Age | Commit message (Collapse) | Author |
|
Scary. But explains why TestConcurrentCreate fails.
gocryptfs/tests/cluster$ go test -run TestPoCTornWrite
--- FAIL: TestPoCTornWrite (0.00s)
poc_test.go:210: iteration 214: inconsistent block: d6d6d6d6d6d6d6d6d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1d1
FAIL
|
|
With -sharedstorage, we keep the on-disk file header.
Other mounts may have the file ID cached so we cannot mess with it.
This makes TestOpenTruncate pass.
|
|
This fails right now:
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doWrite 2898550: corrupt header: ParseHeader: header is all-zero. Header hexdump: 000000000000000000000000000000000000
cluster_test.go:240: iteration 1: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/1896094179/TestOpenTruncate.4202105280.mnt2/foo: input/output error
--- FAIL: TestOpenTruncate (0.10s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.099s
1 jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs/tests/cluster$ go test -run TestOpenTruncate -v
=== RUN TestOpenTruncate
cluster_test.go:235: POSIX compliance issue: non-exlusive create failed with err=file exists
doRead 2898565: corrupt block #0: cipher: message authentication failed
ino2898565 fh9: RMW read failed: errno=5
cluster_test.go:240: iteration 8: WriteAt: write /var/tmp/gocryptfs-test-parent-1026/652691834/TestOpenTruncate.281532388.mnt1/foo: input/output error
--- FAIL: TestOpenTruncate (0.09s)
FAIL
exit status 1
FAIL github.com/rfjakob/gocryptfs/v2/tests/cluster 0.095s
|
|
|
|
This exercises the byte-range locks we just added.
|
|
Multiple host writing to the same empty file at the same time
could have overwritten each other's newly created file header,
leading to data corruption.
Fix the race by placing a byte-range lock on the file when
creating the file header.
|
|
This is not a real leak:
fd leak in test process? before, after:
[0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll])]
[0r=/dev/null 3r=/proc/940141/fd 5rw=anon_inode:[eventfd] 12rw=anon_inode:[pidfd] (filtered: pipe:[2454797], pipe:[2454797], anon_inode:[eventpoll], pipe:[2460158])]
Ignore pidfd.
|
|
Turns out at least the tests depended on the old
behavoir.
Fixes d5bd98eb3f4cbfb8dd9d0b2eb64dbff69c3c88b1
|
|
Using the same "-extpass" or "-passfile" for both old
and new password makes little sense, and it causes real
problems as seen here: https://github.com/rfjakob/gocryptfs/discussions/882
I hope nobody depends on this or I'll have to revert.
Fixes https://github.com/rfjakob/gocryptfs/issues/287
Fixes https://github.com/rfjakob/gocryptfs/discussions/882
|
|
|
|
We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
|
|
Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580
|
|
|
|
The `--reverse` section of the manual has a reference to an `INIT FLAGS` section, but no such section exists. Change the reference to refer to the `INIT OPTIONS` section, which does exist.
|
|
Looks like wget does not support it anymore
$ wget --version
GNU Wget2 2.1.0 - multithreaded metalink/file/website downloader
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.bmt: gocryptfs v2.4.0-38-g40abf96-dirty; go-fuse v2.5.0; 2024-09-03 go1.21.4 linux/amd64
/tmp/benchmark.bash.bmt.mnt is a mountpoint
Downloading linux-3.0.tar.gz
Unknown option 'show-progress'
|
|
Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776
|
|
Prep for solving https://github.com/rfjakob/gocryptfs/issues/776
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/809
|
|
https://github.com/rfjakob/gocryptfs/issues/809
|
|
Should make debugging situations like
https://github.com/rfjakob/gocryptfs/issues/852
Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
4e45a317-595d8a2d-46493a30-97de86ef-
540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
|
|
Merge stock kernel options with user-provided ones before passing to go-fuse.
Before: `-ko volname=custom` would result in `-o volname=mountpoint,volname=custom` to macFUSE.
After: `-ko volname=custom` would produce `-o volname=custom` with no duplicates.
Fixes #854 and #557
|
|
Instead of just looking for AES, also look for PCLMULQDQ,
like crypto/tls does.
Fixes: https://github.com/rfjakob/gocryptfs/issues/822
|
|
Let's not leak fds to logger.
Before:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 146410 jakob cwd DIR 253,0 4096 2 /
logger 146410 jakob rtd DIR 253,0 4096 2 /
logger 146410 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 146410 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 146410 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 146410 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 146410 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 146410 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 146410 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 146410 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 146410 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 146410 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 146410 jakob 0r FIFO 0,14 0t0 607727 pipe
logger 146410 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 3u unix 0x0000000046d9c96b 0t0 607729 type=DGRAM (CONNECTED)
logger 146410 jakob 10u DIR 0,33 80 7758 /tmp/tmp.lbUiEw9P6W/a
After:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 147982 jakob cwd DIR 253,0 4096 2 /
logger 147982 jakob rtd DIR 253,0 4096 2 /
logger 147982 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 147982 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 147982 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 147982 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 147982 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 147982 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 147982 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 147982 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 147982 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 147982 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 147982 jakob 0r FIFO 0,14 0t0 609636 pipe
logger 147982 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 3u unix 0x00000000bc46d033 0t0 610344 type=DGRAM (CONNECTED)
Fixes https://github.com/rfjakob/gocryptfs/issues/846
|
|
|
|
This package is a failed experiment and should not
have been committed.
Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343
|
|
Fix error in the examples for `-fido2-assert-option`
|
|
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
|
|
|
|
This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper.
|
|
This avoids the manual "| spillBit" logic.
|
|
We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802
|
|
Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment.
|
|
|
|
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
|
|
Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators.
Closes #828
|
|
with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841
|
|
|
|
|
|
|
|
|
|
Report that exit code is wrong when the
exit code is wrong.
|
|
|
|
Removed repeated "conflicts"
|
|
Seems to build fine and has a big userbase due to
Debian and Ubuntu.
|
|
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
Updated jacobsa-crypto which also pulls in the latest versions of the
golang.org/x/ packages.
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
According to https://go.dev/doc/devel/release#policy each major Go release is
supported until there are two newer major releases. For example, Go 1.5 was
supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8
release. Older releases are not receiving security updates.
Upcoming dependency updates to golang exp packages use newer features like
unsafe.Slice and therefore do not build correctly against Go < 1.19.x.
Drop the older versions and add the newer versions to the ci.
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
From https://github.com/rfjakob/gocryptfs/issues/779 / @jroovy
> When using `-fsck`, the command line output looks like this:
>
> ```
> $ gocryptfs -fsck ENCRYPTED_DIRECTORY
> Password:
> Decrypting master key
> ```
>
> However, the user might think it's stuck at decrypting the master
> key. Adding extra text showing that fsck is working would be nice,
> something like:
>
> ```
> $ gocryptfs -fsck ENCRYPTED_DIRECTORY
> Password:
> Decrypting master key
> Checking filesystem...
> ```
Fixes https://github.com/rfjakob/gocryptfs/issues/779
|
|
Looks like I should have been calling testing.Init()
all along. From https://pkg.go.dev/testing#Init :
> Init is only needed when calling functions such as
> Benchmark without using "go test".
Panic only affected without_openssl builds and looks
like this:
$ ./gocryptfs -speed
gocryptfs v2.4.0-2-g8b1c4b0-dirty without_openssl; go-fuse v2.3.0; 2023-09-15 go1.21.1 linux/amd64
cpu: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5a5d20]
goroutine 7 [running]:
testing.(*common).decorate(0x40d625?, {0xc00001c150, 0x2a}, 0x830601?)
testing/testing.go:772 +0xa0
[...]
Fixes: https://github.com/rfjakob/gocryptfs/issues/789
Relates-to: https://github.com/golang/go/issues/62666
|