Age | Commit message (Collapse) | Author |
|
Fix error in the examples for `-fido2-assert-option`
|
|
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
|
|
|
|
This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper.
|
|
This avoids the manual "| spillBit" logic.
|
|
We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802
|
|
Regression test for https://github.com/rfjakob/gocryptfs/issues/802 .
Fails at the moment.
|
|
|
|
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
|
|
Enables older CPUs (2008-2013) to take advantage of certain hardware accelerators.
Closes #828
|
|
with -masterkey
Fixes: https://github.com/rfjakob/gocryptfs/issues/841
|
|
|
|
|
|
|
|
|
|
Report that exit code is wrong when the
exit code is wrong.
|
|
|
|
Removed repeated "conflicts"
|
|
Seems to build fine and has a big userbase due to
Debian and Ubuntu.
|
|
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
Updated jacobsa-crypto which also pulls in the latest versions of the
golang.org/x/ packages.
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
According to https://go.dev/doc/devel/release#policy each major Go release is
supported until there are two newer major releases. For example, Go 1.5 was
supported until the Go 1.7 release, and Go 1.6 was supported until the Go 1.8
release. Older releases are not receiving security updates.
Upcoming dependency updates to golang exp packages use newer features like
unsafe.Slice and therefore do not build correctly against Go < 1.19.x.
Drop the older versions and add the newer versions to the ci.
Signed-off-by: Christian Stewart <christian@aperture.us>
|
|
From https://github.com/rfjakob/gocryptfs/issues/779 / @jroovy
> When using `-fsck`, the command line output looks like this:
>
> ```
> $ gocryptfs -fsck ENCRYPTED_DIRECTORY
> Password:
> Decrypting master key
> ```
>
> However, the user might think it's stuck at decrypting the master
> key. Adding extra text showing that fsck is working would be nice,
> something like:
>
> ```
> $ gocryptfs -fsck ENCRYPTED_DIRECTORY
> Password:
> Decrypting master key
> Checking filesystem...
> ```
Fixes https://github.com/rfjakob/gocryptfs/issues/779
|
|
Looks like I should have been calling testing.Init()
all along. From https://pkg.go.dev/testing#Init :
> Init is only needed when calling functions such as
> Benchmark without using "go test".
Panic only affected without_openssl builds and looks
like this:
$ ./gocryptfs -speed
gocryptfs v2.4.0-2-g8b1c4b0-dirty without_openssl; go-fuse v2.3.0; 2023-09-15 go1.21.1 linux/amd64
cpu: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz; with AES acceleration
AES-GCM-256-OpenSSL panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5a5d20]
goroutine 7 [running]:
testing.(*common).decorate(0x40d625?, {0xc00001c150, 0x2a}, 0x830601?)
testing/testing.go:772 +0xa0
[...]
Fixes: https://github.com/rfjakob/gocryptfs/issues/789
Relates-to: https://github.com/golang/go/issues/62666
|
|
The test added in the earlier commit passes with this
change.
|
|
This filesystem contains filenames with non-canonical base64
encodings of the same name "foo", leading to this mess:
$ ls mnt/
foo foo foo foo
|
|
|
|
|
|
|
|
finds out what happens if multiple
gocryptfs mounts write to one file concurrently
(usually, nothing good).
This use case is relevant for HPC clusters.
|
|
I maybe should have noted that this is xfstests generic/013.
|
|
|
|
Not having Access() means go-fuse emulates it by looking at Getattr().
This works fine most of the time, but breaks down on sshfs, where
sshfs-benchmark.bash shows this:
gocryptfs/tests$ ./sshfs-benchmark.bash nuetzlich.net
working directory: /tmp/sshfs-benchmark.bash.JQC
sshfs mounted: nuetzlich.net:/tmp -> sshfs.mnt
gocryptfs mounted: sshfs.mnt/sshfs-benchmark.bash.Wrz/gocryptfs.crypt -> gocryptfs.mnt
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 3.98 6.80
rsync 7.71 10.84
rm -R 4.30rm: descend into write-protected directory 'gocryptfs.mnt/git1'?
The go-fuse emulation gets it wrong here because sshfs reports
permissions but does not enforce them.
Implement it ourselves properly.
|
|
|
|
Attempt to directly call mount(2) before trying fusermount. This means we
can do without fusermount if running as root.
https://github.com/rfjakob/gocryptfs/issues/697
|
|
|
|
go-fuse now sets this internally.
Regression-tested in TestDirectMount.
|
|
go-fuse now handles setting FsName, including DirectMount,
so use that instead of our own solution.
Regression-tested in TestDirectMount.
|
|
This is in preparation of adding directmount capability.
It also check that FsName is set correctly, which is
in preparation for the next patch.
|
|
Otherwise we fail like this on my Fedora 38 box:
=== RUN TestOverlay
DetectQuirks: tmpfs detected, no extended attributes except acls will work.
root_test.go:379: No user xattrs! overlay mount will likely fail.
15:15:57.957960 Unimplemented opcode OPCODE-51
root_test.go:398: mount: /tmp/gocryptfs-test-parent-0/3652394902/TestOverlay.2374697046.mnt/merged: wrong fs type, bad option, bad superblock on overlay, missing codepage or helper program, or other error.
dmesg(1) may have more information after failed mount system call.
root_test.go:399: exit status 32
--- FAIL: TestOverlay (0.04s)
FAIL
Also fix the messed-up DetectQuirks bit test.
|
|
For the streaming read benchmark, we don't want to benchmark
the page cache.
|
|
Looks like I used StringSliceVar (which splits on comma)
where I should have always used StringArrayVar (which does not).
Bug report contains this example of misbehavoir:
#gocryptfs -extpass 'echo abc,123' -init testdir
Reading password from extpass program "echo abc", arguments: ["123"]
extpass cmd start failed: exec: "echo abc": executable file not found in $PATH
Fixes https://github.com/rfjakob/gocryptfs/issues/730
|
|
|
|
|
|
go get github.com/hanwen/go-fuse/v2
|
|
And add a test for it.
Fixes https://github.com/rfjakob/gocryptfs/issues/724
|
|
BenchmarkGoGCMBlockSize/16-4 5499200 219.7 ns/op 72.83 MB/s
BenchmarkGoGCMBlockSize/32-4 4497284 266.2 ns/op 120.22 MB/s
BenchmarkGoGCMBlockSize/64-4 3296336 363.4 ns/op 176.10 MB/s
BenchmarkGoGCMBlockSize/128-4 4204794 285.5 ns/op 448.36 MB/s
BenchmarkGoGCMBlockSize/256-4 2928472 409.7 ns/op 624.83 MB/s
BenchmarkGoGCMBlockSize/512-4 1825164 658.0 ns/op 778.09 MB/s
BenchmarkGoGCMBlockSize/1024-4 1000000 1151 ns/op 889.98 MB/s
BenchmarkGoGCMBlockSize/2048-4 560275 2135 ns/op 959.47 MB/s
BenchmarkGoGCMBlockSize/4096-4 291906 4099 ns/op 999.28 MB/s
BenchmarkGoGCMBlockSize/8192-4 148916 8033 ns/op 1019.83 MB/s
BenchmarkGoGCMBlockSize/16384-4 75337 15911 ns/op 1029.75 MB/s
BenchmarkGoGCMBlockSize/32768-4 37912 31651 ns/op 1035.30 MB/s
BenchmarkGoGCMBlockSize/65536-4 19000 64287 ns/op 1019.43 MB/s
BenchmarkGoGCMBlockSize/131072-4 9225 127636 ns/op 1026.92 MB/s
BenchmarkGoGCMBlockSize/262144-4 4752 252300 ns/op 1039.02 MB/s
BenchmarkGoGCMBlockSize/524288-4 2377 504612 ns/op 1038.99 MB/s
BenchmarkGoGCMBlockSize/1048576-4 1183 1011637 ns/op 1036.51 MB/s
|
|
Only visible when you run "go test -bench" like this:
$ cd gocryptfs/internal/speed
$ go test -bench .
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/v2/internal/speed
cpu: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
BenchmarkStupidGCM-4 202352 5937 ns/op 689.96 MB/s
BenchmarkStupidGCMDecrypt-4 206023 5782 ns/op 708.38 MB/s
BenchmarkGoGCM-4 291878 4098 ns/op 999.45 MB/s
BenchmarkGoGCMBlockSize/1024-4 1000000 1151 ns/op 889.88 MB/s
BenchmarkGoGCMBlockSize/2048-4 561182 2134 ns/op 959.60 MB/s
BenchmarkGoGCMBlockSize/4096-4 292057 4101 ns/op 998.87 MB/s
BenchmarkGoGCMBlockSize/8192-4 149216 8031 ns/op 1020.09 MB/s
BenchmarkGoGCMBlockSize/16384-4 75361 15917 ns/op 1029.34 MB/s
BenchmarkGoGCMBlockSize/32768-4 37916 31649 ns/op 1035.35 MB/s
BenchmarkGoGCMBlockSize/65536-4 19005 63117 ns/op 1038.33 MB/s
BenchmarkGoGCMBlockSize/131072-4 9498 126166 ns/op 1038.89 MB/s
BenchmarkGoGCMBlockSize/262144-4 4755 252149 ns/op 1039.64 MB/s
BenchmarkGoGCMBlockSize/524288-4 2377 504108 ns/op 1040.03 MB/s
BenchmarkGoGCMBlockSize/1048576-4 1188 1008675 ns/op 1039.56 MB/s
BenchmarkGoGCMDecrypt-4 294664 4059 ns/op 1009.02 MB/s
BenchmarkAESSIV-4 46498 25432 ns/op 161.05 MB/s
BenchmarkAESSIVDecrypt-4 46908 25509 ns/op 160.57 MB/s
BenchmarkXchacha-4 244473 4894 ns/op 836.97 MB/s
BenchmarkXchachaDecrypt-4 249710 4798 ns/op 853.75 MB/s
BenchmarkStupidXchacha-4 166988 7101 ns/op 576.79 MB/s
BenchmarkStupidXchachaDecrypt-4 163093 7240 ns/op 565.72 MB/s
BenchmarkStupidChacha-4 184172 6527 ns/op 627.58 MB/s
BenchmarkStupidChachaDecrypt-4 179796 6659 ns/op 615.11 MB/s
PASS
ok github.com/rfjakob/gocryptfs/v2/internal/speed 30.068s
|
|
|