| Age | Commit message (Collapse) | Author | 
|---|
|  | This prevents (unlikely) symlink race attacks | 
|  | Preallocation is very slow on hdds that run btrfs. Give the
user the option to disable it. This greatly speeds up small file
operations but reduces the robustness against out-of-space errors.
Also add the option to the man page.
More info: https://github.com/rfjakob/gocryptfs/issues/63 | 
|  | This improves performance on hdds running ext4, and improves
streaming write performance on hdds running btrfs. Tar extract
slows down on btrfs for some reason.
See https://github.com/rfjakob/gocryptfs/issues/63
Benchmarks:
encfs v1.9.1
============
$ ./benchmark.bash -encfs /mnt/hdd-ext4
Testing EncFS at /mnt/hdd-ext4/benchmark.bash.u0g
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,48354 s, 88,4 MB/s
UNTAR: 20.79
LS:    3.04
RM:    6.62
$ ./benchmark.bash -encfs /mnt/hdd-btrfs
Testing EncFS at /mnt/hdd-btrfs/benchmark.bash.h40
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,52552 s, 85,9 MB/s
UNTAR: 24.51
LS:    2.73
RM:    5.32
gocryptfs v1.1.1-26-g4a7f8ef
============================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.1KG
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,55782 s, 84,1 MB/s
UNTAR: 22.23
LS:    1.47
RM:    4.17
$ ./benchmark.bash /mnt/hdd-btrfs
Testing gocryptfs at /mnt/hdd-btrfs/benchmark.bash.2t8
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 6,87206 s, 19,1 MB/s
UNTAR: 69.87
LS:    1.52
RM:    5.33
gocryptfs v1.1.1-32
===================
$ ./benchmark.bash /mnt/hdd-ext4
Testing gocryptfs at /mnt/hdd-ext4/benchmark.bash.Qt3
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 1,22577 s, 107 MB/s
UNTAR: 23.46
LS:    1.46
RM:    4.67
$ ./benchmark.bash /mnt/hdd-btrfs/
Testing gocryptfs at /mnt/hdd-btrfs//benchmark.bash.XVk
WRITE: 131072000 bytes (131 MB, 125 MiB) copied, 3,68735 s, 35,5 MB/s
UNTAR: 116.87
LS:    1.84
RM:    6.34 | 
|  |  | 
|  | This fixes the problem that a truncate can reset the file
ID without the other open FDs noticing it. | 
|  | If there are multiple filesystems backing the gocryptfs filesystems
inode numbers are not guaranteed to be unique. | 
|  |  | 
|  |  | 
|  | This could have caused spurious ENOENT errors.
That it did not cause these errors all the time is interesting
and probably because an earlier readdir would place the entry
in the cache. This masks the bug. | 
|  | $ golint ./... | grep -v underscore | grep -v ALL_CAPS
internal/fusefrontend_reverse/rfs.go:52:36: exported func NewFS returns unexported type *fusefrontend_reverse.reverseFS, which can be annoying to use
internal/nametransform/raw64_go1.5.go:10:2: exported const HaveRaw64 should have comment (or a comment on this block) or be unexported | 
|  | At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths. | 
|  | Paths in the root directory were encrypted to this:
    foobar -> ./N9vPc0gXUY4PDSt0-muYXQ== | 
|  | Old:
	Nov 06 13:34:38 brikett gocryptfs[16228]: ReadDirIVAt: Read failed: EOF
	Nov 06 13:34:38 brikett gocryptfs[16228]: go-fuse: can't convert error type: EOF
New:
	Nov 06 14:08:43 brikett gocryptfs[17361]: ReadDirIVAt: wanted 16 bytes, got 0. Returning EINVAL. | 
|  | Using raw64 will not work, but at least it will compile. | 
|  | Through base64.RawURLEncoding.
New command-line parameter "-raw64". | 
|  | The Back In Time backup tool (https://github.com/bit-team/backintime)
wants to write directly into the ciphertext dir.
This may cause the cached directory IV to become out-of-date.
Having an expiry time limits the inconstency to one second, like
attr_timeout does for the kernel getattr cache. | 
|  | Simplify the code a bit. | 
|  | The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests. | 
|  | Calculating the block offset is easy enough, even more now
that gocryptfs-xray exists. | 
|  | Running xfstests generic/075 on tmpfs often triggered a panic
for what seems to be a tmpfs bug.
Quoting from the email to lkml,
http://www.spinics.net/lists/kernel/msg2370127.html :
	tmpfs seems to be incorrectly returning 0-bytes when reading from
	a file that is concurrently being truncated. | 
|  | Stat() calls are expensive on NFS as they need a full network
round-trip. We detect when a write immediately follows the
last one and skip the Stat in this case because the write
cannot create a file hole.
On my (slow) NAS, this takes the write speed from 24MB/s to
41MB/s. | 
|  | The details of the hole handling don't have to be in
Write, so move it away. | 
|  | ...and add comments for what is happening. | 
|  | Close https://github.com/rfjakob/gocryptfs/issues/54 | 
|  | For convenience for the user, add a newline at the end.
Reported as #51 . | 
|  | Test that we get the right timestamp when extracting a tarball.
Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all. | 
|  |  | 
|  | Revert once https://github.com/hanwen/go-fuse/pull/131 is merged. | 
|  | Requested at https://github.com/rfjakob/gocryptfs/issues/28 | 
|  | ...and exit if it is not zero. | 
|  | Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged. | 
|  | This can happen during normal operation when the directory has
been deleted concurrently. But it can also mean that the
gocryptfs.diriv is missing due to an error, so log the event
at "info" level. | 
|  | This already worked for files but was missing for dirs. | 
|  | These should help prevent later programming errors. | 
|  | Fix the test for that and add checks in example_filesystems_test. | 
|  | Also get rid of useless isFiltered function. | 
|  | Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.
Also adds a test for that. | 
|  | go-fuse translates errors unknown to it into "function not
implemented", which is wrong in this case. | 
|  | Gets rid of the idling longnameCacheCleaner thread in "normal" mode. | 
|  |  | 
|  |  | 
|  | Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test. | 
|  | The [Stat_t.Dev](https://golang.org/pkg/syscall/#Stat_t) docs say `Dev` is a `unit64`, but on [macOS amd64](https://golang.org/src/syscall/ztypes_darwin_amd64.go) it's an `int32`. | 
|  | Build helper script: build-without-openssl.bash | 
|  | As we now also support AES-SIV the old name is no longer
correct. | 
|  | AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512. | 
|  | Add a test for that.
Also test operations using a 64-byte key. | 
|  | Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path. | 
|  | After all, is's a virtual file. | 
|  | GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV. |