Age | Commit message (Collapse) | Author |
|
|
|
|
|
With test to verify that it actually works this
time: Run "make root_test".
Depends-on: https://github.com/rfjakob/gocryptfs/issues/536
Fixes: https://github.com/rfjakob/gocryptfs/issues/536
|
|
|
|
Hard link tracking was not correctly disabled
since the migration to the go-fuse v2 api.
Add a test to ensure it stays off.
Fixes https://github.com/rfjakob/gocryptfs/issues/525
|
|
When a process has its working dir inside the mount,
the only way we notice is that we get EBUSY when trying
to unmount.
We used to lazy-unmount in this case, but this means
pulling the rug from under the process.
For example, bash will start throwing
cd: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
messages.
Fixes https://github.com/rfjakob/gocryptfs/issues/533
|
|
This option is similar to fuse(8) kernel_cache
Verified using vmtouch.
Without -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011159 seconds
Files: 1
Directories: 0
Resident Pages: 0/2560 0/10M 0%
Elapsed: 0.000993 seconds
With -kernel_cache:
$ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s
Files: 1
Directories: 0
Touched Pages: 2560 (10M)
Elapsed: 0.011564 seconds
Files: 1
Directories: 0
Resident Pages: 2560/2560 10M/10M 100%
Elapsed: 0.000369 seconds
|
|
Unless we are mounted with -suid, we can reject
these requests, and gain back some lost speed.
Closes https://github.com/rfjakob/gocryptfs/issues/515
|
|
Suppress the date but show microseconds in fuse debug logs
(-fusedebug) and go-fuse warnings.
|
|
srv.SetDebug() is deprecated and only enables the debug
output after the init sequence, so we missed the first
few transaction in the debug output.
|
|
Directly accessing the Nodes does not work properly,
as there is no way to attach a newly LOOKUPped Node
to the tree. This means Path() does not work.
Use an actual mount instead and walk the tree.
|
|
|
|
Horribly broken, but it compiles.
.../tests/fsck$ ./run_fsck.bash
Reading password from extpass program "echo", arguments: ["test"]
Decrypting master key
OpenDir ".": invalid entry "invalid_file_name.3": illegal base64 data at input byte 17
OpenDir ".": invalid entry "invalid_file_name_2": bad message
fsck: corrupt entry in dir "": "invalid_file_name.3"
fsck: corrupt entry in dir "": "invalid_file_name_2"
OpenDir ".": invalid entry "invalid_file_name____1": bad message
fsck: corrupt entry in dir "": "invalid_file_name____1"
fsck: error stating file ".go-fuse.5577006791947779410/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.13260572831089785859/deleted": no such file or directory
fsck: error opening dir "i10488239 (dir): ": no such file or directory
fsck: error reading symlink ".go-fuse.10667007354186551956/deleted": no such file or directory
fsck: error listing xattrs on ".go-fuse.11998794077335055257/deleted": no such file or directory
[...]
|
|
Don't let go-fuse mess úp 0000 permissions.
|
|
fs.Mount already called srv.Serve() for us.
|
|
Compiles and mounts but does nothing useful.
|
|
We need
https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :
2019/10/30 17:14:16 Unknown opcode 2016
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]
This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.
Running
git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2
to check for forgotten references comes back clean.
|
|
The former interal ctlsock server package is renamed
to ctlsocksrv.
|
|
This was handled both in getMasterKey(). Split it apart.
|
|
Resolves https://github.com/rfjakob/gocryptfs/issues/393
|
|
Use exec.LookPath() to find fusermount in the user's PATH
first. Fall back to /bin/fusermount for the case that PATH
is not set, like go-fuse does.
Fixes https://github.com/rfjakob/gocryptfs/issues/448
|
|
fusermount3 (i.e. fusermount from libfuse 3.x) has dropped
the `nonempty` option.
Detect fusermount3 and don't add `nonempty` in this case.
Fixes https://github.com/rfjakob/gocryptfs/pull/440
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/421
|
|
Cast to uint32 to fix the int32 overflow, and define BTRFS_SUPER_MAGIC
locally to fix the next failure on darwin.
|
|
The function actually answers the question:
"is this an empty dir"?
|
|
Preallocation on Btrfs is broken ( https://github.com/rfjakob/gocryptfs/issues/395 ,
https://lore.kernel.org/linux-btrfs/CAPv9Zmk46As_P9Gyf_icET53xRda63h7iC1meES9xbdDEt9qow@mail.gmail.com/ )
and slow ( https://github.com/rfjakob/gocryptfs/issues/63 ).
|
|
This adds support for gitignore-like wildcards and exclude patters in
reverse mode. It (somewhat) fixes #273: no regexp support, but the
syntax should be powerful enough to satisfy most needs.
Also, since adding a lot of --exclude options can be tedious, it adds
the --exclude-from option to read patterns from a file (or files).
|
|
Fixes the following test failure:
cli_test.go:534: Failed to mount "[...]/542399800,foo,bar" on "[...]/542399800,foo,bar.mnt": exit status 19
|
|
The messages would still be collected via gocryptfs-logger,
but let's do it right.
Before:
Oct 17 21:58:12 brikett gocryptfs[9926]: testing info
Oct 17 21:58:12 brikett gocryptfs[9926]: testing warn
Oct 17 21:58:12 brikett gocryptfs-9926-logger[9935]: testing fatal
After:
Oct 17 22:00:53 brikett gocryptfs[10314]: testing info
Oct 17 22:00:53 brikett gocryptfs[10314]: testing warn
Oct 17 22:00:53 brikett gocryptfs[10314]: testing fatal
|
|
Even though filesystem notifications aren't implemented for FUSE, I decided to
try my hand at implementing the autounmount feature (#128). I based it on the
EncFS autounmount code, which records filesystem accesses and checks every X
seconds whether it's idled long enough to unmount.
I've tested the feature locally, but I haven't added any tests for this flag.
I also haven't worked with Go before. So please let me know if there's
anything that should be done differently.
One particular concern: I worked from the assumption that the open files table
is unique per-filesystem. If that's not true, I'll need to add an open file
count and associated lock to the Filesystem type instead.
https://github.com/rfjakob/gocryptfs/pull/265
|
|
The cipherdir path is used as the fsname, as displayed
in "df -T". Now, having a comma in fsname triggers a sanity check
in go-fuse, aborting the mount with:
/bin/fusermount: mount failed: Invalid argument
fuse.NewServer failed: fusermount exited with code 256
Sanitize fsname by replacing any commas with underscores.
https://github.com/rfjakob/gocryptfs/issues/262
|
|
Instead, first Load() the file, then DecryptMasterKey().
Fixes https://github.com/rfjakob/gocryptfs/issues/258
|
|
https://github.com/rfjakob/gocryptfs/issues/235
|
|
Before: fuse.NewServer failed: "fusermount exited with code 256\n"
After: fuse.NewServer failed: fusermount exited with code 256
|
|
When mounted via /etc/fstab like this,
/a /b fuse.gocryptfs default 0 0
we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :
mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
If both `-o user` and `-o exec` are set, it passes `-o exec`.
Make these options work, and in addtion, also make -suid and -rw
work the same way.
Reported-by: @mahkoh
|
|
Reported by https://goreportcard.com/report/github.com/rfjakob/gocryptfs
|
|
This is where the results are used, so call it
there.
This simplifies doMount a bit because we can get
rid of the block protecting masterkey.
|
|
The new helper will also be used by fsck.
|
|
To avoid confusion with fsck, rename to isDir*()
and move the functions into init_dir.go.
|
|
https://github.com/rfjakob/gocryptfs/issues/218
|
|
A few places have called tlog.Warn.Print, which directly
calls into log.Logger due to embedding, losing all features
of tlog.
Stop embedding log.Logger to make sure the internal functions
cannot be called accidentially and fix (several!) instances
that did.
|
|
Also drop the unused int return.
|
|
As soon as we don't need them anymore, overwrite
keys with zeros. Make sure they run out of scope
so we don't create a risk of inadvertedly using
all-zero keys for encryption.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
Raise the bar for recovering keys from memory.
https://github.com/rfjakob/gocryptfs/issues/211
|
|
Both fusefrontend and fusefrontend_reverse were doing
essentially the same thing, move it into main's
initFuseFrontend.
A side-effect is that we have a reference to cryptocore
in main, which will help with wiping the keys on exit
(https://github.com/rfjakob/gocryptfs/issues/211).
|
|
As reported in https://github.com/rfjakob/gocryptfs/issues/194 ,
OSXFuse creates the mountpoint if it does not exist.
|
|
OSXFuse automatically creates the mountpoint if it is
below /Volumes because this would require root permissions
which the user might not have.
Reported at https://github.com/rfjakob/gocryptfs/issues/194
|
|
At the moment, it does two things:
1. Disable stat() caching so changes to the backing storage show up
immediately.
2. Disable hard link tracking, as the inode numbers on the backing
storage are not stable when files are deleted and re-created behind
our back. This would otherwise produce strange "file does not exist"
and other errors.
Mitigates https://github.com/rfjakob/gocryptfs/issues/156
|
|
From https://github.com/rfjakob/gocryptfs/issues/150:
mkdir a
mkdir a/b
gocryptsfs -init -reverse a/
gocryptfs -reverse a/ a/b
Now directory a/b/ contains encrypted view of 'a' but it
is possible to descend into encrypted version of b (e.g.
a/b/43873uhj538765387/) which contains double encrypted
'a' and so on.
Reported-by: https://github.com/tigmac
|
|
Disable hard link tracking to avoid strange breakage on duplicate
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/149 ).
Reverse mode is read-only, so we don't need a working link().
|