Age | Commit message (Collapse) | Author |
|
-deterministc-names uses all-zero dirivs but does not write
them to disk anymore.
|
|
|
|
Except xattrSupported, this is a false positive.
$ golangci-lint run --disable-all --enable unused --enable deadcode
gocryptfs-xray/xray_main.go:24:5: `GitVersionFuse` is unused (deadcode)
var GitVersionFuse = "[GitVersionFuse not set - please compile using ./build.bash]"
^
tests/symlink_race/main.go:47:6: `chmodLoop` is unused (deadcode)
func chmodLoop() {
^
internal/readpassword/extpass_test.go:11:5: `testPw` is unused (deadcode)
var testPw = []byte("test")
^
tests/reverse/xattr_test.go:13:6: func `xattrSupported` is unused (unused)
func xattrSupported(path string) bool {
^
internal/fusefrontend_reverse/rpath.go:20:22: func `(*RootNode).abs` is unused (unused)
func (rfs *RootNode) abs(relPath string, err error) (string, error) {
^
tests/matrix/matrix_test.go:310:6: `sContains` is unused (deadcode)
func sContains(haystack []string, needle string) bool {
|
|
Typo inside doInit.
|
|
Issues were:
# github.com/rfjakob/gocryptfs/contrib/findholes/holes
contrib/findholes/holes/holes.go:136:2: unreachable code
# github.com/rfjakob/gocryptfs/tests/root_test_test
tests/root_test/root_test.go:139:2: unreachable code
Also make sure we actually run "go vet" against the whole
codebase.
|
|
Everything except the
if err2.Err == syscall.EOPNOTSUPP
case. Gets too confusing when collapsed into a single line.
Issues were:
$ golangci-lint run --disable-all --enable gosimple
mount.go:473:2: S1008: should use 'return strings.HasPrefix(v, "fusermount version")' instead of 'if strings.HasPrefix(v, "fusermount version") { return true }; return false' (gosimple)
if strings.HasPrefix(v, "fusermount version") {
^
cli_args.go:258:5: S1002: should omit comparison to bool constant, can be simplified to `args.forcedecode` (gosimple)
if args.forcedecode == true {
^
cli_args.go:263:6: S1002: should omit comparison to bool constant, can be simplified to `args.aessiv` (gosimple)
if args.aessiv == true {
^
cli_args.go:267:6: S1002: should omit comparison to bool constant, can be simplified to `args.reverse` (gosimple)
if args.reverse == true {
^
internal/stupidgcm/stupidgcm.go:227:6: S1002: should omit comparison to bool constant, can be simplified to `g.forceDecode` (gosimple)
if g.forceDecode == true {
^
gocryptfs-xray/xray_tests/xray_test.go:23:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
if bytes.Compare(out, expected) != 0 {
^
gocryptfs-xray/xray_tests/xray_test.go:40:5: S1004: should use !bytes.Equal(out, expected) instead (gosimple)
if bytes.Compare(out, expected) != 0 {
^
gocryptfs-xray/paths_ctlsock.go:34:20: S1002: should omit comparison to bool constant, can be simplified to `!eof` (gosimple)
for eof := false; eof == false; line++ {
^
tests/reverse/xattr_test.go:19:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
if err2.Err == syscall.EOPNOTSUPP {
^
internal/fusefrontend/node.go:459:45: S1002: should omit comparison to bool constant, can be simplified to `!nameFileAlreadyThere` (gosimple)
if nametransform.IsLongContent(cName2) && nameFileAlreadyThere == false {
^
tests/xattr/xattr_integration_test.go:221:2: S1008: should use 'return err2.Err != syscall.EOPNOTSUPP' instead of 'if err2.Err == syscall.EOPNOTSUPP { return false }; return true' (gosimple)
if err2.Err == syscall.EOPNOTSUPP {
^
tests/test_helpers/helpers.go:338:19: S1002: should omit comparison to bool constant, can be simplified to `open` (gosimple)
if err != nil && open == true {
^
tests/matrix/concurrency_test.go:121:7: S1004: should use !bytes.Equal(buf, content) instead (gosimple)
if bytes.Compare(buf, content) != 0 {
^
|
|
gocryptfs$ ineffassign ./...
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/configfile/config_file.go:243:2: ineffectual assignment to scryptHash
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/configfile/config_file.go:272:2: ineffectual assignment to scryptHash
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:285:3: ineffectual assignment to fileID
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/node.go:367:3: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/node_open_create.go:68:2: ineffectual assignment to fd
/home/jakob/go/src/github.com/rfjakob/gocryptfs/mount.go:308:2: ineffectual assignment to masterkey
/home/jakob/go/src/github.com/rfjakob/gocryptfs/gocryptfs-xray/xray_main.go:156:13: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/fusefrontend/prepare_syscall_test.go:65:16: ineffectual assignment to errno
/home/jakob/go/src/github.com/rfjakob/gocryptfs/internal/syscallcompat/open_nofollow_test.go:34:2: ineffectual assignment to fd
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:111:6: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:181:2: ineffectual assignment to sz
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/acl_test.go:198:2: ineffectual assignment to sz
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/defaults/main_test.go:365:8: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/xattr/xattr_fd_test.go:30:6: ineffectual assignment to err
/home/jakob/go/src/github.com/rfjakob/gocryptfs/tests/xattr/xattr_fd_test.go:66:6: ineffectual assignment to err
|
|
With test.
Fixes https://github.com/rfjakob/gocryptfs/issues/588
|
|
|
|
No functional changes.
|
|
Sometimes, by chance, case 5 resulted in valid decrypted data:
--- FAIL: TestBadname (0.08s)
cli_test.go:885: Case 5 failed: "J7Rbo1BvfXojpBEr0Qrt_invalid_file GOCRYPTFS_BAD_NAME" in ["file GOCRYPTFS_BAD_NAME,\x9e$O\xc3j\x8c\xd0\x06\x01#\f%k\x02\xcanvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file,file_invalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME"]
Add percent signs so base64 decoding always fails.
Fixes https://github.com/rfjakob/gocryptfs/runs/3347883728
|
|
|
|
https://github.com/kdave/btrfs-progs/issues/392
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/475
|
|
I just got this message (not reproducible) with unescaped
binary garbage.
UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestMountBackground.899727687.mnt" was not found in MountInfo, cannot check for FD leaks
UnmountErr: "/var/tmp/gocryptfs-test-parent-1026/114471933/TestConfigPipe.212912444.mnt" was not found in MountInfo, cannot check for FD leaks
DecryptName "mzaZRF9_0IU-_5vv2wPC_i": unPad16 error: Padding too long, padLen=49 > 16
OpenDir ".": invalid entry "KqQ346cuOAFHv_qSta5PhAwrongPattern": bad message
DecryptName "mzaZRF9_0IU-_5vv2wP_in": unPad16 error: Padding byte at i=10 is invalid
--- FAIL: TestBadname (0.11s)
cli_test.go:885: Case 5 failed: 'KqQ346cuOAFHv_qSta5P_invalid_file GOCRYPTFS_BAD_NAME' in [file_invalid_file GOCRYPTFS_BAD_NAME,file,mzaZRF9_0IU-_5vv2wPC_invalid_file GOCRYPTFS_BAD_NAME,file GOCRYPTFS_BAD_NAME,�*A���y���Gfnvalid_file GOCRYPTFS_BAD_NAME,mzaZRF9_0IU-_5vv2wP_invalid_file GOCRYPTFS_BAD_NAME]
Invalid cipherdir: directory /var/tmp/gocryptfs-test-parent-1026/114471933/TestInitNotEmpty not empty
FAIL
FAIL github.com/rfjakob/gocryptfs/tests/cli 4.817s
|
|
We need to look at f_fstypename acc. to
https://stackoverflow.com/a/52299141/1380267 :
> As filesystem type numbers are now assigned at runtime in
> recent versions of MacOS, you must use f_fstypename to
> determine the type.
https://github.com/rfjakob/gocryptfs/issues/585
|
|
Use the Gen field (inode generation) to distinguish hard links
while passing the real inode numbers to userspace.
Fixes https://github.com/rfjakob/gocryptfs/issues/584
|
|
https://github.com/rfjakob/gocryptfs/issues/584
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/587
|
|
Passing a relative path was broken because we cd'ed
away first.
|
|
Not called by anybody.
|
|
From >6 to <1 second.
|
|
|
|
|
|
|
|
|
|
Useless layer of indirection.
|
|
TestZerokey verifies that `gocryptfs -zerokey` uses the same options as
`gocryptfs -init`.
|
|
This proposal is the counterpart of the modifications from the `-badname`
parameter. It modifies the plain -> cipher mapping for filenames when using
`-badname` parameter. The new function `EncryptAndHashBadName` tries to find a
cipher filename for the given plain name with the following steps:
1. If `badname` is disabled or direct mapping is successful: Map directly
(default and current behaviour)
2. If a file with badname flag has a valid cipher file, this is returned
(=File just ends with the badname flag)
3. If a file with a badname flag exists where only the badname flag was added,
this is returned (=File cipher name could not be decrypted by function
`DecryptName` and just the badname flag was added)
4. Search for all files which cipher file name extists when cropping more and
more characters from the end. If only 1 file is found, return this
5. Return an error otherwise
This allows file access in the file browsers but most important it allows that
you rename files with undecryptable cipher names in the plain directories.
Renaming those files will then generate a proper cipher filename One
backdraft: When mounting the cipher dir with -badname parameter, you can never
create (or rename to) files whose file name ends with the badname file flag
(at the moment this is " GOCRYPTFS_BAD_NAME"). This will cause an error.
I modified the CLI test function to cover additional test cases. Test [Case
7](https://github.com/DerDonut/gocryptfs/blob/badnamecontent/tests/cli/cli_test.go#L712)
cannot be performed since the cli tests are executed in panic mode. The
testing is stopped on error. Since the function`DecryptName` produces internal
errors when hitting non-decryptable file names, this test was omitted.
This implementation is a proposal where I tried to change the minimum amount
of existing code. Another possibility would be instead of creating the new
function `EncryptAndHashBadName` to modify the signature of the existing
function `EncryptAndHashName(name string, iv []byte)` to
`EncryptAndHashName(name string, iv []byte, dirfd int)` and integrate the
functionality into this function directly. You may allow calling with dirfd=-1
or other invalid values an then performing the current functionality.
|
|
Move the script from tests to contrib as it may now
be useful to somebody else.
https://github.com/rfjakob/gocryptfs/issues/552
|
|
gocryptfs 2.0 introduced the regression that the size
reported at symlink creation was the ciphertext size,
which is wrong.
Report the plaintext size.
Fixes https://github.com/rfjakob/gocryptfs/issues/574
|
|
xfstests generic/523 discovered that we allowed to set
xattrs with "/" in the name, but did not allow to read
them later.
With this change we do not allow to set them in the first
place.
|
|
Failure looked like this:
--- FAIL: TestFileHoleCopy (3.73s)
--- FAIL: TestFileHoleCopy/k81 (0.04s)
file_holes_test.go:93: size changed: st0.Blocks=88 st2.Blocks=96
file_holes_test.go:147: aborting further subtests
$ findholes TestFileHoleCopy.k81.1
0 data
36864 hole
45056 data
50434 hole
50434 eof
$ findholes TestFileHoleCopy.k81.2
0 data
36864 hole
45056 data
50434 hole
50434 eof
$ filefrag -v TestFileHoleCopy.k81.1
Filesystem type is: ef53
File size of TestFileHoleCopy.k81.1 is 50434 (13 blocks of 4096 bytes)
ext: logical_offset: physical_offset: length: expected: flags:
0: 0.. 2: 23702311.. 23702313: 3:
1: 3.. 8: 20389855.. 20389860: 6: 23702314:
2: 11.. 12: 23702314.. 23702315: 2: 20389863: last,eof
TestFileHoleCopy.k81.1: 3 extents found
$ filefrag -v TestFileHoleCopy.k81.2
Filesystem type is: ef53
File size of TestFileHoleCopy.k81.2 is 50434 (13 blocks of 4096 bytes)
ext: logical_offset: physical_offset: length: expected: flags:
0: 0.. 2: 20389861.. 20389863: 3:
1: 3.. 4: 23702316.. 23702317: 2: 20389864:
2: 5.. 6: 20389864.. 20389865: 2: 23702318:
3: 7.. 8: 23702318.. 23702319: 2: 20389866:
4: 11.. 12: 23702320.. 23702321: 2: last,eof
TestFileHoleCopy.k81.2: 4 extents found
|
|
In response to the discussion of the xfstests mailing list [1],
I looked at the Lseek implementation, which was naive and
did not handle all cases correctly.
The new implementation aligns the returned values to 4096 bytes
as most callers expect.
A lot of tests are added to verify that we handle all
cases correctly now.
[1]: https://www.spinics.net/lists/fstests/msg16554.html
|
|
Currently fails.
|
|
Problem in go-fuse has long been fixed.
|
|
As discovered by xfstests generic/401 [1], during the move to
the v2 api we seem to have lost the "." and ".." directory
entries.
[1]: https://github.com/rfjakob/fuse-xfstests/blob/4ef5b032bc283743d0eb58a8a28738766e664899/screenlog.0#L520
|
|
With test to verify that it actually works this
time: Run "make root_test".
Depends-on: https://github.com/rfjakob/gocryptfs/issues/536
Fixes: https://github.com/rfjakob/gocryptfs/issues/536
|
|
With 1.0 seconds we see failures on Travis, example:
https://travis-ci.org/github/rfjakob/gocryptfs/builds/765648739
With 1.1 seconds it seems to always work.
|
|
|
|
Towards better test coverage of shared backing storage
mounts.
https://github.com/rfjakob/gocryptfs/issues/525
|
|
The inode number is not stable with `-sharedstorage`.
Ignore it.
Failure was like this:
--- FAIL: TestFallocate (0.02s)
helpers.go:229: Stat vs Fstat mismatch:
st= {59 11543 1 33188 1026 1026 0 0 0 4096 8 {1616315569 838232716} {1616315569 838232716} {1616315569 838232716} [0 0 0]}
st2={59 11545 1 33188 1026 1026 0 0 0 4096 8 {1616315569 838232716} {1616315569 838232716} {1616315569 838232716} [0 0 0]}
|
|
Currently fails like this:
=== RUN TestRmwRace
doRead 0: corrupt block #0: cipher: message authentication failed
-wpanic turns this warning into a panic: doRead 0: corrupt block #0: cipher: message authentication failed
panic: -wpanic turns this warning into a panic: doRead 0: corrupt block #0: cipher: message authentication failed
goroutine 1293 [running]:
log.(*Logger).Panic(0xc00011c230, 0xc0003b17c8, 0x1, 0x1)
log/log.go:224 +0xac
github.com/rfjakob/gocryptfs/internal/tlog.(*toggledLogger).Printf(0xc00007a780, 0x55a821a766a1, 0x20, 0xc0003b19f0, 0x3, 0x3)
github.com/rfjakob/gocryptfs/internal/tlog/log.go:78 +0x1ef
github.com/rfjakob/gocryptfs/internal/fusefrontend.(*File).doRead(0xc0001ff420, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x1, 0xc000880000, 0x1020)
github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:201 +0x8c9
github.com/rfjakob/gocryptfs/internal/fusefrontend.(*File).doWrite(0xc0001ff420, 0xc000248428, 0x10, 0x30, 0xff0, 0x3, 0x18)
github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:291 +0xc9e
github.com/rfjakob/gocryptfs/internal/fusefrontend.(*File).Write(0xc0001ff420, 0x55a821b306a0, 0xc000fbde90, 0xc000248428, 0x10, 0x30, 0xff0, 0x7f4a00000000, 0x0)
github.com/rfjakob/gocryptfs/internal/fusefrontend/file.go:378 +0x25e
github.com/hanwen/go-fuse/v2/fs.(*rawBridge).Write(0xc000168140, 0xc000096000, 0xc0002483d8, 0xc000248428, 0x10, 0x30, 0x55a821ad40e0)
github.com/hanwen/go-fuse/v2@v2.0.4-0.20210125162859-8e0bbdb16cb7/fs/bridge.go:819 +0x26d
github.com/hanwen/go-fuse/v2/fuse.doWrite(0xc000170160, 0xc000248240)
github.com/hanwen/go-fuse/v2@v2.0.4-0.20210125162859-8e0bbdb16cb7/fuse/opcode.go:191 +0x6f
github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0xc000170160, 0xc000248240, 0xc000000000)
github.com/hanwen/go-fuse/v2@v2.0.4-0.20210125162859-8e0bbdb16cb7/fuse/server.go:472 +0x2be
github.com/hanwen/go-fuse/v2/fuse.(*Server).loop(0xc000170160, 0xc000cd4101)
github.com/hanwen/go-fuse/v2@v2.0.4-0.20210125162859-8e0bbdb16cb7/fuse/server.go:445 +0x198
created by github.com/hanwen/go-fuse/v2/fuse.(*Server).readRequest
github.com/hanwen/go-fuse/v2@v2.0.4-0.20210125162859-8e0bbdb16cb7/fuse/server.go:312 +0x41d
matrix_test.go:354: Write failed
|
|
Allows to drop a few Mkdir()s.
|
|
Also fix incomplete uid restoration in TestSupplementaryGroups
and replace syscall.Setregid and friends with unix.Setregid and
friends.
This test is added to check if have problems handling a full disk.
The ticket https://github.com/rfjakob/gocryptfs/issues/550 states
that the full disk was not where the backing gocryptfs filesystem
was, but this has no effect on gocryptfs, so we test the harder
case.
|
|
Hard link tracking was not correctly disabled
since the migration to the go-fuse v2 api.
Add a test to ensure it stays off.
Fixes https://github.com/rfjakob/gocryptfs/issues/525
|
|
Pass through system.posix_acl_access and system.posix_acl_default
unencrypted to fix "cp -a" problems.
"cp -a" uses "setxattr" even to set normal permissions, see
https://www.spinics.net/lists/linux-nfs/msg63986.html .
Fixes https://github.com/rfjakob/gocryptfs/issues/543
|
|
The blob was truncated to 31 bytes.
|
|
world-readable
Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier
when mounting via fstab.
Having the files follow chmod/chown of their parent does not seem
to be worth the hassle. The content of the diriv files is not
secret, and both diriv and name files are protected by the
perms of the parent dir.
Fixes https://github.com/rfjakob/gocryptfs/issues/539
|
|
|