| Age | Commit message (Collapse) | Author | 
|---|
|  | We used to prefer openssl in this situation, which
used to make sense, but now Go gained an optimized
assembly implementation for aes-gcm on arm64 with
aes instructions:
  root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed
  gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64
  AES-GCM-256-OpenSSL      212.30 MB/s    (selected in auto mode)
  AES-GCM-256-Go           452.30 MB/s
  AES-SIV-512-Go           100.25 MB/s
  XChaCha20-Poly1305-Go    137.35 MB/s
https://github.com/rfjakob/gocryptfs/issues/452 | 
|  | inomap will also be used by fusefrontend_reverse
in the future. Split if off openfiletable to make
it independent. | 
|  | https://github.com/rfjakob/gocryptfs/issues/452 | 
|  |  | 
|  | We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.
Tests will be added in the next commit.
https://github.com/rfjakob/gocryptfs/issues/453 | 
|  | Resolves https://github.com/rfjakob/gocryptfs/issues/393 | 
|  | The result is counter-intuitive, so explain it here. | 
|  | Now that I have discovered golang.org/x/sys/cpu and that Go
versions below 1.6 are uncommon, there was not much useful
code left in prefer_openssl.
Merge the remains into stupidgcm. | 
|  | Make the logic self-contained in the new helper function. | 
|  |  | 
|  | Error from Travis CI was:
 +GOOS=darwin
 +GOARCH=amd64
 +go build -tags without_openssl
 # github.com/rfjakob/gocryptfs/internal/fusefrontend
 internal/fusefrontend/fs.go:88:45: cannot use st.Dev (type int32) as type uint64 in argument to openfiletable.NewInumMap
Add uint64 to fix it. | 
|  | translate inode numbers on different devices to fix
collisions.
Fixes https://github.com/rfjakob/gocryptfs/issues/435 | 
|  | Generates unique inode numbers for files on different
devices.
https://github.com/rfjakob/gocryptfs/issues/435 | 
|  | The comment is outdated, at this point, we should
really not get any errors from ReadDirIVAt.
The change is best seen when running the fsck tests. Before:
  fsck: error opening dir "missing_diriv": 2=no such file or directory
After:
  OpenDir "K2m0E6qzIfoLkVZJanoUiQ": could not read gocryptfs.diriv: no such file or directory
  fsck: error opening dir "missing_diriv": 5=input/output error
See https://github.com/rfjakob/gocryptfs/issues/403 , where
the extra info would have been helpful. | 
|  | This was meant as a way to inform the user that
something is very wrong, however, users are hitting
the condition on MacOS due to ".DS_Store" files, and
also on NFS due to ".nfsXXX" files.
Drop the whole thing as it seems to cause more pain
than gain.
Fixes https://github.com/rfjakob/gocryptfs/issues/431 | 
|  | Closing the fd means the inode number may be reused immediately
by a new file, so we have to get the old fileID out of the table
beforehand!
Hopefully fixes https://github.com/rfjakob/gocryptfs/issues/363 | 
|  | This should help debugging https://github.com/rfjakob/gocryptfs/issues/363 ,
but does no harm in normal operation as it only prints ciphertext to the log. | 
|  | https://github.com/rfjakob/gocryptfs/issues/363 | 
|  | Found while debugging https://github.com/rfjakob/gocryptfs/pull/413 | 
|  | Fixes https://github.com/rfjakob/gocryptfs/issues/421 | 
|  | Error was
 +GOOS=darwin
 +GOARCH=amd64
 +go build -tags without_openssl
 # github.com/rfjakob/gocryptfs/internal/syscallcompat
 internal/syscallcompat/unix2syscall_darwin.go:22:32: u.Atimespec undefined (type unix.Stat_t has no field or method Atimespec)
 internal/syscallcompat/unix2syscall_darwin.go:23:32: u.Mtimespec undefined (type unix.Stat_t has no field or method Mtimespec)
 internal/syscallcompat/unix2syscall_darwin.go:24:32: u.Ctimespec undefined (type unix.Stat_t has no field or method Ctimespec)
caused by https://github.com/golang/sys/commit/87c872767d25fb96dfe96c794fd028b38a08440b#diff-4913a9178621eadcdf191db17915fbcb | 
|  | Handled the same way in GlusterFS, disorderfs, libfuse.
Fixes https://github.com/rfjakob/gocryptfs/issues/394 | 
|  | When we run tests as root, they will leave root-owned files
in testParentDir, which causes trouble when we run tests as
a normal user later on. Split by UID. | 
|  | Makes it easier to change the name (as some people want to):
https://github.com/rfjakob/gocryptfs/issues/37 | 
|  | CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)
Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.
It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report. | 
|  | This can happen on network drives: FRITZ.NAS mounted on MacOS returns
"operation not supported": https://github.com/rfjakob/gocryptfs/issues/390 | 
|  | Makes it easier to share an encrypted folder via a network drive.
https://github.com/rfjakob/gocryptfs/issues/387 | 
|  | GetAttr checks for this, but OpenDir did not.
https://github.com/rfjakob/gocryptfs/issues/385 | 
|  | This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.
Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files). | 
|  | To support arguments containing spaces, -extpass can now
be passed multiple times.
https://github.com/rfjakob/gocryptfs/issues/289 | 
|  | Should help debugging https://github.com/rfjakob/gocryptfs/issues/363 | 
|  | Looks like we allowed creating longer names by accident.
Fix that, and add a test that verifies it. | 
|  | Trezor support has been broken since Sept 2018
( https://github.com/rfjakob/gocryptfs/issues/261 ).
Disable trezor.go by renaming to trezor.go.broken.
This keeps "dep" from having to pull in A LOT OF dependencies:
Before:
  $ du -sh vendor/
  49M	vendor/
After:
  $ du -sh vendor/
  16M	vendor/ | 
|  | https://github.com/rfjakob/gocryptfs/issues/347 | 
|  | This fixed the "Permission denied" bug, but still has the problem that
the directory may be replaced behind our back. Mitigated by the fact
that we skip the workaround when running as root with -allow_other.
https://github.com/rfjakob/gocryptfs/issues/354 | 
|  | Breaks mounting on MacOS: unix.Faccessat on Darwin does NOT (yet)
support AT_SYMLINK_NOFOLLOW. See d44fe89ba4f3252c5bd00c4f7730197732f2a26a .
This reverts commit 0805a63df1b5f915b228727f6074c2506922d0ad. | 
|  | unix.Faccessat has added support for AT_SYMLINK_NOFOLLOW in July 2018,
https://github.com/golang/sys/commit/bd9dbc187b6e1dacfdd2722a87e83093c2d7bd6e#diff-341484dbbe3180cd7a31ef2ad2d679b6
which means we no longer need our own helper.
Closes https://github.com/rfjakob/gocryptfs/issues/347 | 
|  | In the error case, buf was not restored to the original
capacity. Instead of truncating "buf" and restoring (or forgetting to restore)
later, introduce the "data" slice.
Fixes https://github.com/rfjakob/gocryptfs/issues/356 | 
|  |  | 
|  | For Linux, everything effectively stays the same. For both path-based and
fd-based Utimens() calls, we use unix.UtimesNanoAt(). To avoid introducing
a separate syscall wrapper for futimens() (as done in go-fuse, for example),
we instead use the /proc/self/fd - trick.
On macOS, this changes quite a lot:
* Path-based Utimens() calls were previously completely broken, since
  unix.UtimensNanoAt() ignores the passed file descriptor. Note that this
  cannot be fixed easily since there IS no appropriate syscall available on
  macOS prior to High Sierra (10.13). We emulate this case by using
  Fchdir() + setattrlist().
* Fd-based Utimens() calls were previously translated to f.GetAttr() (to
  fill any empty parameters) and syscall.Futimes(), which does not does
  support nanosecond precision. Both issues can be fixed by switching to
  fsetattrlist().
Fixes https://github.com/rfjakob/gocryptfs/issues/350 | 
|  | While we're at it, also replace os.* constants with syscall.* constants. | 
|  |  | 
|  | This should get rid of
    Openat: O_NOFOLLOW missing: flags = 0x0
    Fchmodat: adding missing AT_SYMLINK_NOFOLLOW flag
    sys_common_test.go:203: chmod on symlink should have failed, but did not. New mode=0333
    UnmountErr: "[...]/057376762.mnt" was not found in MountInfo, cannot check for FD leak
and add some context to
    --- FAIL: TestUtimesNano (0.00s)
    matrix_test.go:628: no such file or directory
See https://github.com/rfjakob/gocryptfs/pull/343#issuecomment-453888006
for full test output | 
|  | FchmodatNofollow dropped the flags parameter. | 
|  | We never want Fchmodat to follow symlinks, so follow what
Qemu does, and call our function FchmodatNofollow. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | On macOS the function has a flags argument, so we don't need the
/proc/self/fd trick used on Linux. |