| Age | Commit message (Collapse) | Author |
|---|
|
This commit resolves https://github.com/rfjakob/gocryptfs/issues/850
by addressing Unicode normalization mismatches on macOS between NFC
(used by CLI tools) and NFD (used by GUI apps). The solution is inspired
by Cryptomator's approach ( https://github.com/cryptomator/cryptomator/issues/264 ).
Forward mode on MacOS now enforces NFC for storage but presents NFD
as recommended by https://developer.apple.com/library/archive/qa/qa1173/_index.html .
See https://github.com/rfjakob/gocryptfs/pull/949 for more info.
|
|
Use hkdf from stable api instead of eXperimental
|
|
$ go version
go version go1.25.4 linux/amd64
$ go vet ./...
./init_dir.go:71:21: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
./main.go:123:19: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
./masterkey.go:29:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
./masterkey.go:56:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
./mount.go:415:20: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
internal/tlog/log.go:76:18: non-constant format string in call to (*log.Logger).Printf
internal/syscallcompat/quirks.go:19:19: non-constant format string in call to (*github.com/rfjakob/gocryptfs/v2/internal/tlog.toggledLogger).Printf
|
|
tmpfs supports user xattrs since Linux 6.6 (anno 2023):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2daf18a7884dc03d5164ab9c7dc3f2ea70638469
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/827
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/964
|
|
Fix macos file saving problem by implementing RENAME_EXCHANGE flag.
With test.
The dummy value for RENAME_WHITEOUT collides with the new
flags. Move it wayyy up.
https://github.com/rfjakob/gocryptfs/issues/914
|
|
This makes building with just CGO_ENABLED=0 work.
|
|
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/951
|
|
|
|
|
|
Co-authored-by: rfjakob <286847+rfjakob@users.noreply.github.com>
Add staticcheck to test.bash for continuous static analysis
Co-authored-by: rfjakob <286847+rfjakob@users.noreply.github.com>
Fix nil pointer dereference in timesToTimespec function
The previous fix for deprecated fuse.UtimeToTimespec caused a panic
because unix.TimeToTimespec doesn't handle nil pointers. This fix
properly handles nil pointers by using unix.UTIME_OMIT while still
using the non-deprecated unix.TimeToTimespec function.
Co-authored-by: rfjakob <286847+rfjakob@users.noreply.github.com>
Undo SA6002 changes and add staticcheck ignore directive instead
Co-authored-by: rfjakob <286847+rfjakob@users.noreply.github.com>
|
|
Tool-assisted.
|
|
git test suite t9300-fast-import.sh test 245 does the equivalent of this:
mkfifo fifo
exec 8<>fifo
rm fifo
cat /dev/null >&8
This used to fail with
cat: standard output: No such file or directory
because cat tries to fstat stdout.
The open() on the fifo does not reach the filesystem, so we don't
have an fd open for the delted file, hence no way to access it.
Fake fstat success as good as we can to make cat happy.
Fixes https://github.com/rfjakob/gocryptfs/issues/929
|
|
|
|
|
|
The new api guarantees that the value is aligned, preventing
stuff like this on 32 bit platforms:
goroutine 26 [running]:
internal/runtime/atomic.panicUnaligned()
/usr/lib/go-1.24/src/internal/runtime/atomic/unaligned.go:8 +0x24
internal/runtime/atomic.Xadd64(0x2496c74, 0x1)
/usr/lib/go-1.24/src/internal/runtime/atomic/atomic_arm.s:318 +0x14
github.com/rfjakob/gocryptfs/internal/inomap.(*InoMap).NextSpillIno(0x2496c60)
Fixes https://github.com/rfjakob/gocryptfs/issues/912
|
|
|
|
go-fuse 2.6.0, specifically,
https://github.com/hanwen/go-fuse/commit/e885cea8d4d40a5a9bb92bc3cef7193f2a316f59
introduced a new, file-based directory API while
deprecating the old one.
Switch to the new API.
xfstests generic/035 now passes.
Fixes https://github.com/hanwen/go-fuse/issues/55
|
|
This file was only compiled for arm because
( https://pkg.go.dev/cmd/go#hdr-Build_constraints ):
If a file's
name, after stripping the extension and a possible _test suffix,
matches any of the following patterns:
*_GOOS
*_GOARCH
*_GOOS_GOARCH
(example: source_windows_amd64.go) where GOOS and GOARCH
represent any known operating system and architecture values
respectively, then the file is considered to have an implicit
build constraint requiring those terms (in addition to any
explicit constraints in the file).
Error was:
+ GOOS=linux
+ GOARCH=386
+ build
+ go build -tags without_openssl -o /dev/null
# github.com/rfjakob/gocryptfs/v2/internal/syscallcompat
Error: internal/syscallcompat/asuser_linux.go:41:8: undefined: Setregid
Error: internal/syscallcompat/asuser_linux.go:47:8: undefined: Setreuid
Error: internal/syscallcompat/thread_credentials_linux.go:29:10: undefined: setgroups
Error: internal/syscallcompat/thread_credentials_linux.go:36:9: undefined: setgroups
Error: internal/syscallcompat/thread_credentials_linux.go:49:9: undefined: Setregid
Error: internal/syscallcompat/thread_credentials_linux.go:57:9: undefined: Setreuid
Rename the file to fix the problem. And add a comment about why this file exists.
Fixes https://github.com/rfjakob/gocryptfs/issues/907
|
|
Essentially a port of
https://github.com/hanwen/go-fuse/commit/531a68551e40e7303e94b53fb3792e6dfb28d15a .
This fixes
panic: interface conversion: *fs.dirStreamAsFile is not fs.FileGetattrer: missing method Getattr
goroutine 20 [running]:
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend.(*Node).Getattr(0x55a7ac9d9090?, {0x55a7ac85a4d8, 0xc0013401c8}, {0x55a7ac80eb40?, 0xc0013401b0}, 0xc000586938)
github.com/rfjakob/gocryptfs/v2/internal/fusefrontend/node.go:74 +0x22c
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).getattr(0xc0000b6180, {0x55a7ac85a4d8, 0xc0013401c8}, 0xc0010ea160, {0x55a7ac80eb40?, 0xc0013401b0}, 0xc000586938)
github.com/hanwen/go-fuse/v2@v2.7.2/fs/bridge.go:569 +0x9b
[...]
which is a bug exposed by a go-fuse update.
Fixes https://github.com/rfjakob/gocryptfs/issues/897
|
|
x/sys v0.1.0 (https://github.com/golang/sys/commit/d0df966e6959f00dc1c74363e537872647352d51)
breaks our usecase. Switch to our own wrappers.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/892
Relates-to: https://github.com/rfjakob/gocryptfs/issues/893
|
|
|
|
It's only used there, so move it.
|
|
As with the other files, include "linux" because the code only
builds on linux
renamed: internal/syscallcompat/thread_credentials.go -> internal/syscallcompat/thread_credentials_linux.go
renamed: internal/syscallcompat/thread_credentials_368_arm.go -> internal/syscallcompat/thread_credentials_linux_368_arm.go
renamed: internal/syscallcompat/thread_credentials_other.go -> internal/syscallcompat/thread_credentials_linux_other.go
|
|
|
|
|
|
Will use those later.
|
|
Private copies of per-thread Setreuid/Setegid/Setgroups.
https://github.com/rfjakob/gocryptfs/issues/893
https://github.com/rfjakob/gocryptfs/issues/892
|
|
|
|
With inode number reuse and hard links, we could have returned
wrong data for gocryptfs.diriv and gocryptfs.xyz.longname files, respectively
(https://github.com/rfjakob/gocryptfs/issues/802).
Now that this is fixed, ensure that rsync and similar tools pick up the new
correct files by advancing mtime and ctime by 10 seconds, which should be more
than any filesytems' timestamp granularity (FAT32 has 2 seconds).
|
|
We don't know the exact value as we only read 2kiB.
Relates-to: https://github.com/rfjakob/gocryptfs/discussions/882
|
|
Now that https://github.com/hanwen/go-fuse/issues/399 has
landed we can report an inode number for the root node.
Fixes https://github.com/rfjakob/gocryptfs/issues/580
|
|
|
|
Detect and delete an orphaned socket file that collides with
the ctlsock we want to create.
Fixes https://github.com/rfjakob/gocryptfs/issues/776
|
|
Prep for solving https://github.com/rfjakob/gocryptfs/issues/776
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/809
|
|
Should make debugging situations like
https://github.com/rfjakob/gocryptfs/issues/852
Empty stdin in mkinitcpio hook
easier.
Examples:
$ echo -n "" | ./gocryptfs -init a
Choose a password for protecting your files.
Reading Password from stdin (connected to "pipe:[749878]")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/null
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/null")
Got empty Password from stdin
$ ./gocryptfs -init a < /dev/zero
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/zero")
fatal: maximum password length of 2048 bytes exceeded
$ ./gocryptfs -init a < /dev/full
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/full")
fatal: maximum password length of 2048 bytes exceeded
$ jakob@brikett:~/go/src/github.com/rfjakob/gocryptfs$ ./gocryptfs -init a < /dev/urandom
Choose a password for protecting your files.
Reading Password from stdin (connected to "/dev/urandom")
Your master key is:
4e45a317-595d8a2d-46493a30-97de86ef-
540c7364-f0acc297-dd6f2592-7d9a5c97
If the gocryptfs.conf file becomes corrupted or you ever forget your password,
there is only one hope for recovery: The master key. Print it to a piece of
paper and store it in a drawer. This message is only printed once.
The gocryptfs filesystem has been created successfully.
You can now mount it using: gocryptfs a MOUNTPOINT
|
|
Instead of just looking for AES, also look for PCLMULQDQ,
like crypto/tls does.
Fixes: https://github.com/rfjakob/gocryptfs/issues/822
|
|
Let's not leak fds to logger.
Before:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 146410 jakob cwd DIR 253,0 4096 2 /
logger 146410 jakob rtd DIR 253,0 4096 2 /
logger 146410 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 146410 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 146410 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 146410 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 146410 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 146410 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 146410 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 146410 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 146410 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 146410 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 146410 jakob 0r FIFO 0,14 0t0 607727 pipe
logger 146410 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 146410 jakob 3u unix 0x0000000046d9c96b 0t0 607729 type=DGRAM (CONNECTED)
logger 146410 jakob 10u DIR 0,33 80 7758 /tmp/tmp.lbUiEw9P6W/a
After:
$ lsof -p $(pgrep logger)
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
logger 147982 jakob cwd DIR 253,0 4096 2 /
logger 147982 jakob rtd DIR 253,0 4096 2 /
logger 147982 jakob txt REG 253,0 41560 6293858 /usr/bin/logger
logger 147982 jakob mem REG 253,0 229754784 6292695 /usr/lib/locale/locale-archive
logger 147982 jakob mem REG 253,0 186480 6292031 /usr/lib64/libgcc_s-14-20240508.so.1
logger 147982 jakob mem REG 253,0 787128 6294119 /usr/lib64/libzstd.so.1.5.6
logger 147982 jakob mem REG 253,0 211424 6294587 /usr/lib64/liblzma.so.5.4.6
logger 147982 jakob mem REG 253,0 131128 6302636 /usr/lib64/liblz4.so.1.9.4
logger 147982 jakob mem REG 253,0 49184 6302330 /usr/lib64/libcap.so.2.69
logger 147982 jakob mem REG 253,0 2476880 6295299 /usr/lib64/libc.so.6
logger 147982 jakob mem REG 253,0 987256 6292058 /usr/lib64/libsystemd.so.0.38.0
logger 147982 jakob mem REG 253,0 906256 6295295 /usr/lib64/ld-linux-x86-64.so.2
logger 147982 jakob 0r FIFO 0,14 0t0 609636 pipe
logger 147982 jakob 1w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 2w CHR 1,3 0t0 4 /dev/null
logger 147982 jakob 3u unix 0x00000000bc46d033 0t0 610344 type=DGRAM (CONNECTED)
Fixes https://github.com/rfjakob/gocryptfs/issues/846
|
|
This package is a failed experiment and should not
have been committed.
Fixes: 9958b63931aee613d5f97a8e7137efa3fb118343
|
|
ed0a12b7337c2d88c027329f64e73070da17d5b3 already fixed the kernel side,
now we also want the .name files to NOT appear hardlinked when just
looking at the inode number.
Relates-to: https://github.com/rfjakob/gocryptfs/issues/802
|
|
This will be used in reverse mode. Switch to atomic increment to avoid
a "nextSpillInoUnlocked" helper.
|
|
This avoids the manual "| spillBit" logic.
|
|
We used to present gocryptfs.longname.*.name files for hardlinked
files as hardlinked to the kernel (same Node ID) which is wrong.
Fix this by using a unique generation number for all nodes, which
also fixes possible issues with inode reuse.
Basically what 1bc1db620b061aabf59469a5eb4fb60e3e1701a3 did
for forward mode with -sharedstorage.
Fixes https://github.com/rfjakob/gocryptfs/issues/802
|
|
Add an option to specify user verification options for `fido2-assert -t`
Options will be saved to config file
Provide same functionality to #705 with simpler implementation
Resolve #702
|
|
|
|
|
|
|
