aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-12-04changePassword: drop useless castJakob Unterwurzacher
2024-12-04passfile: drop byte counter from trailing garbage warningJakob Unterwurzacher
We don't know the exact value as we only read 2kiB. Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
2024-11-11Report inode number for the root nodeJakob Unterwurzacher
Now that https://github.com/hanwen/go-fuse/issues/399 has landed we can report an inode number for the root node. Fixes https://github.com/rfjakob/gocryptfs/issues/580
2024-11-11reverse: fix import sorting in root_node.goJakob Unterwurzacher
2024-10-30manpage: Fix reference to manual sectionAlex
The `--reverse` section of the manual has a reference to an `INIT FLAGS` section, but no such section exists. Change the reference to refer to the `INIT OPTIONS` section, which does exist.
2024-09-19dl-linux-tarball.bash: drop wget's "--no-progress" flagJakob Unterwurzacher
Looks like wget does not support it anymore $ wget --version GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64 /tmp/benchmark.bash.bmt.mnt is a mountpoint Downloading linux-3.0.tar.gz Unknown option 'show-progress'
2024-09-03ctlsock: delete colliding orphaned socket fileJakob Unterwurzacher
Detect and delete an orphaned socket file that collides with the ctlsock we want to create. Fixes https://github.com/rfjakob/gocryptfs/issues/776
2024-09-02ctlsocksrv: move Listen() call hereJakob Unterwurzacher
Prep for solving https://github.com/rfjakob/gocryptfs/issues/776
2024-08-23reverse: fix force_ownerJakob Unterwurzacher
Fixes https://github.com/rfjakob/gocryptfs/issues/809
2024-08-23tests: reverse: add TestForceOwnerJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/809
2024-08-23readpassword: show where stdin is connectedJakob Unterwurzacher
Should make debugging situations like https://github.com/rfjakob/gocryptfs/issues/852 Empty stdin in mkinitcpio hook easier. Examples: $ echo -n "" | ./gocryptfs -init a Choose a password for protecting your files. Reading Password from stdin (connected to "pipe:[749878]") Got empty Password from stdin $ ./gocryptfs -init a < /dev/null Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/null") Got empty Password from stdin $ ./gocryptfs -init a < /dev/zero Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/zero") fatal: maximum password length of 2048 bytes exceeded $ ./gocryptfs -init a < /dev/full Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/full") fatal: maximum password length of 2048 bytes exceeded $ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom Choose a password for protecting your files. Reading Password from stdin (connected to "/dev/urandom") Your master key is: 4e45a317-595d8a2d-46493a30-97de86ef- 540c7364-f0acc297-dd6f2592-7d9a5c97 If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once. The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs a MOUNTPOINT
2024-07-27cli: deduplicate kernel optionsJoker
Merge stock kernel options with user-provided ones before passing to go-fuse. Before: `-ko volname=custom` would result in `-o volname=mountpoint,volname=custom` to macFUSE. After: `-ko volname=custom` would produce `-o volname=custom` with no duplicates. Fixes #854 and #557
2024-06-06stupidgcm: detect AES-GCM acceleration like crypto/tlsJakob Unterwurzacher
Instead of just looking for AES, also look for PCLMULQDQ, like crypto/tls does. Fixes: https://github.com/rfjakob/gocryptfs/issues/822
2024-05-17syscallcompat: Openat: always set O_CLOEXECJakob Unterwurzacher
Let's not leak fds to logger. Before: $ lsof -p $(pgrep logger) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME logger 146410 jakob cwd DIR 253,0 4096 2 / logger 146410 jakob rtd DIR 253,0 4096 2 / logger 146410 jakob txt REG 253,0 41560 6293858 /usr/bin/logger logger 146410 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive logger 146410 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1 logger 146410 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6 logger 146410 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6 logger 146410 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4 logger 146410 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69 logger 146410 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6 logger 146410 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0 logger 146410 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2 logger 146410 jakob 0r FIFO 0,14 0t0 607727 pipe logger 146410 jakob 1w CHR 1,3 0t0 4 /dev/null logger 146410 jakob 2w CHR 1,3 0t0 4 /dev/null logger 146410 jakob 3u unix 0x0000000046d9c96b 0t0 607729 type=DGRAM (CONNECTED) logger 146410 jakob 10u DIR 0,33 80 7758 /tmp/tmp.lbUiEw9P6W/a After: $ lsof -p $(pgrep logger) COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME logger 147982 jakob cwd DIR 253,0 4096 2 / logger 147982 jakob rtd DIR 253,0 4096 2 / logger 147982 jakob txt REG 253,0 41560 6293858 /usr/bin/logger logger 147982 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive logger 147982 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1 logger 147982 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6 logger 147982 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6 logger 147982 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4 logger 147982 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69 logger 147982 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6 logger 147982 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0 logger 147982 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2 logger 147982 jakob 0r FIFO 0,14 0t0 609636 pipe logger 147982 jakob 1w CHR 1,3 0t0 4 /dev/null logger 147982 jakob 2w CHR 1,3 0t0 4 /dev/null logger 147982 jakob 3u unix 0x00000000bc46d033 0t0 610344 type=DGRAM (CONNECTED) Fixes https://github.com/rfjakob/gocryptfs/issues/846
2024-05-17daemonize: fix typo in commentJakob Unterwurzacher
2024-05-12Remove accidentially-committed generation_num packageJakob Unterwurzacher
This package is a failed experiment and should not have been committed. Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343
2024-05-12Fix documentation errorinvis-z
Fix error in the examples for `-fido2-assert-option`
2024-05-05reverse: use incrementing inode number for gocryptfs.longname.*.name filesJakob Unterwurzacher
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side, now we also want the .name files to NOT appear hardlinked when just looking at the inode number. Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
2024-05-05tests: reverse: deduplicate findInum / findInoJakob Unterwurzacher
2024-05-05inomap: export NextSpillIno()Jakob Unterwurzacher
This will be used in reverse mode. Switch to atomic increment to avoid a "nextSpillInoUnlocked" helper.
2024-05-05inomap: incorporate spillBit into the spillNext start valueJakob Unterwurzacher
This avoids the manual "| spillBit" logic.
2024-05-01reverse: use unique generation number for all nodesJakob Unterwurzacher
We used to present gocryptfs.longname.*.name files for hardlinked files as hardlinked to the kernel (same Node ID) which is wrong. Fix this by using a unique generation number for all nodes, which also fixes possible issues with inode reuse. Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did for forward mode with -sharedstorage. Fixes https://github.com/rfjakob/gocryptfs/issues/802
2024-05-01tetss: reverse: add TestHardlinkedLongnameJakob Unterwurzacher
Regression test for https://github.com/rfjakob/gocryptfs/issues/802 . Fails at the moment.
2024-04-19Improve documentationinvis-z
2024-04-19Add option to set FIDO2 verificatoin optioninvis-z
Add an option to specify user verification options for `fido2-assert -t` Options will be saved to config file Provide same functionality to #705 with simpler implementation Resolve #702
2024-04-18Build with v2 extensionszp
Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators. Closes #828
2024-04-18MANPAGE: emphasize that -reverse implies -aessiv, so you must specify it ↵Jakob Unterwurzacher
with -masterkey Fixes: https://github.com/rfjakob/gocryptfs/issues/841
2024-03-13init_dir: use masterkey argPablo Mazzini
2024-03-12fix: panic: XTIMES (80000000) overlaps with INIT_RESERVED (80000000)Juan Ezquerro LLanes
2024-03-09fusefrontend: fix excessive file fragmentation on BTRFSAlex Shumsky
2024-01-23go.mod: update all depsJakob Unterwurzacher
2023-12-11tests: TestMountPasswordIncorrect: better error on wrong exit codeJakob Unterwurzacher
Report that exit code is wrong when the exit code is wrong.
2023-12-11test.bash: print fs infoJakob Unterwurzacher
2023-11-12Update MANPAGE.mdRohan Talip
Removed repeated "conflicts"
2023-10-29github ci: add back go 1.18 & go 1.19Jakob Unterwurzacher
Seems to build fine and has a big userbase due to Debian and Ubuntu.
2023-10-29Update xattrChristian Stewart
Signed-off-by: Christian Stewart <christian@aperture.us>
2023-10-29Update go-fuseChristian Stewart
Signed-off-by: Christian Stewart <christian@aperture.us>
2023-10-29Update /x/crypto, /x/sys/, /x/term, jacobsa-cryptoChristian Stewart
Updated jacobsa-crypto which also pulls in the latest versions of the golang.org/x/ packages. Signed-off-by: Christian Stewart <christian@aperture.us>
2023-10-29.github: drop unsupported Go versionsChristian Stewart
According to https://go.dev/doc/devel/release#policy each major Go release is supported until there are two newer major releases. For example, Go 1.5 was supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8 release. Older releases are not receiving security updates. Upcoming dependency updates to golang exp packages use newer features like unsafe.Slice and therefore do not build correctly against Go < 1.19.x. Drop the older versions and add the newer versions to the ci. Signed-off-by: Christian Stewart <christian@aperture.us>
2023-09-17fsck: print "Checking filesystem..."Jakob Unterwurzacher
From https://github.com/rfjakob/gocryptfs/issues/779 / @jroovy > When using `-fsck`, the command line output looks like this: > > ``` > $ gocryptfs -fsck ENCRYPTED_DIRECTORY > Password: > Decrypting master key > ``` > > However, the user might think it's stuck at decrypting the master > key. Adding extra text showing that fsck is working would be nice, > something like: > > ``` > $ gocryptfs -fsck ENCRYPTED_DIRECTORY > Password: > Decrypting master key > Checking filesystem... > ``` Fixes https://github.com/rfjakob/gocryptfs/issues/779
2023-09-15gocryptfs -speed: call testing.Init() to not panicJakob Unterwurzacher
Looks like I should have been calling testing.Init() all along. From https://pkg.go.dev/testing#Init : > Init is only needed when calling functions such as > Benchmark without using "go test". Panic only affected without_openssl builds and looks like this: $ ./gocryptfs -speed gocryptfs v2.4.0-2-g8b1c4b0-dirty without_openssl; go-fuse v2.3.0; 2023-09-15 go1.21.1 linux/amd64 cpu: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz; with AES acceleration AES-GCM-256-OpenSSL panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5a5d20] goroutine 7 [running]: testing.(*common).decorate(0x40d625?, {0xc00001c150, 0x2a}, 0x830601?) testing/testing.go:772 +0xa0 [...] Fixes: https://github.com/rfjakob/gocryptfs/issues/789 Relates-to: https://github.com/golang/go/issues/62666
2023-09-15nametransform: reject non-canonical base64Jakob Unterwurzacher
The test added in the earlier commit passes with this change.
2023-09-15tests/fsck: add malleable_base64 test filesystemJakob Unterwurzacher
This filesystem contains filenames with non-canonical base64 encodings of the same name "foo", leading to this mess: $ ls mnt/ foo foo foo foo
2023-09-05Print errors to stderrVladimir Palevich
2023-06-17Added contrib/gocryptfsshIco Doornekamp
2023-06-10README: update changelog for v2.4.0v2.4.0Jakob Unterwurzacher
2023-05-30tests: add cluster testJakob Unterwurzacher
finds out what happens if multiple gocryptfs mounts write to one file concurrently (usually, nothing good). This use case is relevant for HPC clusters.
2023-05-19fsstress-gocryptfs.bash: improve header commentJakob Unterwurzacher
I maybe should have noted that this is xfstests generic/013.
2023-05-18tests: TestDirectMount: check for default_permissionsJakob Unterwurzacher
2023-05-17fusefrontend: implement our own Access()Jakob Unterwurzacher
Not having Access() means go-fuse emulates it by looking at Getattr(). This works fine most of the time, but breaks down on sshfs, where sshfs-benchmark.bash shows this: gocryptfs/tests$ ./sshfs-benchmark.bash nuetzlich.net working directory: /tmp/sshfs-benchmark.bash.JQC sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.Wrz/gocryptfs.crypt -> gocryptfs.mnt sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs git init 3.98 6.80 rsync 7.71 10.84 rm -R 4.30rm: descend into write-protected directory 'gocryptfs.mnt/git1'? The go-fuse emulation gets it wrong here because sshfs reports permissions but does not enforce them. Implement it ourselves properly.