| Age | Commit message (Collapse) | Author | 
|---|
|  | world-readable
Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier
when mounting via fstab.
Having the files follow chmod/chown of their parent does not seem
to be worth the hassle. The content of the diriv files is not
secret, and both diriv and name files are protected by the
perms of the parent dir.
Fixes https://github.com/rfjakob/gocryptfs/issues/539 | 
|  | Fixes https://github.com/rfjakob/gocryptfs/pull/503 | 
|  | Simplify the tests by using empty files. Empty
files are valid, and we don't check the content
anyway.
Also adjust comment style a little and add
a missing break statement. | 
|  | Changed invalid file decoding and decryption. Function
DecryptName now shortens the filename until the filename is
decodable and decryptable. Will work with valid **and**
invalid Base64URL delimiter (valid delimiter [0-9a-zA-z_\\-].
If the filename is not decryptable at all, it returns the
original cipher name with flag suffix Changed cli tests to
generate decryptable and undecryptable file names with correct
encrypted content. Replacing #474, extends #393 | 
|  | Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288 | 
|  | Tests that `gocryptfs -passwd -masterkey=stdin` works.
This was fixed by ff04b1d83ab1201.
Fixes https://github.com/rfjakob/gocryptfs/issues/461 | 
|  | The command line option is now called `-badname`,
so adjust the test name to match. | 
|  | Resolves https://github.com/rfjakob/gocryptfs/issues/393 | 
|  | https://github.com/rfjakob/gocryptfs/issues/450 | 
|  | When running
  $ go test ./tests/matrix/
in isolation, it failed like this:
  fd leak? before, after:
  [0r=/dev/null 3w=/dev/null 5r=/proc/8078/fd (hidden:4)]
  [0r=/dev/null 3w=/dev/null 5w=/tmp/go-build366655199/b001/testlog.txt 7r=/proc/8078/fd (hidden:4)]
Filter by prefix to get rid of this spurious test failure. | 
|  | The tests check if they leak fds themselves, but we also
check if gocryptfs leaks fds. Clarify what is what in the
error message. | 
|  | Mount with idle timeout of 100ms read something every 10ms. The fs should
NOT get unmounted. Regression test for https://github.com/rfjakob/gocryptfs/issues/421 | 
|  | https://github.com/rfjakob/gocryptfs/issues/400 | 
|  | CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)
Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.
It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report. | 
|  |  | 
|  | Makes it easier to share an encrypted folder via a network drive.
https://github.com/rfjakob/gocryptfs/issues/387 | 
|  |  | 
|  | Error was:
  tests/cli/cli_test.go:552: declaration of "err" shadows declaration at tests/cli/cli_test.go:544 | 
|  | Mount with idle timeout 10ms and check that the process exits by itself
within 5 seconds. | 
|  | The cipherdir path is used as the fsname, as displayed
in "df -T". Now, having a comma in fsname triggers a sanity check
in go-fuse, aborting the mount with:
  /bin/fusermount: mount failed: Invalid argument
  fuse.NewServer failed: fusermount exited with code 256
Sanitize fsname by replacing any commas with underscores.
https://github.com/rfjakob/gocryptfs/issues/262 | 
|  | Instead, first Load() the file, then DecryptMasterKey().
Fixes https://github.com/rfjakob/gocryptfs/issues/258 | 
|  | Callers that do not want to decrypt the masterkey should
call plain Load().
https://github.com/rfjakob/gocryptfs/issues/258 | 
|  | https://github.com/rfjakob/gocryptfs/issues/235 | 
|  | configfile.LoadConfFile()   -> configfile.Load()
configfile.CreateConfFile() -> configfile.Create() | 
|  | When mounted via /etc/fstab like this,
  /a /b fuse.gocryptfs default 0 0
we always get extra options passed. As reported by @mahkoh
at https://github.com/rfjakob/gocryptfs/pull/233 :
  mount passes `-o noexec` if `-o user` is set and `-o exec` is not set.
  If both `-o user` and `-o exec` are set, it passes `-o exec`.
Make these options work, and in addtion, also make -suid and -rw
work the same way.
Reported-by: @mahkoh | 
|  | By returning an error instead of calling os.Exit,
error cases can be tested easily. Error cases
were not tested until now. | 
|  | One fd leak found in TestMountBackground. | 
|  | Most corruption cases except xattr should be covered.
With test filesystem.
The output is still pretty ugly. xattr support will
be added in the next commits. | 
|  | The fsck operation is not yet implemented, this commits
just adds the flag and improves cli flag handling. | 
|  | This will allows us to overwrite the password
with zeros once we are done with it.
https://github.com/rfjakob/gocryptfs/issues/211 | 
|  | Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:
* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
  getrandom() syscall would be blocking (Go Bug #19274)
* Kernel versions prior to 3.17 do not support getrandom(), and there
  is no check if the random generator has been properly initialized
  before reading from /dev/urandom
This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy. | 
|  | Currently fails, as reported at
https://github.com/rfjakob/gocryptfs/issues/130 . | 
|  | We used to return code 8, now we return code 12 as documented in
the man page.
Also adds a test. | 
|  | This commit defines all exit codes in one place in the exitcodes
package.
Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.
Fixes https://github.com/rfjakob/gocryptfs/issues/77 . | 
|  | From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs. | 
|  | Also, make the other password tests more rigorous by verifying the
fs content. | 
|  | It was actually testing extpass a second time. | 
|  | Also fixes the failure to run the benchmarks do to the missing
gocryptfs.diriv. |