From db1824a23ac8e47cda714796e55cf6927b0cbecc Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 28 Sep 2021 17:45:26 +0200 Subject: [PATCH 1/9] cryptocore: disentangle algorithm / library implementation name Used in gocryptfs-xray, and will also be used in -info. --- gocryptfs-xray/xray_main.go | 2 +- gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt | 2 +- gocryptfs-xray/xray_tests/aessiv_fs.xray.txt | 2 +- internal/cryptocore/cryptocore.go | 24 +++++++++++++------- internal/speed/speed.go | 10 ++++---- 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/gocryptfs-xray/xray_main.go b/gocryptfs-xray/xray_main.go index 8abd008..35f409f 100644 --- a/gocryptfs-xray/xray_main.go +++ b/gocryptfs-xray/xray_main.go @@ -39,7 +39,7 @@ func errExit(err error) { func prettyPrintHeader(h *contentenc.FileHeader, algo cryptocore.AEADTypeEnum) { id := hex.EncodeToString(h.ID) - fmt.Printf("Header: Version: %d, Id: %s, assuming %s mode\n", h.Version, id, algo.Name) + fmt.Printf("Header: Version: %d, Id: %s, assuming %s mode\n", h.Version, id, algo.Algo) } // printVersion prints a version string like this: diff --git a/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt b/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt index 386095c..a761264 100644 --- a/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt +++ b/gocryptfs-xray/xray_tests/aesgcm_fs.xray.txt @@ -1,3 +1,3 @@ -Header: Version: 2, Id: 8932adf303fe0289679d47fa84d2b241, assuming AES-GCM-256-Go mode +Header: Version: 2, Id: 8932adf303fe0289679d47fa84d2b241, assuming AES-GCM-256 mode Block 0: IV: c8536b4bfd92f5dc3c1e2ac29f116d4a, Tag: 22b20422749b2f4bba67ec7d3bb1ac34, Offset: 18 Len: 4128 Block 1: IV: 2de68f4965779bb137ef2b3c20453556, Tag: 3e8758d6872234b1fffab2504e623467, Offset: 4146 Len: 936 diff --git a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt index 481b22a..e2ecb33 100644 --- a/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt +++ b/gocryptfs-xray/xray_tests/aessiv_fs.xray.txt @@ -1,3 +1,3 @@ -Header: Version: 2, Id: d839806747918e345633fcdd0988e67c, assuming AES-SIV-512-Go mode +Header: Version: 2, Id: d839806747918e345633fcdd0988e67c, assuming AES-SIV-512 mode Block 0: IV: 1d3ce2b13260f83766ccf9a670478a4b, Tag: 0b6f95bd523b4c93704e15ecc6bef8e7, Offset: 18 Len: 4128 Block 1: IV: 7eb947d2adf18adf3bed39bbc8052968, Tag: 1a272903e5a987f53f07344840387c20, Offset: 4146 Len: 936 diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 48386f8..36c9d93 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -28,28 +28,36 @@ const ( // AEADTypeEnum indicates the type of AEAD backend in use. type AEADTypeEnum struct { - Name string + // Algo is the encryption algorithm. Example: "AES-GCM-256" + Algo string + // Lib is the library where Algo is implemented. Either "Go" or "OpenSSL". + Lib string NonceSize int } +// String returns something like "AES-GCM-256-OpenSSL" +func (a AEADTypeEnum) String() string { + return a.Algo + "-" + a.Lib +} + // BackendOpenSSL specifies the OpenSSL AES-256-GCM backend. // "AES-GCM-256-OpenSSL" in gocryptfs -speed. -var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-OpenSSL", 16} +var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} // BackendGoGCM specifies the Go based AES-256-GCM backend. // "AES-GCM-256-Go" in gocryptfs -speed. -var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256-Go", 16} +var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16} // BackendAESSIV specifies an AESSIV backend. // "AES-SIV-512-Go" in gocryptfs -speed. -var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512-Go", siv_aead.NonceSize} +var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} // BackendXChaCha20Poly1305 specifies XChaCha20-Poly1305-Go. // "XChaCha20-Poly1305-Go" in gocryptfs -speed. -var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-Go", chacha20poly1305.NonceSizeX} +var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} // BackendXChaCha20Poly1305OpenSSL specifies XChaCha20-Poly1305-OpenSSL. -var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305-OpenSSL", chacha20poly1305.NonceSizeX} +var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} // CryptoCore is the low level crypto implementation. type CryptoCore struct { @@ -176,7 +184,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoC log.Panic(err) } } else { - log.Panicf("unknown cipher backend %q", aeadType.Name) + log.Panicf("unknown cipher backend %q", aeadType) } if aeadCipher.NonceSize()*8 != IVBitLen { @@ -205,7 +213,7 @@ type wiper interface { func (c *CryptoCore) Wipe() { be := c.AEADBackend if be == BackendOpenSSL || be == BackendAESSIV { - tlog.Debug.Printf("CryptoCore.Wipe: Wiping AEADBackend %s key", be.Name) + tlog.Debug.Printf("CryptoCore.Wipe: Wiping AEADBackend %q key", be) // We don't use "x, ok :=" because we *want* to crash loudly if the // type assertion fails. w := c.AEADCipher.(wiper) diff --git a/internal/speed/speed.go b/internal/speed/speed.go index 0b1a51a..aef3ad6 100644 --- a/internal/speed/speed.go +++ b/internal/speed/speed.go @@ -42,11 +42,11 @@ func Run() { f func(*testing.B) preferred bool }{ - {name: cryptocore.BackendOpenSSL.Name, f: bStupidGCM, preferred: stupidgcm.PreferOpenSSLAES256GCM()}, - {name: cryptocore.BackendGoGCM.Name, f: bGoGCM, preferred: !stupidgcm.PreferOpenSSLAES256GCM()}, - {name: cryptocore.BackendAESSIV.Name, f: bAESSIV, preferred: false}, - {name: cryptocore.BackendXChaCha20Poly1305OpenSSL.Name, f: bStupidXchacha, preferred: stupidgcm.PreferOpenSSLXchacha20poly1305()}, - {name: cryptocore.BackendXChaCha20Poly1305.Name, f: bXchacha20poly1305, preferred: !stupidgcm.PreferOpenSSLXchacha20poly1305()}, + {name: cryptocore.BackendOpenSSL.String(), f: bStupidGCM, preferred: stupidgcm.PreferOpenSSLAES256GCM()}, + {name: cryptocore.BackendGoGCM.String(), f: bGoGCM, preferred: !stupidgcm.PreferOpenSSLAES256GCM()}, + {name: cryptocore.BackendAESSIV.String(), f: bAESSIV, preferred: false}, + {name: cryptocore.BackendXChaCha20Poly1305OpenSSL.String(), f: bStupidXchacha, preferred: stupidgcm.PreferOpenSSLXchacha20poly1305()}, + {name: cryptocore.BackendXChaCha20Poly1305.String(), f: bXchacha20poly1305, preferred: !stupidgcm.PreferOpenSSLXchacha20poly1305()}, } for _, b := range bTable { fmt.Printf("%-26s\t", b.name) From c8996d2664d7d1cbce310db3425cc15c9ad26b08 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 28 Sep 2021 17:52:21 +0200 Subject: [PATCH 2/9] -info: add contentEncryption Example: $ ./gocryptfs -info ./tests/example_filesystems/v2.2-xchacha/ Creator: gocryptfs v2.1-27-gabaa129-dirty.xchacha FeatureFlags: HKDF XChaCha20Poly1305 DirIV EMENames LongNames Raw64 EncryptedKey: 64B ScryptObject: Salt=32B N=1024 R=8 P=1 KeyLen=32 contentEncryption: XChaCha20-Poly1305 --- info.go | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) diff --git a/info.go b/info.go index f571420..1ac9034 100644 --- a/info.go +++ b/info.go @@ -1,44 +1,30 @@ package main import ( - "encoding/json" "fmt" - "io/ioutil" "os" "strings" "github.com/rfjakob/gocryptfs/v2/internal/configfile" - "github.com/rfjakob/gocryptfs/v2/internal/contentenc" "github.com/rfjakob/gocryptfs/v2/internal/exitcodes" - "github.com/rfjakob/gocryptfs/v2/internal/tlog" ) // info pretty-prints the contents of the config file at "filename" for human // consumption, stripping out sensitive data. // This is called when you pass the "-info" option. func info(filename string) { - // Read from disk - js, err := ioutil.ReadFile(filename) + cf, err := configfile.Load(filename) if err != nil { - tlog.Fatal.Printf("Reading config file failed: %v", err) + fmt.Printf("Loading config file failed: %v\n", err) os.Exit(exitcodes.LoadConf) } - // Unmarshal - var cf configfile.ConfFile - err = json.Unmarshal(js, &cf) - if err != nil { - tlog.Fatal.Printf("Failed to unmarshal config file") - os.Exit(exitcodes.LoadConf) - } - if cf.Version != contentenc.CurrentVersion { - tlog.Fatal.Printf("Unsupported on-disk format %d", cf.Version) - os.Exit(exitcodes.LoadConf) - } - // Pretty-print - fmt.Printf("Creator: %s\n", cf.Creator) - fmt.Printf("FeatureFlags: %s\n", strings.Join(cf.FeatureFlags, " ")) - fmt.Printf("EncryptedKey: %dB\n", len(cf.EncryptedKey)) s := cf.ScryptObject - fmt.Printf("ScryptObject: Salt=%dB N=%d R=%d P=%d KeyLen=%d\n", + algo, _ := cf.ContentEncryption() + // Pretty-print + fmt.Printf("Creator: %s\n", cf.Creator) + fmt.Printf("FeatureFlags: %s\n", strings.Join(cf.FeatureFlags, " ")) + fmt.Printf("EncryptedKey: %dB\n", len(cf.EncryptedKey)) + fmt.Printf("ScryptObject: Salt=%dB N=%d R=%d P=%d KeyLen=%d\n", len(s.Salt), s.N, s.R, s.P, s.KeyLen) + fmt.Printf("contentEncryption: %s\n", algo.Algo) // lowercase because not in JSON } From e8e35982845f36e714b915350eaf6855487aa0e8 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 28 Sep 2021 17:43:36 +0200 Subject: [PATCH 3/9] -init: suggest xchacha if we don't have AES accel Example on Raspberry Pi 4: $ ./gocryptfs/gocryptfs -init $(mktemp -d) Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance. Choose a password for protecting your files. Password: https://github.com/rfjakob/gocryptfs/issues/607 --- init_dir.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/init_dir.go b/init_dir.go index 00fb390..ab4c3df 100644 --- a/init_dir.go +++ b/init_dir.go @@ -14,6 +14,7 @@ import ( "github.com/rfjakob/gocryptfs/v2/internal/fido2" "github.com/rfjakob/gocryptfs/v2/internal/nametransform" "github.com/rfjakob/gocryptfs/v2/internal/readpassword" + "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm" "github.com/rfjakob/gocryptfs/v2/internal/syscallcompat" "github.com/rfjakob/gocryptfs/v2/internal/tlog" ) @@ -67,6 +68,11 @@ func initDir(args *argContainer) { tlog.Fatal.Printf("Invalid cipherdir: %v", err) os.Exit(exitcodes.CipherDir) } + if !args.xchacha && !stupidgcm.CpuHasAES() { + tlog.Info.Printf(tlog.ColorYellow + + "Notice: Your CPU does not have AES acceleration. Consider using -xchacha for better performance." + + tlog.ColorReset) + } } // Choose password for config file if len(args.extpass) == 0 && args.fido2 == "" { From 5406284b9b02c4115d6d351214039b9825618771 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 29 Jul 2021 19:42:52 +0200 Subject: [PATCH 4/9] build.bash: also try BSD date syntax for converting SOURCE_DATE_EPOCH GNU date syntax does not work on macos. Fixes https://github.com/rfjakob/gocryptfs/issues/570 --- build.bash | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/build.bash b/build.bash index fd2da6c..5e95c3e 100755 --- a/build.bash +++ b/build.bash @@ -12,6 +12,9 @@ cd "$(dirname "$0")" +# $0 does not work because we may have been sourced +MYNAME=build.bash + # Make sure we have the go binary go version > /dev/null @@ -28,7 +31,7 @@ if [[ -d .git ]] ; then elif [[ -f VERSION ]] ; then GITVERSION=$(cat VERSION) else - echo "Warning: could not determine gocryptfs version" + echo "$MYNAME: warning: could not determine gocryptfs version" GITVERSION="[unknown]" fi @@ -42,7 +45,7 @@ else if [[ $FAIL -eq 0 ]]; then GITVERSIONFUSE=$OUT else - echo "Warning: could not determine go-fuse version" + echo "$MYNAME: warning: could not determine go-fuse version" GITVERSIONFUSE="[unknown]" fi fi @@ -56,7 +59,10 @@ fi # If SOURCE_DATE_EPOCH is set, it overrides BUILDDATE. This is the # standard environment variable for faking the date in reproducible builds. if [[ -n ${SOURCE_DATE_EPOCH:-} ]] ; then - BUILDDATE=$(date --utc --date="@${SOURCE_DATE_EPOCH}" +%Y-%m-%d) + if ! BUILDDATE=$(date -u --date="@${SOURCE_DATE_EPOCH}" +%Y-%m-%d) ; then + echo "$MYNAME: info: retrying with BSD date syntax..." + BUILDDATE=$(date -u -r "$SOURCE_DATE_EPOCH" +%Y-%m-%d) + fi fi # Only set GOFLAGS if it is not already set by the user From 75cace05684df3afa1f2519ec59f73fcdfac25f5 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Tue, 28 Sep 2021 18:35:37 +0200 Subject: [PATCH 5/9] cryptocore: simplify declarations Reported by codacity: internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendAESSIV; it will be inferred from the right-hand side var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305; it will be inferred from the right-hand side var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendXChaCha20Poly1305OpenSSL; it will be inferred from the right-hand side var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} Found 2 possible new issues internal/cryptocore/cryptocore.go Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendOpenSSL; it will be inferred from the right-hand side var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} Minor icon MINOR Code Style should omit type AEADTypeEnum from declaration of var BackendGoGCM; it will be inferred from the right-hand side var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16} --- internal/cryptocore/cryptocore.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 36c9d93..72c9c23 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -42,22 +42,22 @@ func (a AEADTypeEnum) String() string { // BackendOpenSSL specifies the OpenSSL AES-256-GCM backend. // "AES-GCM-256-OpenSSL" in gocryptfs -speed. -var BackendOpenSSL AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} +var BackendOpenSSL = AEADTypeEnum{"AES-GCM-256", "OpenSSL", 16} // BackendGoGCM specifies the Go based AES-256-GCM backend. // "AES-GCM-256-Go" in gocryptfs -speed. -var BackendGoGCM AEADTypeEnum = AEADTypeEnum{"AES-GCM-256", "Go", 16} +var BackendGoGCM = AEADTypeEnum{"AES-GCM-256", "Go", 16} // BackendAESSIV specifies an AESSIV backend. // "AES-SIV-512-Go" in gocryptfs -speed. -var BackendAESSIV AEADTypeEnum = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} +var BackendAESSIV = AEADTypeEnum{"AES-SIV-512", "Go", siv_aead.NonceSize} // BackendXChaCha20Poly1305 specifies XChaCha20-Poly1305-Go. // "XChaCha20-Poly1305-Go" in gocryptfs -speed. -var BackendXChaCha20Poly1305 AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} +var BackendXChaCha20Poly1305 = AEADTypeEnum{"XChaCha20-Poly1305", "Go", chacha20poly1305.NonceSizeX} // BackendXChaCha20Poly1305OpenSSL specifies XChaCha20-Poly1305-OpenSSL. -var BackendXChaCha20Poly1305OpenSSL AEADTypeEnum = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} +var BackendXChaCha20Poly1305OpenSSL = AEADTypeEnum{"XChaCha20-Poly1305", "OpenSSL", chacha20poly1305.NonceSizeX} // CryptoCore is the low level crypto implementation. type CryptoCore struct { From 3b881b01744992da138f7f72390776c65782bcc2 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 15 Oct 2021 17:29:03 +0200 Subject: [PATCH 6/9] tests: add TestForceOwner https://github.com/rfjakob/gocryptfs/issues/609 https://github.com/rfjakob/gocryptfs/pull/610 --- tests/defaults/main_test.go | 66 +++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/tests/defaults/main_test.go b/tests/defaults/main_test.go index 0045981..5310003 100644 --- a/tests/defaults/main_test.go +++ b/tests/defaults/main_test.go @@ -425,3 +425,69 @@ func TestFsync(t *testing.T) { t.Fatal(err) } } + +// force_owner was broken by the v2.0 rewrite: +// The owner was only forced for GETATTR, but not for CREATE or LOOKUP. +// +// https://github.com/rfjakob/gocryptfs/issues/609 +// https://github.com/rfjakob/gocryptfs/pull/610 +func TestForceOwner(t *testing.T) { + cDir := test_helpers.InitFS(t) + os.Chmod(cDir, 0777) // Mount needs to be accessible for us + pDir := cDir + ".mnt" + test_helpers.MountOrFatal(t, cDir, pDir, "-force_owner=1234:1234", "-extpass=echo test") + defer test_helpers.UnmountPanic(pDir) + + // We need an unrestricted umask + oldmask := syscall.Umask(0) + defer syscall.Umask(oldmask) + + foo := pDir + "/foo" + + // In the answer to a FUSE CREATE, gocryptfs sends file information including + // the owner. This is cached by the kernel and will be used for the next + // stat() call. + fd, err := syscall.Creat(foo, 0666) + if err != nil { + t.Fatal(err) + } + syscall.Close(fd) + + var st syscall.Stat_t + if err := syscall.Stat(foo, &st); err != nil { + t.Fatal(err) + } + if st.Uid != 1234 || st.Gid != 1234 { + t.Errorf("CREATE returned uid or gid != 1234: %#v", st) + } + + // We can clear the kernel stat() cache by writing to the file + fd, err = syscall.Open(foo, syscall.O_WRONLY, 0) + if err != nil { + t.Fatal(err) + } + if _, err := syscall.Write(fd, []byte("hello world")); err != nil { + t.Fatal(err) + } + syscall.Close(fd) + + // This stat() triggers a new GETATTR + if err := syscall.Stat(foo, &st); err != nil { + t.Fatal(err) + } + if st.Uid != 1234 || st.Gid != 1234 { + t.Errorf("GETATTR returned uid or gid != 1234: %#v", st) + } + + // Remount to clear cache + test_helpers.UnmountPanic(pDir) + test_helpers.MountOrFatal(t, cDir, pDir, "-force_owner=1234:1234", "-extpass=echo test") + + // This stat() triggers a new LOOKUP + if err := syscall.Stat(foo, &st); err != nil { + t.Fatal(err) + } + if st.Uid != 1234 || st.Gid != 1234 { + t.Errorf("LOOKUP returned uid or gid != 1234: %#v", st) + } +} From 8ec872e330985a2de87c3b15d6c49ab9e3281573 Mon Sep 17 00:00:00 2001 From: Charles Duffy Date: Fri, 8 Oct 2021 20:54:41 +0000 Subject: [PATCH 7/9] fusefrontend: honor ForceOwner for LOOKUP and CREATE operations --- internal/fusefrontend/node.go | 4 ++++ internal/fusefrontend/node_open_create.go | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/internal/fusefrontend/node.go b/internal/fusefrontend/node.go index 99d337f..182cda5 100644 --- a/internal/fusefrontend/node.go +++ b/internal/fusefrontend/node.go @@ -41,6 +41,10 @@ func (n *Node) Lookup(ctx context.Context, name string, out *fuse.EntryOut) (ch n.translateSize(dirfd, cName, &out.Attr) rn := n.rootNode() + if rn.args.ForceOwner != nil { + out.Owner = *rn.args.ForceOwner + } + if rn.args.SharedStorage { // If we already have a child node that matches what we found on disk* // (as reflected in `ch`), return it here. diff --git a/internal/fusefrontend/node_open_create.go b/internal/fusefrontend/node_open_create.go index eb45fb4..9598559 100644 --- a/internal/fusefrontend/node_open_create.go +++ b/internal/fusefrontend/node_open_create.go @@ -103,6 +103,12 @@ func (n *Node) Create(ctx context.Context, name string, flags uint32, mode uint3 if errno != 0 { return } + inode = n.newChild(ctx, st, out) + + if rn.args.ForceOwner != nil { + out.Owner = *rn.args.ForceOwner + } + return inode, fh, fuseFlags, errno } From b0bddc5ed07d7c2f8f1e64a1cc6ea5d0543dd7fa Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Fri, 15 Oct 2021 21:59:12 +0200 Subject: [PATCH 8/9] github actions: fix allow_other failure Jobs currently fail like this: /usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf fs.Mount failed: fusermount exited with code 256 --- FAIL: TestForceOwner (0.05s) main_test.go:438: mount failed: exit status 19 FAIL FAIL github.com/rfjakob/gocryptfs/v2/tests/defaults 1.584s --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 57c9752..c91ffa2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,6 +36,9 @@ jobs: # CI platform specific setup steps happen here - run: sudo apt-get install -qq fuse3 libssl-dev + # Fix "/usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf" + - run: echo user_allow_other | sudo tee -a /etc/fuse.conf + # Build & upload static binary - run: ./build-without-openssl.bash - uses: actions/upload-artifact@v2 From 4ba0ced3c704c1cc8696ea76d96822efdd1c7157 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Wed, 20 Oct 2021 15:16:31 +0200 Subject: [PATCH 9/9] README: update changelog for v2.2.1 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9bc33ec..1a02857 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,14 @@ RM: 2,367 Changelog --------- +#### v2.2.1, 2021-10-20 +* Fix `-force_owner` only taking effect after 2 seconds ([#609](https://github.com/rfjakob/gocryptfs/issues/609)). + This was a regression introduced in v2.0. +* MacOS: Fix build.bash failure with error `date: illegal option -- -` when `SOURCE_DATE_EPOCH` is set + ([#570](https://github.com/rfjakob/gocryptfs/issues/570)) +* `-init`: suggest xchacha on CPUs without AES acceleration ([commit](https://github.com/rfjakob/gocryptfs/commit/e8e35982845f36e714b915350eaf6855487aa0e8)) +* `-info`: add contentEncryption to output + #### v2.2.0, 2021-09-25 * **`-deterministic-names`: new option for `-init`**, both for reverse and forward mode. Disables file name randomisation & `gocryptfs.diriv` files