| Age | Commit message (Collapse) | Author |
|---|
|
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
|
|
As DirIV is now mandatory there is no user for the noiv functions.
|
|
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
|
|
|
|
This is part of the phase-out of very old filesystems.
See https://github.com/rfjakob/gocryptfs/wiki/Compatibility for
more info.
|
|
Recreate the files so they carry all feature flags.
Also, create them with "-scryptn 10" to speed up the tests.
|
|
extpass_test and example_filesystems_test did it wrong,
always returning 0.
|
|
|
|
Let's have shorter names, and merge *_api.go into the "main"
file.
No code changes.
|
|
tlog is used heavily everywhere and deserves a shorter name.
Renamed using sed magic, without any manual rework:
find * -type f -exec sed -i 's/toggledlog/tlog/g' {} +
|
|
We want to use colored error messages also outside of main,
so let's handle it in the logging package.
The fatal logger now automatically prints red.
|
|
* Supports stdin
* Add tests for extpass and stdin
As per user request at https://github.com/rfjakob/gocryptfs/issues/30
|
|
Warnings were:
main.go:234: declaration of err shadows declaration at main.go:163:
internal/fusefrontend/file.go:401: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/file.go:419: declaration of err shadows declaration at internal/fusefrontend/file.go:379:
internal/fusefrontend/fs_dir.go:140: declaration of err shadows declaration at internal/fusefrontend/fs_dir.go:97:
|
|
If /proc/self/fd/X did not exist, the actual error is that the file
descriptor was invalid.
go-fuse's pathfs prefers using an open fd even for path-based operations
but does not take any locks to prevent the fd from being closed.
Instead, it retries the operation by path if it get EBADF. So this
change allows the retry logic to work correctly.
This fixes the error
rsync: failed to set times on "/tmp/ping.Kgw.mnt/linux-3.0/[...]/.dvb_demux.c.N7YlEM":
No such file or directory (2)
that was triggered by pingpong-rsync.bash.
|
|
We (actually, go-fuse) used to call Chown() instead of Lchown()
which meant that the operation would fail on dangling symlinks.
Fix this by calling os.Lchown() ourself. Also add a test case
for this.
|
|
The plan is to drop support for the oldest filesystem versions
in gocryptfs v1.0. For now, we only warn the user.
|
|
Several fatal errors were just printed to stdout, which
meant they were invisible when running the test suite.
Fix this by introducing toggledlog.Fatal and convert as
follows:
Fatal errors -> toggledlog.Fatal
Warnings -> toggledlog.Warn
Password prompts -> fmt.Fprintf
|
|
It may not have been a "Wrong password" after all.
Also, push down disabling the warning so LoadConfFile() can
warn about things that matter.
|
|
This should make things saner and more extensible. It prepares
the infrastructure for "required feature flags" that will be used
to deprecate old gocryptfs version.
|
|
This field is added for the convenience of users and
may help them to identify which gocryptfs version
they need to mount a filesystem.
The same information is essentially contained in FeatureFlags,
but this is more difficult to decode for humans.
It is completely ignored programmatically (also by older gocryptfs
versions).
|
|
Just presenting an empty directory means that the user does not know
that things went wrong unless he checks the syslog or tries to delete
the directory.
It would be nice to report the error even if only some files were
invalid. However, go-fuse does not allow returning the valid
directory entries AND an error.
|
|
|
|
... with the "released" boolean.
For some reason, the "f.fd.Fd() < 0" check did not work reliably,
leading to nil pointer panics on the following wlock.lock().
The problem was discovered during fsstress testing and is unlikely
to happen in normal operations.
With this change, we passed 1700+ fsstress iterations.
|
|
This makes sure the panic message also ends up in syslog
(if enabled).
|
|
Using a simple boolean was racy (which was harmless
in this case) and non-idomatic.
|
|
The Fstat call should never fail, but still, if it does return an error
it should be handled properly.
|
|
mapMutex can be anonymous and using an RWMutex is overkill
because the lock protects very short sections.
|
|
The functionality has long been replaced by the fd < 0
check.
|
|
Add a simple bash wrapper to make it easier to run the GCM
benchmarks.
|
|
Paths in statfs() calls were not encrypted resulting in
an Function not implemented error, when the unencrypted
path didn't exist in the underlying (encrypted)
filesystem.
$ df plain/existingdir
df: ‘plain/existingdir’: Function not implemented
|
|
Optimized assembly versions for Go GCM are only available
on amd64.
|
|
Go GCM is faster than OpenSSL if the CPU has AES instructions
and you are running Go 1.6+.
The "-openssl" option now defaults to "auto".
"gocryptfs -debug -version" displays the result of the autodetection.
See https://github.com/rfjakob/gocryptfs/issues/23 for details and
benchmarks.
|
|
Commit 730291feab properly freed wlock when the file descriptor is
closed. However, concurrently running Write and Truncates may
still want to lock it. Check if the fd has been closed first.
|
|
The write lock was not freed on release, causing a slow memory leak.
This was noticed by running extractloop.bash for 10 hours.
|
|
In general, OpenSSL is only threadsafe if you provide a locking function
through CRYPTO_set_locking_callback. However, the GCM operations that
stupidgcm uses never call that function.
To guard against that ever changing, set a dummy locking callback
that crashes the app.
|
|
Quoting from the patch:
We compare against Go's built-in GCM implementation. Since stupidgcm only
supports 128-bit IVs and Go only supports that from 1.5 onward, we cannot
run these tests on older Go versions.
|
|
This did not help in debugging the openssl <= 1.0.1c issue at all
and makes the code more complex. Keep it simple.
|
|
|
|
This fixes the test failures on Travis CI.
Quoting from https://github.com/openssl/openssl/commit/07a4ff79d23e45f1a45da717b7c1f41a5e1c7c0c
/* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
* required the tag before any AAD or ciphertext */
|
|
|
|
Also, print the openssl version in Travis CI
|
|
|
|
...complete with tests and benchmark.
This will allow us to get rid of the dependency to spacemonkeygo/openssl
that causes problems on Arch Linux
( https://github.com/rfjakob/gocryptfs/issues/21 )
|
|
|
|
This makes gocryptfs work at all on ZFS.
See https://github.com/rfjakob/gocryptfs/issues/22 .
|
|
Among those one real bug.
|
|
Using dirfd-relative operations allows safe lockless handling
of the ".name" files.
|
|
|
|
Go 1.4 and older do not support 128-bit IVs which caused
the tests to panic.
|
|
|
