  | 
|  | This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper. | 
|  | This avoids the manual "| spillBit" logic. | 
|  | We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802 | 
|  | Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment. | 
|  |  | 
|  | Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702 | 
|  | Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators.
Closes #828 | 
|  | with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841 | 
|  |  |