From 9e598b997613076f64d3e827757f4c9850441443 Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Sun, 29 Sep 2019 06:59:25 +0800 Subject: [PATCH 1/5] Update man-page --- doc/man/cryfs.1 | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/doc/man/cryfs.1 b/doc/man/cryfs.1 index ca4def8c..e72f1487 100644 --- a/doc/man/cryfs.1 +++ b/doc/man/cryfs.1 @@ -16,7 +16,6 @@ cryfs \- cryptographic filesystem for the cloud [\fB\-f\fR] [\fIoptions\fR] .I basedir mountpoint -[\fB\-\-\fR \fIfuse-options\fR] .br .\" show-ciphers syntax .B cryfs \-\-help\fR|\fB\-\-version\fR|\fB\-\-show-ciphers @@ -200,6 +199,28 @@ Unmount automatically after \fIarg\fR minutes of inactivity. . . . +.SH FUSE Options +. +.TP +\fB\-o\fR \fIoption\fR, \fB\-\-fuse\-option\fR \fIoption\fR +. +Pass through options to the FUSE filesystem driver. + +.TP +For example: +.TP +\fB\-o\fR \fIallow_other\fR +This option overrides the security measure restricting file +access to the filesystem owner, so that all users (including +root) can access the files. +.TP +\fB\-o\fR \fIallow_root\fR +This option is similar to allow_other but file access is +limited to the filesystem owner and root. This option and +allow_other are mutually exclusive. +. +. +. .SH ENVIRONMENT . .TP From b9be5e9c195831e91aeaf0f2c6ca61c774ec6c22 Mon Sep 17 00:00:00 2001 From: jolan78 Date: Wed, 25 Dec 2019 09:20:10 +0100 Subject: [PATCH 2/5] Mention MacPorts (#322) --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b0f4a684..1fc21889 100644 --- a/README.md +++ b/README.md @@ -17,10 +17,17 @@ You can also use CryFS on older versions of these distributions by following the OSX ---- -CryFS is distributed via Homebrew. Just do +CryFS is distributed via Homebrew and MacPorts. + +If you use Homebrew: brew cask install osxfuse brew install cryfs + +If you use MacPorts (not available for OSX 10.15 at the moment): + + port install cryfs + Windows (experimental) ---------------------- From 35b44d6e2179d04320c4862619789f2d93199118 Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Sun, 28 Jun 2020 10:04:12 -0700 Subject: [PATCH 3/5] In CMakeLists.txt, rename BUILD_TESTING to CRYPTOPP_BUILD_TESTING so it doesn't clash with our BUILD_TESTING --- vendor/README | 1 + vendor/cryptopp/CMakeLists.txt | 2 +- vendor/cryptopp/vendor_cryptopp/CMakeLists.txt | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/vendor/README b/vendor/README index ff1e0808..05989f34 100644 --- a/vendor/README +++ b/vendor/README @@ -5,3 +5,4 @@ spdlog: https://github.com/gabime/spdlog/tree/v0.16.3/include/spdlog cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_8_2_0 - changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/CRYPTOPP_8_2_0 - changed: commented out line including winapifamily.h in CMakeLists.txt + - changed: In CMakeLists.txt, rename BUILD_TESTING to CRYPTOPP_BUILD_TESTING so it doesn't clash with our BUILD_TESTING diff --git a/vendor/cryptopp/CMakeLists.txt b/vendor/cryptopp/CMakeLists.txt index ef7a3e10..c88d2845 100644 --- a/vendor/cryptopp/CMakeLists.txt +++ b/vendor/cryptopp/CMakeLists.txt @@ -80,7 +80,7 @@ else() endif() -set(BUILD_TESTING OFF CACHE BOOL "") +set(CRYPTOPP_BUILD_TESTING OFF CACHE BOOL "") set(BUILD_DOCUMENTATION OFF CACHE BOOL "") set(BUILD_SHARED OFF CACHE BOOL "") set(BUILD_STATIC ON CACHE BOOL "") diff --git a/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt b/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt index b80f624f..4cd0ae32 100644 --- a/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt +++ b/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt @@ -71,7 +71,7 @@ set(TEST_CXX_FILE ${TEST_PROG_DIR}/test_cxx.cxx) option(BUILD_STATIC "Build static library" ON) option(BUILD_SHARED "Build shared library" ON) -option(BUILD_TESTING "Build library tests" ON) +option(CRYPTOPP_BUILD_TESTING "Build library tests" ON) option(BUILD_DOCUMENTATION "Use Doxygen to create the HTML based API documentation" OFF) option(USE_INTERMEDIATE_OBJECTS_TARGET "Use a common intermediate objects target for the static and shared library targets" ON) @@ -1105,7 +1105,7 @@ endif () #============================================================================ enable_testing() -if (BUILD_TESTING) +if (CRYPTOPP_BUILD_TESTING) add_executable(cryptest ${cryptopp_SOURCES_TEST}) target_link_libraries(cryptest cryptopp-static) @@ -1186,7 +1186,7 @@ if (NOT CMAKE_VERSION VERSION_LESS 2.8.8) endif () # Tests -if (BUILD_TESTING) +if (CRYPTOPP_BUILD_TESTING) install(TARGETS cryptest DESTINATION ${CMAKE_INSTALL_BINDIR}) install(DIRECTORY ${SRC_DIR}/TestData DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) install(DIRECTORY ${SRC_DIR}/TestVectors DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) From 9cbc12fc57d7c70d69836801481ed3ee0d732d3f Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Sun, 23 Feb 2020 17:42:44 -0800 Subject: [PATCH 4/5] Fix bug where a comma in the base directory name would make the file system fail to mount, https://github.com/cryfs/cryfs/issues/326 --- .circleci/config.yml | 2 +- ChangeLog.txt | 5 +++++ src/fspp/fuse/Fuse.cpp | 5 ++++- test/cryfs-cli/CliTest_Setup.cpp | 12 +++++++++++- test/cryfs-cli/testutils/CliTest.h | 15 ++++++++++++--- 5 files changed, 33 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a06f7149..01f93bad 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -517,7 +517,7 @@ jobs: OMP_NUM_THREADS: "1" CXXFLAGS: "-O2 -fsanitize=thread -fno-omit-frame-pointer" BUILD_TYPE: "Debug" - GTEST_ARGS: "--gtest_filter=-LoggingTest.LoggingAlsoWorksAfterFork:AssertTest_*:BacktraceTest.*:SignalCatcherTest.*_thenDies:SignalHandlerTest.*_thenDies:SignalHandlerTest.givenMultipleSigIntHandlers_whenRaising_thenCatchesCorrectSignal:CliTest_Setup.*:CliTest_IntegrityCheck.*:*/CliTest_WrongEnvironment.*:CliTest_Unmount.*" + GTEST_ARGS: "--gtest_filter=-LoggingTest.LoggingAlsoWorksAfterFork:AssertTest_*:BacktraceTest.*:SignalCatcherTest.*_thenDies:SignalHandlerTest.*_thenDies:SignalHandlerTest.givenMultipleSigIntHandlers_whenRaising_thenCatchesCorrectSignal:CliTest_Setup.*:CliTest_IntegrityCheck.*:*/CliTest_WrongEnvironment.*:CliTest_Unmount.*:CliTest.WorksWithCommasInBasedir" CMAKE_FLAGS: "" RUN_TESTS: true clang_tidy: diff --git a/ChangeLog.txt b/ChangeLog.txt index 8b607902..f0b72c49 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,8 @@ +Version 0.10.3 (unreleased) +--------------- +Fixed bugs: +* A comma in the base directory name would make the file system fail to mount, https://github.com/cryfs/cryfs/issues/326 + Version 0.10.2 --------------- Fixed bugs: diff --git a/src/fspp/fuse/Fuse.cpp b/src/fspp/fuse/Fuse.cpp index 52cd5644..6a65ff94 100644 --- a/src/fspp/fuse/Fuse.cpp +++ b/src/fspp/fuse/Fuse.cpp @@ -12,6 +12,7 @@ #include #include "InvalidFilesystem.h" #include +#include #if defined(_MSC_VER) #include @@ -290,7 +291,9 @@ vector Fuse::_build_argv(const bf::path &mountdir, const vector argv.push_back(_create_c_string(option)); } _add_fuse_option_if_not_exists(&argv, "subtype", _fstype); - _add_fuse_option_if_not_exists(&argv, "fsname", _fsname.get_value_or(_fstype)); + auto fsname = _fsname.get_value_or(_fstype); + boost::replace_all(fsname, ",", "\\,"); // Avoid fuse options parser bug where a comma in the fsname is misinterpreted as an options delimiter, see https://github.com/cryfs/cryfs/issues/326 + _add_fuse_option_if_not_exists(&argv, "fsname", fsname); #ifdef __APPLE__ // Make volume name default to mountdir on macOS _add_fuse_option_if_not_exists(&argv, "volname", mountdir.filename().string()); diff --git a/test/cryfs-cli/CliTest_Setup.cpp b/test/cryfs-cli/CliTest_Setup.cpp index 720ee4f7..17891c8f 100644 --- a/test/cryfs-cli/CliTest_Setup.cpp +++ b/test/cryfs-cli/CliTest_Setup.cpp @@ -2,6 +2,8 @@ using cpputils::TempFile; +namespace bf = boost::filesystem; + //Tests that cryfs is correctly setup according to the CLI parameters specified using CliTest_Setup = CliTest; @@ -36,4 +38,12 @@ TEST_F(CliTest_Setup, FuseOptionGiven) { //Specify --cipher parameter to make it non-interactive //TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that EXPECT_RUN_SUCCESS({basedir.string().c_str(), mountdir.string().c_str(), "-f", "--cipher", "aes-256-gcm", "--", "-f"}, mountdir); -} \ No newline at end of file +} + +TEST_F(CliTest, WorksWithCommasInBasedir) { + // This test makes sure we don't regress on https://github.com/cryfs/cryfs/issues/326 + //TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that + auto basedir_ = basedir / "pathname,with,commas"; + bf::create_directory(basedir_); + EXPECT_RUN_SUCCESS({basedir_.string().c_str(), mountdir.string().c_str(), "-f"}, mountdir); +} diff --git a/test/cryfs-cli/testutils/CliTest.h b/test/cryfs-cli/testutils/CliTest.h index 6c1f2a54..4aa478eb 100644 --- a/test/cryfs-cli/testutils/CliTest.h +++ b/test/cryfs-cli/testutils/CliTest.h @@ -75,12 +75,21 @@ public: //TODO Make this work when run in background ASSERT(std::find(args.begin(), args.end(), string("-f")) != args.end(), "Currently only works if run in foreground"); - FilesystemOutput filesystem_output = run_filesystem(args, mountDir, std::move(onMounted)); + bool successfully_mounted = false; + + FilesystemOutput filesystem_output = run_filesystem(args, mountDir, [&] { + successfully_mounted = true; + onMounted(); + }); EXPECT_EQ(0, filesystem_output.exit_code); if (!std::regex_search(filesystem_output.stdout_, std::regex("Mounting filesystem"))) { - std::cerr << filesystem_output.stdout_ << std::endl; - EXPECT_TRUE(false); + std::cerr << "STDOUT:\n" << filesystem_output.stdout_ << "STDERR:\n" << filesystem_output.stderr_ << std::endl; + EXPECT_TRUE(false) << "Filesystem did not output the 'Mounting filesystem' message, probably wasn't successfully mounted."; + } + + if (!successfully_mounted) { + EXPECT_TRUE(false) << "Filesystem did not call onMounted callback, probably wasn't successfully mounted."; } } From e27d63f908c5030946d2f4302cbabf06077bd845 Mon Sep 17 00:00:00 2001 From: Sebastian Messmer Date: Fri, 10 Jul 2020 17:48:28 -0700 Subject: [PATCH 5/5] Add .vs and .vscode to .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 98e02652..971429ed 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,8 @@ umltest.status /cmake-build-* /.idea *~ +/.vs +/.vscode src/gitversion/*.pyc src/gitversion/__pycache__