Age | Commit message (Collapse) | Author |
|
We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
|
|
Should make debugging situations like
https://github.com/rfjakob/gocryptfs/issues/852
Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
4e45a317-595d8a2d-46493a30-97de86ef-
540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/681
Fixes 2a25c3a8fda1f0918fd76687561b1a9c615298b9
|
|
This allows cleanups to happen in the caller, like removing
the control socket.
Fixes https://github.com/rfjakob/gocryptfs/issues/634
|
|
Our git version is v2+ for some time now, but go.mod
still declared v1. Hopefully making both match makes
https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work.
All the import paths have been fixed like this:
find . -name \*.go | xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/%
|
|
Except xattrSupported, this is a false positive.
$ golangci-lint run --disable-all --enable unused --enable deadcode
gocryptfs-xray/xray_main.go:24:5: `GitVersionFuse` is unused (deadcode)
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
^
tests/symlink_race/main.go:47:6: `chmodLoop` is unused (deadcode)
func chmodLoop() {
^
internal/readpassword/extpass_test.go:11:5: `testPw` is unused (deadcode)
var testPw = []byte("test")
^
tests/reverse/xattr_test.go:13:6: func `xattrSupported` is unused (unused)
func xattrSupported(path string) bool {
^
internal/fusefrontend_reverse/rpath.go:20:22: func `(*RootNode).abs` is unused (unused)
func (rfs *RootNode) abs(relPath string, err error) (string, error) {
^
tests/matrix/matrix_test.go:310:6: `sContains` is unused (deadcode)
func sContains(haystack []string, needle string) bool {
|
|
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
|
|
|
|
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)
Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.
It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
|
|
To support arguments containing spaces, -extpass can now
be passed multiple times.
https://github.com/rfjakob/gocryptfs/issues/289
|
|
Trezor support has been broken since Sept 2018
( https://github.com/rfjakob/gocryptfs/issues/261 ).
Disable trezor.go by renaming to trezor.go.broken.
This keeps "dep" from having to pull in A LOT OF dependencies:
Before:
$ du -sh vendor/
49M vendor/
After:
$ du -sh vendor/
16M vendor/
|
|
Due to a copy-paste error, we ran the wrong test in the
subprocess.
Thanks @slackner for noticing at
https://github.com/rfjakob/gocryptfs/commit/295d432175292dbaef572093d784aab55f5c0b8f#r31690478 !
|
|
Allows better error handling, gets rid of the call to an
external program, and fixes https://github.com/rfjakob/gocryptfs/issues/278 .
|
|
Show enable_trezor in the version string if we were compiled
with `-tags enable_trezor`. And hide the `-trezor` flag from
the help output if we were not.
|
|
|
|
The trezor libraries are not yet stable enough to build
gocryptfs with trezor support by default.
It does not even compile at the moment:
$ ./build.bash -tags enable_trezor
# github.com/conejoninja/tesoro/vendor/github.com/trezor/usbhid
../../conejoninja/tesoro/vendor/github.com/trezor/usbhid/hid.go:32:11: fatal error: os/threads_posix.c: No such file or directory
#include "os/threads_posix.c"
^~~~~~~~~~~~~~~~~~~~
compilation terminated.
https://github.com/conejoninja/tesoro/issues/9
|
|
Check that the value has changed, is not all-zero
and has the right length.
|
|
|
|
TrezorPayload stores 32 random bytes used for unlocking
the master key using a Trezor security module. The randomness makes sure
that a unique unlock value is used for each gocryptfs filesystem.
|
|
readpassword.Trezor() is not implemented yet and returns
a hardcoded dummy key.
|
|
https://github.com/rfjakob/gocryptfs/issues/218
|
|
Overwrite the masterkey with zeros once we
have encrypted it, and let it run out of scope.
Also get rid of the password duplicate in
readpassword.Twice.
|
|
This will allows us to overwrite the password
with zeros once we are done with it.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
Empty passwords are not allowed. Let's give the error
it's own exit code.
|
|
This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
This is the value EncFS uses, so let's follow suit.
Suggested at https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
1000 was too low as at least one user had a password
that was longer.
Fixes https://github.com/rfjakob/gocryptfs/issues/93
|
|
This used to hang at 100% CPU:
cat /dev/zero | gocryptfs -init a
...and would ultimately send the box into out-of-memory.
The number 1000 is chosen arbitrarily and seems big enough
given that the password must be one line.
Suggested by @mhogomchungu in https://github.com/rfjakob/gocryptfs/issues/77 .
|
|
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
|
|
|
|
...and while we are at it, also filenames starting with "-".
|
|
...and exit if it is not zero.
|
|
|
|
|
|
extpass_test and example_filesystems_test did it wrong,
always returning 0.
|
|
|
|
tlog is used heavily everywhere and deserves a shorter name.
Renamed using sed magic, without any manual rework:
find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
|
|
We want to use colored error messages also outside of main,
so let's handle it in the logging package.
The fatal logger now automatically prints red.
|
|
* Supports stdin
* Add tests for extpass and stdin
As per user request at https://github.com/rfjakob/gocryptfs/issues/30
|