| Age | Commit message (Collapse) | Author | 
|---|
|  | This prevents (unlikely) symlink race attacks | 
|  | Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63 | 
|  | This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.
See https://github.com/rfjakob/gocryptfs/issues/63
Benchmarks:
encfs v1.9.1
============
$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62
$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32
gocryptfs v1.1.1-26-g4a7f8ef
============================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17
$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33
gocryptfs v1.1.1-32
===================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67
$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34 | 
|  |  | 
|  | This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it. | 
|  | If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique. | 
|  |  | 
|  | At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths. | 
|  | Through base64.RawURLEncoding.
New command-line parameter "-raw64". | 
|  | The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests. | 
|  | Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists. | 
|  | Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.
On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s. | 
|  | The details of the hole handling don't have to be in
Write, so move it away. | 
|  | ...and add comments for what is happening. | 
|  | Close https://github.com/rfjakob/gocryptfs/issues/54 | 
|  | Test that we get the right timestamp when extracting a tarball.
Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all. | 
|  |  | 
|  | Revert once https://github.com/hanwen/go-fuse/pull/131 is merged. | 
|  | Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged. | 
|  | This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level. | 
|  | This already worked for files but was missing for dirs. | 
|  | Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that. | 
|  |  | 
|  | Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path. | 
|  | Also delete the unused "dirIVNameStruct", found by deadcode. | 
|  |  | 
|  | 128-bit IVs are NOT used everywhere. | 
|  | This will be used for strong symlink encryption in reverse mode. | 
|  | Calling into go-fuse's loopbackFileSystem does not add
any value here. | 
|  | Also add ReverseDummyNonce nonce generation. | 
|  |  | 
|  | Commit af5441dcd9033e81da43ab77887a7b5aac693ab6 has caused a
regression ( https://github.com/rfjakob/gocryptfs/issues/35 )
that is fixed by this commit.
The go-fuse library by now has all the syscall wrappers in
place to correctly handle Utimens, also for symlinks.
Instead of duplicating the effort here just call into go-fuse.
Closes #35 | 
|  | This fixes a build problem on 32-bit hosts:
  internal/fusefrontend/file.go:400: cannot use a.Unix() (type int64) as
  type int32 in assignment
  internal/fusefrontend/file.go:406: cannot use m.Unix() (type int64) as
  type int32 in assignment
It also enables full nanosecond timestamps for dates
after 1970. | 
|  |  | 
|  | Protip: find naked *at syscalls using:
   git grep "syscall." | grep "at(" | grep -v syscallcompat | 
|  | Also, replace remaining naked syscall.Openat calls. | 
|  |  | 
|  | Adds a poor man's renameat implementation for OSX. | 
|  | ...and convert all calls to syscall.{Fallocate,Openat}
to syscallcompat .
Both syscalls are not available on OSX. We emulate Openat and just
return EOPNOTSUPP for Fallocate. | 
|  | We will get more of them as OSX also lacks support for openat. | 
|  | unPad16 returns detailed errors including the position of the
incorrect bytes. Kill a possible padding oracle by lumping
everything into a generic error.
The detailed error is only logged if debug is active. | 
|  | Mode=0 (default) and mode=1 (keep size) are supported.
The patch includes test cases and the whole thing passed xfstests.
Fixes https://github.com/rfjakob/gocryptfs/issues/1 . | 
|  | These are large complicated implementations that will share some
code. | 
|  | The name could be misunderstood and actually caused a bug:
doWrite used to always preallocate 4128 instead of the actual
data length. | 
|  | We were growing the file block-by-block which was pretty
inefficient. We now coalesce all the grows into a single
Ftruncate. Also simplifies the code!
Simplistic benchmark: Before:
  $ time truncate -s 1000M foo
  real	0m0.568s
After:
  $ time truncate -s 1000M foo
  real	0m0.205s | 
|  |  | 
|  | XFS returns a different error code if you try to overwrite
a non-empty directory with a directory:
XFS:  mv: cannot move ‘foo’ to ‘bar/foo’: File exists
ext4: mv: cannot move 'foo' to 'bar/foo': Directory not empty
So have EEXIST trigger the Rmdir logic as well.
Fixes issue #20
Link: https://github.com/rfjakob/gocryptfs/issues/20 | 
|  | The "!fs.args.DirIV" special case was removed by b17f0465c7
but that, by accident, also removed the handling for
PlaintextNames.
Re-add it as an explicit PlaintextNames special case.
Also adds support for removing directories that miss their
gocryptfs.diriv file for some reason. | 
|  | FUSE filesystems are mounted with "nosuid" by default. If we run as root,
we can use device files by passing the opposite mount option, "suid".
Also we have to use syscall.Chmod instead of os.Chmod because the
portability translation layer "syscallMode" messes up the sgid
and suid bits.
Fixes 70% of the failures in xfstests generic/193. The remaining are
related to truncate, but we err on the safe side:
    $ diff -u tests/generic/193.out /home/jakob/src/fuse-xfstests/results//generic/193.out.bad
    [...]
     check that suid/sgid bits are cleared after successful truncate...
     with no exec perm
     before: -rwSr-Sr--
    -after:  -rw-r-Sr--
    +after:  -rw-r--r-- | 
|  | If allow_other is set and we run as root, try to give newly created files to
the right user. |